Xecrets File Command Line (File Encryption Toolbox)

I’d like to suggest Xecrets File Command Line. It’s a GPL open source file encryption toolbox for Linux, macOS and Windows. It’s very flexible and is suitable for human use from the command line, as well as scripts and with the companion nuget Xecrets.File.Sdk it can be used as an encryption engine for .NET software.

For casual use there’s a (proprietary) desktop app frontend as well, providing easy and convenient working with encrypted files, also across Linux, macOS and Windows.

It’s 100% compatible with all versions of AxCrypt.

It works very nicely as an independent encryption tool for cloud storage synchronized from the local system to the cloud. It supports password-based as well as public key-based encryption.

See GitHub - xecrets/xecrets-file-cli: Xecrets File Cli - A feature-rich cross platform AxCrypt-compatible file encryption command line toolbox using a fork of original AxCrypt for cryptography. https://www.axantum.com/xecrets-file-ez is an easy to use graphical frontend for Windows, Linux and macOS using it, and https://www.nuget.org/packages/Xecrets.File.Sdk/ is a .NET SDK.. and https://www.axantum.com/ .

[Disclosure: I am the author.]

Considering we don’t even mention AxCrypt, not sure why we would mention this. Generally we don’t recommend projects which are new. This one only has 31 commits and has been around since June.


Hi Daniel! Thanks for looking at it!

The history is a little more complex and long than meets the eye at first.

The xecrets-file-cli repo itself is a command line wrapper and it indeed has 31 commits since it’s public release. (A few hundred commits before that were squeezed into the first public commit.)

More significantly, it’s “just” a wrapper around a fork of AxCrypt where all the heavy lifting is done.

That repo has 4000+ commits since January 2012.

Mentioning AxCrypt is relevant, because while not recommended here, it’s still a fairly popular file encryption tool with many users, and it’s history goes way back to 2001 in it’s initial implementation and has over 20 million downloads.

So, while the command line wrapper is indeed new, it builds on something with a long and popular history with a significant user base.

This new command line implementation removes a lot of potential issues in the previous, as it no longer has any use of any server infrastructure, never connects to the Internet and thus works without any restrictions in an air-gapped environment. Also, it provides the capability for scripting and programmatic integration which was lacking and is available in a public github repo under GPL.

Thanks for the consideration!



mm… I’ll move this to Project Showcase and maybe you can get feedback from other community members. I have to agree that I’m unfamiliar with AxCrypt and unsure what benefits it might have over alternatives, maybe you can share more?

Hi and thanks.

There’s a comparison page here: Products | Desktop File Encryption Product Comparison . Of course, there’s no one tool for all needs, and many tools will complement each other.

Trying to summarize, the benefits of Xecrets File over apparently very similar alternatives such as Picocrypt, AESCrypt and 7-zip etc is that in addition to encrypting and compressing files individually for archiving or sending to third parties, there are also functions to make actually working with the files locally easy and safe.

When encrypting, the original plain text is automatically wiped and deleted. Once encrypted, files can easily be decrypted temporarily, optionally edited, and then conveniently re-encrypted and the temporaries wiped. Used in combination with full hard disk encryption and/or file system encryption of the temporary location this makes for a secure and convenient workflow.

It integrates nicely with locally synchronized cloud storage providers, just like Cryptomator, but without the need for elevated permissions, installation or file system drivers.

There’s even support for public key cryptograhpy, enabling password-less sharing of encrypted files, as well as scripted and programmatic encryption without the need of ever storing any secret keys or passwords in the encrypting system.

A SDK for .NET development is available, making programmatic use very easy.

Xecrets File is distributed as a single portable executable for Linux, macOS and Windows, with absolutely no connection to the Internet, no installation and no requirement for elevated permissions.

All this being said, of course, in some cases Cryptomator would be the application of choice, in others VeraCrypt. When compared to Picocrypt, AESCrypt, 7-zip et. al. I do believe Xecrets File will come out on top in many, if not most cases.

Compared to AxCrypt, it’s 100% compatible, free or much cheaper, more focused functionality, no Internet requirement, no installation/portable, Linux support, built with latest tooling, fully featured command line and SDK available, really open source with public github repo and issue tracker etc.

Any and all feedback on improvements is very welcome, it is very actively developed.