Hi
I use Picocrypt-NG but I discovered that it is vibecoded, which is huge no-go for me, especially in so sensitive task as encryption.
Can you please advice me good GUI (because I am a beginner) utils for Linux to encrypt files? And better without sudo, because I don’t feel comfortable allowing any app to have root rights on my distribution permanently.
You can use LUKS.
For individual files you could use Veracrypt containers or 7-zip. Both have a GUI.
Fedora KDE has GUI vaults built in too. They are LVM and use encryption on the fly too, the vault grows in size as you add files and you don’t need to pre-set it, so that’s cool too. You could probably install this on other distros.
On disk, I do. But I need to create encrypted files backup that can be uploaded as single file
I am on lubuntu 
I took a look, seems too “light” for encryption of my attorney documents
“light”?
7zip supports AES256, which is pretty much the standard for symmetric encryption.
If you want to regualrly access and add files, Veracrypt would be better cos you dont need to de/recompress every time. Just open the container and do what you like. If you want to create an archive 7-zip is probably easier. They both support AES-256 so the encryption method itself is not a consideration for either tool.
Key derivation algorithm is not “safe”. It is not Argon2ID according to my knowledge. Plus this is archiver, not an encryption tool. There is even warning for that…
On Lubuntu? How? I thought it is microslop only…
Because apt install veracrypt do not work
Veracrypt has an AppImage, you can use that.
Also I wouldn’t worry about Argon2 KDF so much, you could create a 64 character password for an AES .7z and absolutely no one will be breaking into that. Though if you really want Argon2, Veracrypt just added it. Just make sure you enable it as it’s not the default KDF.
age is another option. The standard implementation is a CLI, but there are some (in-browser) GUIs available.
Is it safe to do so? Because everyone tells me not to download anything executable and use apt only.
Sorry for dumb questions, I just try to become more familiar with all this…
That depends on your threat model.
Yes it’s safe.
You can can verify the AppImage using the gpg. There are instruction on the website how to do that.
If it’s just for local storage and not to send to anyone you could also just LUKS encrypt a USB and store it all there. Then the whole drive is encrypted with AES-256 with Argon2 KDF. In this case you could only access on Linux systems though.
Won’t recommend 7zip since it’s not intended for serious encryption. There are some discussions that 7zip’s implementation are not rigorous enough(such as key iteration rounds).
PeaZip is better in terms of security. However, age is best recommended for individial file encryption
The original picocrypt project wasn’t vibe coded. GitHub - Picocrypt/Picocrypt: A very small, very simple, yet very secure encryption tool. · GitHub
It’s publicly archived but it’s still a solid app. Developer froze features and ironed all bugs he could find before locking it.
Do you have a source? I’d be interested to read more about this.