rsecure is a simple and secure command-line tool for AES-GCM file encryption and decryption, built in pure Rust. Ideal for protecting sensitive files, backups, and personal data.
Keep It Simple Stupid
paru -S rsecure # or yay -S rsecurebrew tap containerscrew/tap
brew install --cask rsecureWarning
Since this binary is not signed by the Apple ecosystem, you will need to run the following command to allow it to run on your system.
xattr -d com.apple.quarantine /opt/homebrew/bin/rsecureIf you still have issues running the binary, I recommend using the
cargoinstallation method or downloading the binary from the releases page. I will provide a custominstall.shscript to do it automatically in the future.
Using cargo
cargo install rsecuregit clone https://github.com/containerscrew/rsecure.git
cd rsecure
cargo build --release
sudo cp ./target/release/rsecure /usr/local/bin/| Command | Description |
|---|---|
rsecure create-key -o /mnt/myusb/rsecure.key |
Generate a new AES-256 key and save it to a file |
openssl rand -out /mnt/myusb/rsecure.key 32 |
Alternative: generate a random 256-bit key using OpenSSL |
rsecure encrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/text_to_encrypt.txt |
Encrypt a single file (.enc file is created in the same directory) |
rsecure encrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/files/ |
Encrypt all files in a directory |
rsecure decrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/text_to_encrypt.txt.enc |
Decrypt a single encrypted file |
rsecure decrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/files/ |
Decrypt all files in a directory |
rsecure encrypt -r -p /mnt/myusb/rsecure.key -s /tmp/rsecure/dirtoencrypt/ |
Encrypt and remove original files (plain text) |
rsecure encrypt -p /mnt/myusb/rsecure.key -s /tmp/rsecure/dirtoencrypt -e '.git' |
Encrypt all files in a directory excluding .git/ files |
Warning
Saving the key in the same local filesystem where you save the encrypted files is not a good idea.
Save the key in a secure location, like a USB drive or a password manager.
Or just save it in a root owned directory with strict permissions (will require sudo to use it).
Something like:
sudo rsecure encrypt -p /root/rsecure.key -s /home/dcr/Documents/PrivateDocuments -rImportant
By default, rsecure will not delete the source plain files after encryption to avoid data loss.
If you want to delete the source files after encryption, use -r flag.
Testing encryption and decryption:
mkdir -p /tmp/rsecure/dirtoencrypt
touch /tmp/rsecure/filetoencrypt.txt
echo 'please, hack me!' > /tmp/rsecure/filetoencrypt.txt
for i in {1..10}; do
head -c 100 /dev/urandom | base64 > /tmp/rsecure/dirtoencrypt/file_$i.txt
done
mkdir /tmp/rsecure/dirtoencrypt/.git/
touch /tmp/rsecure/dirtoencrypt/.git/ignoreme.txt
touch /tmp/rsecure/dirtoencrypt/.git/notthisfile.txtrsecure create-key -o ~/.keys/rsecure.key
rsecure encrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/filetoencrypt.txt
rsecure decrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/filetoencrypt.txt.enc
#
rsecure encrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/dirtoencrypt/
rsecure decrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/dirtoencrypt/
rsecyre encrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/dirtoencrypt/ -e '.git'- AUR package using
goreleaser(source and bin) - Share my public GPG key to verify the integrity of the binary releases
rsecure is distributed under the terms of the GPL3 license.