Xecrets File Command Line (File Encryption Toolbox)

I’d like to suggest Xecrets File Command Line. It’s a GPL open source file encryption toolbox for Linux, macOS and Windows. It’s very flexible and is suitable for human use from the command line, as well as scripts and with the companion nuget Xecrets.File.Sdk it can be used as an encryption engine for .NET software.

For casual use there’s a (proprietary) desktop app frontend as well, providing easy and convenient working with encrypted files, also across Linux, macOS and Windows.

It’s 100% compatible with all versions of AxCrypt.

It works very nicely as an independent encryption tool for cloud storage synchronized from the local system to the cloud. It supports password-based as well as public key-based encryption.

See GitHub - xecrets/xecrets-file-cli: Xecrets File Cli - A feature-rich cross platform AxCrypt-compatible file encryption command line toolbox using a fork of original AxCrypt for cryptography. https://www.axantum.com/xecrets-file-ez is an easy to use graphical frontend for Windows, Linux and macOS using it, and https://www.nuget.org/packages/Xecrets.File.Sdk/ is a .NET SDK.. and https://www.axantum.com/ .

[Disclosure: I am the author.]

Considering we don’t even mention AxCrypt, not sure why we would mention this. Generally we don’t recommend projects which are new. This one only has 31 commits and has been around since June.

Hi Daniel! Thanks for looking at it!

The history is a little more complex and long than meets the eye at first.

The xecrets-file-cli repo itself is a command line wrapper and it indeed has 31 commits since it’s public release. (A few hundred commits before that were squeezed into the first public commit.)

More significantly, it’s “just” a wrapper around a fork of AxCrypt where all the heavy lifting is done.

That repo has 4000+ commits since January 2012.

Mentioning AxCrypt is relevant, because while not recommended here, it’s still a fairly popular file encryption tool with many users, and it’s history goes way back to 2001 in it’s initial implementation and has over 20 million downloads.

So, while the command line wrapper is indeed new, it builds on something with a long and popular history with a significant user base.

This new command line implementation removes a lot of potential issues in the previous, as it no longer has any use of any server infrastructure, never connects to the Internet and thus works without any restrictions in an air-gapped environment. Also, it provides the capability for scripting and programmatic integration which was lacking and is available in a public github repo under GPL.

Thanks for the consideration!

Regards,

Svante

mm… I’ll move this to Project Showcase and maybe you can get feedback from other community members. I have to agree that I’m unfamiliar with AxCrypt and unsure what benefits it might have over alternatives, maybe you can share more?

Hi and thanks.

There’s a comparison page here: Products | Desktop File Encryption Product Comparison . Of course, there’s no one tool for all needs, and many tools will complement each other.

Trying to summarize, the benefits of Xecrets File over apparently very similar alternatives such as Picocrypt, AESCrypt and 7-zip etc is that in addition to encrypting and compressing files individually for archiving or sending to third parties, there are also functions to make actually working with the files locally easy and safe.

When encrypting, the original plain text is automatically wiped and deleted. Once encrypted, files can easily be decrypted temporarily, optionally edited, and then conveniently re-encrypted and the temporaries wiped. Used in combination with full hard disk encryption and/or file system encryption of the temporary location this makes for a secure and convenient workflow.

It integrates nicely with locally synchronized cloud storage providers, just like Cryptomator, but without the need for elevated permissions, installation or file system drivers.

There’s even support for public key cryptograhpy, enabling password-less sharing of encrypted files, as well as scripted and programmatic encryption without the need of ever storing any secret keys or passwords in the encrypting system.

A SDK for .NET development is available, making programmatic use very easy.

Xecrets File is distributed as a single portable executable for Linux, macOS and Windows, with absolutely no connection to the Internet, no installation and no requirement for elevated permissions.

All this being said, of course, in some cases Cryptomator would be the application of choice, in others VeraCrypt. When compared to Picocrypt, AESCrypt, 7-zip et. al. I do believe Xecrets File will come out on top in many, if not most cases.

Compared to AxCrypt, it’s 100% compatible, free or much cheaper, more focused functionality, no Internet requirement, no installation/portable, Linux support, built with latest tooling, fully featured command line and SDK available, really open source with public github repo and issue tracker etc.

Any and all feedback on improvements is very welcome, it is very actively developed.

Hi, Svante, the author of Xecrets Cli and Ez here with some updates since last year.

First of all, it’s now “Xecrets Cli”, or “Xecrets Command Line”, we dropped the “File” part .

It’s been updated with some pretty nice performance improvements due to refactoring of the existing code after a performance analysis, and also moved away from the BouncyCastle library and instead use .NET cryptography, which in turn in our case is mostly a thin wrapper around the the platform native implementation.

We also added an option to encrypt/decrypt regular text to/from an ASCII armored form, instead of to a file. So it can be used for copy/paste operations in chats and emails etc. without the need for a file attachment.

Xecrets Cli is available at GitHub - xecrets/xecrets-cli: Xecrets Cli - A feature-rich AxCrypt-compatible file encryption cli toolbox using https://github.com/axantum/xecrets-net, forked from AxCrypt 2.x for cryptography. https://www.axantum.com/xecrets-ez is an easy to use graphical frontend for Windows, Linux and macOS using it, and https://www.nuget.org/packages/Xecrets.Sdk/ is a .NET SDK ., and the companion cryptography at GitHub - axantum/xecrets-net: A forked version of the stand-alone copy of the AxCrypt repository, containing all Axantum changes required for https://github.com/xecrets/xecrets-cli. .

Xecrets Cli is used as the backend for our desktop cross platform app frontend Xecrets Ez, doing all the heavy lifting. The desktop app has also been improved a lot, do check it out at https://www.axantum.com/ and it recently got a really nice review at Xecrets Ez Premium Review | PCMag .

Any and all feedback is welcome!

New version 2.3.776 released of both Xecrets Cli and the Ez desktop app! Updates since 2.3.723:

• Support canceling long operations
• Add re-encrypt files and folders
• Add forgot password link in sign in
• Enable compression for text encryption
• Various usability enhancements
• A number of bug fixes
• …and much more, see the release notes!

Home page: https://www.axantum.com/
Release notes: Xecrets | Release Notes
GitHub: GitHub - xecrets/xecrets-cli: Xecrets Cli - A feature-rich AxCrypt-compatible file encryption cli toolbox using https://github.com/axantum/xecrets-net, forked from AxCrypt 2.x for cryptography. https://www.axantum.com/xecrets-ez is an easy to use graphical frontend for Windows, Linux and macOS using it, and https://www.nuget.org/packages/Xecrets.Sdk/ is a .NET SDK .
Download: Xecrets Ez & Cli | Download Xecrets AxCrypt compatible free file encryption
About: https://www.axantum.com/xecrets-ez

(I am the author of Xecrets Cli and Ez, as well as the original author of AxCrypt with which I am no longer affiliated)

Thanks for sharing your work There are some questions I’m curious about:

1. Do you have plans to support XChaCha20 in the future?
2. Are there any ways to encrypt or decrypt files on Android? Or at least some ways to bundle it in an HTML file that can encrypt / decrypt using javascript?
3. Could there be support for Reed-Solomon to reduce unexpected damage risk?

Hi!

1. XChaCha20 support. The software is fully prepared even for plugins for other algorithms, and XChaCha20 would be strong candidate. If there’s enough demand, it could certainly happen.

2. Android. Since Xecrets Ez is compatible with the previous iteration, AxCrypt, and AxCrypt is available for Android, that is one way to work on Android. A HTML bundle would be possible to implement, but right now it’s not top priority to support Android. The core code will run fine on Android though, the UI might need some work but most of it will also run there.

3. I don’t really think the type of damage that Reed-Solomon addresses is very likely for most use-case scenarios. We don’t really have that type of storage or transmission much any more, where some random bits gets distorted. What we do have is an HMAC to verify the full integrity, and we also duplicate the headers at the end, after the encrypted data, which include all vital meta data including the file session key (encrypted). We use CTR mode of operation, which means that if parts of a file is damaged, we are able with some work to recover what there is, and the header duplication makes it unlikely that both the beginning and the end of the file would be damaged at the same time. Examples of real-life incidents where Reed-Solomon would help are appreciated!

Thanks for your answers. Yeah my last question is actually not too precise as I don’t have particular incidents in mind right now. It’s actually more about some abilities to recover damaged files and R-S just came to my mind, but CTR mode is still an interesting knowing, thanks.

I’ll look forward to future updates for other 2 questions