Safe - Enterprise Encryption Suite
Safe is a professional-grade encryption application that implements military-grade cryptography with enforced security best practices. It combines modern cryptographic standards with an intuitive graphical interface to provide enterprise-level data protection.
Key Security Features Military-Grade Cryptography RSA-3072: 128-bit security for key encapsulation
ECC secp521r1: 256-bit security for key exchange
AES-256-GCM: Authenticated encryption for data protection
Enforced Security Policies Strong Passphrases: 15+ characters with uppercase, lowercase, numbers, and special symbols required
Key Rotation: Automatic 90-day rotation with visual expiration warnings
Identity Verification: Mandatory fingerprint verification before encryption
Secure Key Management PBKDF2-HMAC-SHA256: 600,000 iterations for key derivation
Encrypted Key Storage: Proprietary .ekey format for private keys
Storage Recommendations: Guidance for encrypted drive usage
Performance Optimizations Large File Support: Chunked processing (64KB chunks)
Memory Efficiency: Minimal resource consumption
Progress Tracking: Visual indicators for long operations
Security Architecture Diagram Code graph TD A[User Data] --> B[Identity Verification] B --> C[Secure Key Exchange] C --> D[Hybrid Encryption] D --> E[Encrypted Output]
D --> F[Ephemeral ECDH]
D --> G[RSA Key Encapsulation]
D --> H[AES-GCM Encryption]
I[Key Rotation] --> J[Automatic Expiration]
I --> K[Security Warnings]
L[Key Storage] --> M[Encrypted Drives]
L --> N[PBKDF2 Protection]
Installation Prerequisites Python 3.7+
pip package manager
Installation Steps Install Python:
Download from python.org
During installation, check "Add Python to PATH"
Install Required Packages:
bash pip install pyqt5 cryptography Download Safe:
bash git clone https://github.com/Basty-devel/safe.git cd safe Windows Troubleshooting If encountering "Python not found" errors:
Open Settings > Apps > Apps & features
Click "App execution aliases"
Disable aliases for:
python.exe
python3.exe
Usage bash python safe.py Key Management Workflow Navigate to "Key Management" tab
Enter strong passphrase (15+ characters with mixed character types)
Configure key rotation schedule
Generate ECC and RSA key pairs
Save keys to encrypted drive
Encryption Workflow Select "Encryption" tab
Choose input (text or file)
Load recipient's public keys
Verify identity through key fingerprints
Encrypt and save output (.enc file)
Decryption Workflow Select "Decryption" tab
Load encrypted file (.enc)
Load your private keys (.ekey)
Enter passphrase
Decrypt and save output
Security Best Practices Key Management ๐ Strong Passphrases: 15+ characters with uppercase, lowercase, numbers, and special symbols
โ๏ธ Key Rotation: Automatic 90-day rotation with visual expiration warnings
๐พ Encrypted Storage: Private keys stored on encrypted drives only
๐ Key Separation: Different keys for different purposes
Operational Security โ Identity Verification: Mandatory fingerprint verification before encryption
๐ Secure Channels: Use Signal, PGP-encrypted email, or secure messengers for key exchange
๐ต๏ธ Audit Trail: Key generation and expiration tracking
๐งน Memory Hygiene: Sensitive data cleared from memory after use
Technical Specifications Component Specification Security Level Compliance Key Encapsulation RSA-3072 with OAEP-SHA256 128-bit NIST SP 800-56B Key Exchange ECDH with secp521r1 256-bit NIST FIPS 186-4 Key Derivation HKDF-SHA256 256-bit RFC 5869 Data Encryption AES-256-GCM 256-bit NIST FIPS 197 Key Storage PBKDF2-HMAC-SHA256 (600K iters) 256-bit NIST SP 800-132 Passphrase Policy 15+ chars, mixed characters - OWASP ASVS 4.0 Threat Mitigation Threat Vector Safe Protection Weak Passphrases Enforced complexity requirements Key Compromise 90-day automatic rotation MITM Attacks Mandatory identity verification Brute Force Attacks 600K iteration PBKDF2 derivation Data Tampering AES-GCM authentication tags Key Exposure Encrypted drive requirements Support Community Support GitHub Issues: https://github.com/Basty-devel/safe/issues
Professional Support For enterprise deployments and custom implementations, contact: [email protected]
License Safe is licensed under the MIT License - see LICENSE for details.
Commercial Use Requirements:
Security audit for deployment in regulated environments
Compliance validation for financial or healthcare applications
Enterprise support subscription for production systems
Compliance Safe implements cryptographic algorithms that comply with:
NIST FIPS 186-5 (Digital Signature Standard)
NIST SP 800-56A (Key Establishment)
NIST SP 800-131A (Transitioning Cryptographic Algorithms)
RFC 7748 (Elliptic Curves for Security)
RFC 7518 (JSON Web Algorithms)
Security Disclaimer: While Safe implements industry-standard cryptography, proper operational security practices are essential for maximum protection. Always:
Store private keys on encrypted drives
Verify recipient identities through secure channels
Rotate encryption keys every 90 days
Use 15+ character passphrases with mixed characters
Conduct regular security audits for critical deployments
For high-security environments, we recommend supplementing Safe with Hardware Security Modules (HSMs) and multi-factor authentication systems.