Vaultea is simple and easy to use file encryption app. It supports batch file processing and folder encryption while ensuring data authenticity and plausible deniability.
This software is a hobby project and has not been audited by any third party in any way. Even though it seems to work fine, if your life or safety depends on it, don't use this.
- Batch file processing
- Folder encryption (zip archive will be created before encryption)
- Data authencity
- Plausible deniability
- Passphrase generation
Download the latest release from the releases page. Both portable and installer versions are available.
The required glibc version is 2.31 or above. Use ldd --version
to check.
Tip: after installation, you can run the app from both the desktop environment and terminal by simply invoking vaultea
-
Download the latest
.deb
from the releases page. -
Run
sudo apt install ./release-name.deb
-
Download the latest
.rpm
from the releases page. -
Run
sudo dnf install release-name.rpm
-
Download the latest
.pkg.tar.zst
from the releases page. -
Run
sudo pacman -U release-name.pkg.tar.zst
Vaultea has not been tested on macOS by any means, therefore prebuilt binaries are not provided. In theory, it should work when run from source. Feedback about the macOS experience is welcome on issues or discussions.
The required python version is 3.10 or above.
- Clone/download the repo
- cd into project root directory
- Run
poetry install
ORpip install -r requirements.txt
- Run
poetry run python main.py
ORpython main.py
Passphrases are awesome. Vaultea provides the ability to generate one with a single click. It consists of six randomly selected words from EFF's long wordlist. You can read more about passphrases here.
TL;DR they are considered stronger and much easier to remember than regular passwords.
- It is safe to rename any files that are encrypted with Vaultea.
- To enhance security, a new key is derived for each file using the password, and the key derivation process is intentionally slow (to counter brute force attacks). Due to this, encrypting numerous individual files, regardless of their size, can be time-consuming. Putting these files into a folder and then encrypting the folder is recommended.
-
The maximum file or folder size is 256 GiB per item. Vaultea does not implement any mechanism to work around this limitation, such as generating and writing a new nonce every 256 GiB. It will not let you add such a large file or folder.
-
Vaultea does not implement any mechanisms to add data corruption resistance (such as error correction codes) to the files it processes. Therefore, it is strongly recommended to perform regular backups of important files.
-
Vaultea doesn't preserve original metadata.
Vaultea uses ChaCha20-Poly1305
with nonce (IV) length of 12 bytes for encryption and data authentication, paired with scrypt
key derivation function with the following parameters: key_len=32, N=2**20, r=8, p=1
and salt length of 16 bytes.
For each file:
If a folder is selected, it gets zipped first, without compression, then:
- A new 256-bit random key is generated (data key).
- The contents of the file are encrypted using ChaCha20 with data key.
- Another key is generated using the password entered by the user, the scrypt key derivation function, and a random salt.
- The data key is encrypted with the key from step 3.
- The encrypted key, salt, MAC tags (Poly1305) of the data key and data, and the encrypted data itself are written to the output file.
DearPyGui - GUI
DearPyGui_Extend - Custom dpg file browser.
pycryptodome - Encryption and decryption, key deriving.