CLI tool for encrypting and decrypting files using AES-256-GCM with password-derived keys (PBKDF2 + SHA-256).
- AES-256-GCM authenticated encryption — detects tampering automatically
- PBKDF2 key derivation with 200,000 iterations — brute-force resistant
- Random salt + nonce per encryption — same file + password = different output every time
- Simple CLI interface —
encryptanddecryptcommands - Works on any file type (text, binary, images, archives)
``` [MAGIC 4B][VERSION 1B][SALT 16B][NONCE 12B][TAG 16B][CIPHERTEXT ...] ```
The header embeds all parameters needed for decryption — no separate metadata file required.
```bash pip install -r requirements.txt python -m cryptor.cli encrypt secret.txt -o secret.txt.enc python -m cryptor.cli decrypt secret.txt.enc -o secret.txt ```
``` Cryptography/ ├── cryptor/ │ ├── crypto.py # AES-256-GCM core logic │ ├── cli.py # CLI interface (argparse) │ └── utils.py # Password prompt, path helpers ├── tests/ │ ├── test_crypto.py │ └── test_cli.py └── .github/workflows/ci.yml ```
```bash pytest tests/ -v
```
| Property | Implementation |
|---|---|
| Cipher | AES-256-GCM (authenticated) |
| Key derivation | PBKDF2-SHA256, 200,000 iterations |
| Salt | 16 bytes, random per encryption |
| Nonce | 12 bytes, random per encryption |
| Authentication tag | 16 bytes, verified before decryption |
``` pycryptodome>=3.20.0 pytest>=8.0.0 ```
Astrahan45 — Network Engineer · MSc Integrated Communications Systems
