Trust-systems' sFE (Secure File Encrypter)

Description

sFE is a encryption utility designed for secure file and directory encryption. This tool employs multiple layers of encryption, secure key management, and memory protection to provide high-assurance data confidentiality.

Version

Version 1.8

Security Specifications

Grade Level: Enterprise-grade Security

• Encryption Algorithms:
  • ChaCha20Poly1305 AEAD for content encryption
  • RSA-4096 for asymmetric key protection
  • Argon2id for key derivation (memory-hard function)

Security Diagnostics

• Memory Security: Implements memory locking to prevent sensitive data from being swapped to disk
• Key Derivation: Uses Argon2id with 1GB memory cost, time cost of 4, and 8 threads
• Key Storage: Keys encrypted and stored with ChaCha20Poly1305 in a protected directory
• File Integrity: Uses authenticated encryption to prevent tampering
• Secure Wiping: Multi-pass secure deletion with zeros, ones, and random data
• Permissions: Appropriate file system permissions on both Windows and Unix systems
• Atomic Operations: Uses atomic file operations to prevent corruption during encryption/decryption

How to Use

Basic Usage

# Install requirements
sudo apt update
pip3 install -r requirements.txt

# Encrypt a file
sudo python3 sFE.py encrypt /path/to/file --password your_password

# Decrypt a file
sudo python3 sFE.py decrypt /path/to/file.encrypted --password your_password

# Encrypt a directory
sudo python3 sFE.py encrypt /path/to/directory --password your_password

# Decrypt a directory
sudo python3 sFE.py decrypt /path/to/directory_encrypted --password your_password

# Encrypt and securely wipe the original
sudo python3 sFE.py encrypt /path/to/file --password your_password --wipe

Password Handling

If you omit the --password argument, the program will prompt for the password without displaying it on screen.

Function Rundown

Core Functions

• File Encryption: Encrypts individual files with unique encryption keys
• File Decryption: Decrypts previously encrypted files with the correct password
• Directory Encryption: Recursively encrypts directories while preserving structure
• Directory Decryption: Restores encrypted directories to their original state
• Secure Wiping: Performs secure deletion of original files after encryption (optional)

Security Features

• Secure Key Storage: Encrypted storage of RSA private keys
• Key Derivation: Password-based key derivation using Argon2id
• Compression: LZMA compression before encryption for additional security
• Access Control: OS-specific ACL controls for encrypted files
• Logging: Secure logging of encryption/decryption operations
• Environment Checks: System security environment verification

Advanced Features

• Metadata Management: Secure handling of file and directory metadata
• Cross-Platform: Works on Windows, Linux, and macOS with appropriate security measures
• Error Handling: Comprehensive security-focused error management

Security Notes

• The encryption strength relies on the complexity of your password
• The tool creates a .secure_ directory in your home folder for keys and logs
• Administrator/root privileges may be required for certain operations
• Memory locking might require appropriate system configurations

License

This project is licensed under [Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International] using CSPcript's licence repo – see CPScript/Legal for details.