Skip to content

Secure File Encryptor/Decryptor - Release Notes 🚀 v2.0 - Security Enhanced Release

Latest
Latest

Choose a tag to compare

View all tags
@logand166 logand166 released this 18 Apr 11:10
· 3 commits to main since this release
v2.0.0
234b7a5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🔒 About the Project

Secure File Encryptor/Decryptor is a robust Python application designed to securely encrypt and decrypt files using AES-256-GCM, a military-grade encryption standard. The tool now features critical security fixes and enhancements to ensure maximum protection for your sensitive data.
✨ Key Features:

🔐 Military-Grade Encryption

Uses AES-256-GCM with PBKDF2HMAC-SHA256 for key derivation (600,000 iterations).

Unique nonce per chunk to prevent cryptographic vulnerabilities.

Chunk sequence validation to detect tampering or corruption.

🛡️ Security Fixes in v2.0

✅ Fixed Nonce Reuse Vulnerability – Each encryption chunk now uses a unique nonce.
✅ Chunk Integrity Protection – Added additional_data to bind chunks to their sequence.
✅ Secure File Handling – Temp files are wiped if operations fail.

📁 File Management:
Supports files up to 10GB.

Optional secure deletion of original files after encryption/decryption.

Automatic naming for decrypted files (.decrypted suffix).

🔎 Password Security

User Control Features:

Optional Original File Deletion - Secure workflow integration

Password Visibility Toggle - Eye icon for password confirmation

Real-time Password Strength Meter - Color-coded strength indicator:

🔴 Weak (<30%)

🟡 Moderate (30-70%)

🟢 Strong (>70%)

🖥️ User-Friendly UI

Clean, dark-themed interface (Qt Material).

Progress bars for encryption/decryption.

Detailed operation logs.

⚙️ Technical Improvements:

🛠 Fixed in This Release

Critical Security Patch: Previously, the app reused the same nonce for all chunks, which could allow attackers to extract data. Now, each chunk has a unique nonce.

Chunk Validation: Added additional_data to ensure chunks decrypt in the correct order.

Better Error Handling: Clear messages for decryption failures (e.g., wrong password).

📜 How It Works Now

Encryption:

    Generates a random salt and derives a key using PBKDF2.

    Splits the file into 1MB chunks, each encrypted with a unique nonce.

    Stores salt + nonces in the output file.

Decryption:

    Validates chunk order using additional_data.

    Fails if chunks are missing or modified.

🖱️ UI Guide

Encrypt Tab:

    Select file → Set password → Choose output path.

    Enable "Delete original" for secure erasure.

Decrypt Tab:

    Select .encrypted file → Enter password → Choose output folder and name the file

❓ FAQ:

❔ Is this really secure?
✅ Yes! Uses AES-256-GCM, the same standard used by governments and banks. The v2.0 fixes make it resistant to known attacks.

❔ Can I recover files if I lose the password?
❌ No. The encryption is irreversible without the password.

❔ Why chunk files?
To handle large files (10GB) without high memory usage. Now done safely with unique nonces.

🎉 Special Thanks

To the amazing people who reported the nonce reuse issue! This release makes the tool more secure than ever.

📜 License

MIT License - Free for personal and commercial use.

💻 Happy Encrypting! 🔐

Assets 3
Loading