rsecure is a simple and secure command-line tool for AES-GCM file encryption and decryption, built in pure Rust. Ideal for protecting sensitive files, backups, and personal data.
Keep It Simple Stupid
GitHub code size in bytes GitHub last commit GitHub issues GitHub pull requests GitHub Repo stars GitHub watchers License Crates.io AUR Version Crates.io Total Downloads
paru -S rsecure # or yay -S rsecurebrew tap containerscrew/tap brew install --cask rsecure
Warning
Since this binary is not signed by the Apple ecosystem, you will need to run the following command to allow it to run on your system.
xattr -d com.apple.quarantine /opt/homebrew/bin/rsecure
If you still have issues running the binary, I recommend using the
cargoinstallation method or downloading the binary from the releases page. I will provide a custominstall.shscript to do it automatically in the future.
Using cargo
cargo install rsecure
git clone https://github.com/containerscrew/rsecure.git
cd rsecure
cargo build --release
sudo cp ./target/release/rsecure /usr/local/bin/| Command | Description |
|---|---|
rsecure create-key -o /mnt/myusb/rsecure.key |
Generate a new AES-256 key and save it to a file |
openssl rand -out /mnt/myusb/rsecure.key 32 |
Alternative: generate a random 256-bit key using OpenSSL |
rsecure encrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/text_to_encrypt.txt |
Encrypt a single file (.enc file is created in the same directory) |
rsecure encrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/files/ |
Encrypt all files in a directory |
rsecure decrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/text_to_encrypt.txt.enc |
Decrypt a single encrypted file |
rsecure decrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/files/ |
Decrypt all files in a directory |
rsecure encrypt -r -p /mnt/myusb/rsecure.key -s /tmp/rsecure/dirtoencrypt/ |
Encrypt and remove original files (plain text) |
rsecure encrypt -p /mnt/myusb/rsecure.key -s /tmp/rsecure/dirtoencrypt -e '.git' |
Encrypt all files in a directory excluding .git/ files |
Warning
Saving the key in the same local filesystem where you save the encrypted files is not a good idea.
Save the key in a secure location, like a USB drive or a password manager.
Or just save it in a root owned directory with strict permissions (will require sudo to use it).
Something like:
sudo rsecure encrypt -p /root/rsecure.key -s /home/dcr/Documents/PrivateDocuments -r
Important
By default, rsecure will not delete the source plain files after encryption to avoid data loss.
If you want to delete the source files after encryption, use -r flag.
Testing encryption and decryption:
mkdir -p /tmp/rsecure/dirtoencrypt touch /tmp/rsecure/filetoencrypt.txt echo 'please, hack me!' > /tmp/rsecure/filetoencrypt.txt for i in {1..10}; do head -c 100 /dev/urandom | base64 > /tmp/rsecure/dirtoencrypt/file_$i.txt done mkdir /tmp/rsecure/dirtoencrypt/.git/ touch /tmp/rsecure/dirtoencrypt/.git/ignoreme.txt touch /tmp/rsecure/dirtoencrypt/.git/notthisfile.txt
rsecure create-key -o ~/.keys/rsecure.key rsecure encrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/filetoencrypt.txt rsecure decrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/filetoencrypt.txt.enc # rsecure encrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/dirtoencrypt/ rsecure decrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/dirtoencrypt/ rsecyre encrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/dirtoencrypt/ -e '.git'
- AUR package using
goreleaser(source and bin) - Share my public GPG key to verify the integrity of the binary releases
rsecure is distributed under the terms of the GPL3 license.