I use Picocrypt-NG but I discovered that it is vibecoded, which is huge no-go for me, especially in so sensitive task as encryption.
Can you please advice me good GUI (because I am a beginner) utils for Linux to encrypt files? And better without sudo, because I don’t feel comfortable allowing any app to have root rights on my distribution permanently.
For individual files you could use Veracrypt containers or 7-zip. Both have a GUI.
Fedora KDE has GUI vaults built in too. They are LVM and use encryption on the fly too, the vault grows in size as you add files and you don’t need to pre-set it, so that’s cool too. You could probably install this on other distros.
If you want to regualrly access and add files, Veracrypt would be better cos you dont need to de/recompress every time. Just open the container and do what you like. If you want to create an archive 7-zip is probably easier. They both support AES-256 so the encryption method itself is not a consideration for either tool.
Key derivation algorithm is not “safe”. It is not Argon2ID according to my knowledge. Plus this is archiver, not an encryption tool. There is even warning for that…
Also I wouldn’t worry about Argon2 KDF so much, you could create a 64 character password for an AES .7z and absolutely no one will be breaking into that. Though if you really want Argon2, Veracrypt just added it. Just make sure you enable it as it’s not the default KDF.
You can can verify the AppImage using the gpg. There are instruction on the website how to do that.
If it’s just for local storage and not to send to anyone you could also just LUKS encrypt a USB and store it all there. Then the whole drive is encrypted with AES-256 with Argon2 KDF. In this case you could only access on Linux systems though.
Won’t recommend 7zip since it’s not intended for serious encryption. There are some discussions that 7zip’s implementation are not rigorous enough(such as key iteration rounds).
PeaZip is better in terms of security. However, age is best recommended for individial file encryption
the issue is fixed, but it’s clear that 7zip shouldn’t be the main tool for encryption(it’s just not made for that purpose). Other unfound trivial/nontrivial suboptimal practices may still exist. age, picocrypt are much better options. I personally use peazip as my file explorer
Why not use simply openssl enc? Sure, it’s a console app, but it’s been around for ages and will likely remain to be even after VeraCrypt and similar apps become defunct. Easily accessible, feature rich, accessible docs. This is all important if you’re backing up for the long term. Typing openssl enc --help in a terminal will get you a long way.