rsecure
| Crates.io | rsecure |
| lib.rs | rsecure |
| version | 0.3.0 |
| created_at | 2025-10-03 20:01:18.045272+00 |
| updated_at | 2025-10-16 17:08:20.321134+00 |
| description | A simple file encryption and decryption tool using AES-GCM. |
| homepage | |
| repository | https://github.com/containerscrew/rsecure |
| max_upload_size | |
| id | 1867146 |
| size | 496,734 |
(containerscrew)
documentation
README
rsecure
rsecure is a simple and secure command-line tool for AES-GCM file encryption and decryption, built in pure Rust. Ideal for protecting sensitive files, backups, and personal data.
Keep It Simple Stupid
Features
- 🔐 AES-256 GCM encryption & decryption
- 🚀 Fast & dependency-free (pure Rust)
- 🛡️ Safe key handling (keys never stored with data)
- 🖥️ Simple CLI interface
- 📦 Available on crates.io
Installation
Using cargo:
cargo install rsecure
Locally:
git clone https://github.com/containerscrew/rsecure.git
cd rsecure
cargo build --release
sudo cp ./target/release/rsecure /usr/local/bin/
Usage
Commands
| Command | Description |
|---|---|
rsecure create-key -o /mnt/myusb/rsecure.key |
Generate a new AES-256 key and save it to a file |
openssl rand -out /mnt/myusb/rsecure.key 32 |
Alternative: generate a random 256-bit key using OpenSSL |
rsecure encrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/text_to_encrypt.txt |
Encrypt a single file (.enc file is created in the same directory) |
rsecure encrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/files/ |
Encrypt all files in a directory |
rsecure decrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/text_to_encrypt.txt.enc |
Decrypt a single encrypted file |
rsecure decrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/files/ |
Decrypt all files in a directory |
rsecure encrypt -r -p ~/.keys/rsecure.key -s /tmp/rsecure/dirtoencrypt/ |
Encrypt and remove original files |
rsecure encrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/dirtoencrypt -e '.git' |
Encrypt all files in a directory excluding .git/ files |
[!WARNING] Saving the key in the same local filesystem where you save the encrypted files is not a good idea. Save the key in a secure location, like a
USB driveor a password manager. Or just save it in aroot owned directorywith strict permissions (will require sudo to use it).
[!IMPORTANT] By default,
rsecurewill not delete the source plain files after encryption to avoid data loss. If you want to delete the source files after encryption, use-rflag.
Local dev
Testing encryption and decryption:
mkdir -p /tmp/rsecure/dirtoencrypt
touch /tmp/rsecure/filetoencrypt.txt
echo 'please, hack me!' > /tmp/rsecure/filetoencrypt.txt
for i in {1..10}; do
head -c 100 /dev/urandom | base64 > /tmp/rsecure/dirtoencrypt/file_$i.txt
done
mkdir /tmp/rsecure/dirtoencrypt/.git/
touch /tmp/rsecure/dirtoencrypt/.git/ignoreme.txt
touch /tmp/rsecure/dirtoencrypt/.git/notthisfile.txt
rsecure create-key -o ~/.keys/rsecure.key
rsecure encrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/filetoencrypt.txt
rsecure decrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/filetoencrypt.txt.enc
#
rsecure encrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/dirtoencrypt/
rsecure decrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/dirtoencrypt/
License
rsecure is distributed under the terms of the GPL3 license.