A very small, very simple, yet very secure encryption tool.

English | Français | Español | Deutsch | Português | Türkçe | 中文 | русский

Picocrypt

Picocrypt is a very small (hence Pico), very simple, yet very secure encryption tool that you can use to protect your files, generate checksums, and much more. It's designed to be the go-to tool for encryption, with a focus on security, simplicity, and reliability. Picocrypt uses the secure XChaCha20 cipher and the Argon2 key derivation function to provide a high level of security, even from three-letter agencies like the NSA. It's designed for maximal security, making absolutely no compromises security-wise, and is built with Go's standard x/crypto modules. Your privacy and security is under attack. Take it back with confidence by protecting your files with Picocrypt.

Picocrypt

Funding

Please donate to Picocrypt on Open Collective (crypto is accepted) to raise money for a potential audit from Cure53. Because this is a project that I spend many hours on and make no money from, I cannot pay for an audit myself. Picocrypt needs support from its community.

Downloads

Important: There's an outdated and useless piece of abandonware called PicoCrypt on the Internet, which was last updated in 2005. PicoCrypt is not related in any way to Picocrypt (this project). Make sure you only download Picocrypt from this repository to ensure that you get the authentic and backdoor-free Picocrypt.

Windows

Picocrypt for Windows is as simple as it gets. To download the latest, standalone, and portable executable for Windows, click here. If Windows Defender or your antivirus flags Picocrypt as a virus, please do your part and submit it as a false positive for the betterment of everyone.

macOS

Picocrypt for macOS is very simple as well. Download Picocrypt here, extract the zip file, and run Picocrypt which is inside. If you can't open Picocrypt because it's not from a verified developer, right click on Picocrypt and hit "Open". If you still get the warning, right click on Picocrypt and hit "Open" again and you should be able to start Picocrypt.

Linux

A Snap is available for Linux. Assuming you're on a Debian-based system, a simple apt install snapd and snap install picocrypt will be enough. For other distros such as Fedora, detailed instructions are available at https://snapcraft.io/picocrypt. Due to the complexity of dependencies and static linking, I don't distribute standalone .deb or .rpm binaries because they would be unreliable and not worth the hassle. Snapcraft manages all dependencies and runtimes automatically and is the recommended way to run Picocrypt on any major Linux distribution. Additionally, Snapcraft provides better security and containerization than Flatpaks and AppImages, which is important for an encryption tool like Picocrypt. If you would prefer not to deal with Canonical, remember that building from source is always an option.

Why Picocrypt?

Why should you use Picocrypt instead of BitLocker, NordLocker, VeraCrypt, AxCrypt, or 7-Zip? Here are a few reasons why you should choose Picocrypt:

  • Unlike NordLocker, BitLocker, AxCrypt, and most cloud storage providers, Picocrypt and its dependencies are completely open-source and auditable. You can verify for yourself that there aren't any backdoors or flaws.
  • Picocrypt is tiny. While NordLocker is over 100MB and VeraCrypt is over 30MB, Picocrypt sits at just 3MB, about the size of a high-resolution photo. And that's not all - Picocrypt is portable (doesn't need to be installed) and doesn't require administrator/root privileges.
  • Picocrypt is easier and more productive to use than VeraCrypt. To encrypt files with VeraCrypt, you'd have to spend at least five minutes setting up a volume. With Picocrypt's simple UI, all you have to do is drag and drop your files, enter a password, and hit Start. All the complex procedures are handled by Picocrypt internally. Who said secure encryption can't be simple?
  • Picocrypt is designed for security. 7-Zip is an archive utility and not an encryption tool, so its focus is not on security. Picocrypt, however, is built with security as the number one priority. Every part of Picocrypt exists for a reason and anything that could impact the security of Picocrypt is removed. Picocrypt is built with cryptography you can trust.
  • Picocrypt authenticates data in addition to protecting it, preventing hackers from maliciously modifying sensitive data. This is useful when you are sending encrypted files over an insecure channel and want to be sure that it arrives untouched.
  • Picocrypt actively protects encrypted header data from corruption by adding extra Reed-Solomon parity bytes, so if part of a volume's header (which contains important cryptographic components) corrupts (e.g., hard drive bit rot), Picocrypt can still recover the header and decrypt your data with a high success rate. Picocrypt can also encode the entire volume with Reed-Solomon to prevent any corruption to your important files.

Still not convinced? See below for even more reasons why Picocrypt stands out from the rest.

Features

Picocrypt is a very simple tool, and most users will intuitively understand how to use it in a few seconds. On a basic level, simply dropping your files, entering a password, and hitting Start is all that's needed to encrypt your files. Pretty simple, right?

While being simple, Picocrypt also strives to be powerful in the hands of knowledgeable and advanced users. Thus, there are some additional options that you may use to suit your needs.

  • Password generator: Picocrypt provides a secure password generator that you can use to create cryptographically secure passwords. You can customize the password length, as well as the types of characters to include.
  • File metadata: Use this to store notes, information, and text along with the file (it won't be encrypted). For example, you can put a description of the file you're encrypting before sending it to someone. When the person you sent it to drops the file into Picocrypt, your description will be shown to that person.
  • Keyfiles: Picocrypt supports the use of keyfiles as an additional form of authentication. Not only can you use multiple keyfiles, but you can also require the correct order of keyfiles to be present, for a successful decryption to occur. A particularly good use case of multiple keyfiles is creating a shared volume, where each person holds a keyfile, and all of them (and their keyfiles) must be present in order to decrypt the shared volume.
  • Paranoid mode: Using this mode will encrypt your data with both XChaCha20 and Serpent in a cascade fashion, and use HMAC-SHA3 to authenticate data instead of BLAKE2b. This is recommended for protecting top-secret files and provides the highest level of practical security attainable. In order for a hacker to crack your encrypted data, both the XChaCha20 cipher and the Serpent cipher must be broken, assuming you've chosen a good password.
  • Prevent corruption using Reed-Solomon: This feature is very useful if you are planning to archive important data on a cloud provider or external medium for a long time. If checked, Picocrypt will use the Reed-Solomon error correction code to add 8 extra bytes for every 128 bytes to prevent file corruption. This means that up to ~3% of your file can corrupt and Picocrypt will still be able to correct the errors and decrypt your files with no corruption. Of course, if your file corrupts very badly (e.g., you dropped your hard drive), Picocrypt won't be able to fully recover your files, but it will try its best to recover what it can. Note that this option will slow down encryption and decryption considerably.
  • Keep decrypted output even if it's corrupted or modified: Picocrypt automatically checks for integrity upon decryption. If the file has been modified or is corrupted, Picocrypt will automatically delete the output for the user's safety. If you want to keep the corrupted or modified data after decryption, check this option. Also, if this option is checked and the Reed-Solomon feature was used on the encrypted file, Picocrypt will attempt to recover as much of the file as possible during decryption.
  • Split files into chunks: Don't feel like dealing with gargantuan files? No worries! With Picocrypt, you can choose to split your output file into custom-sized chunks, so large files can become more manageable and easier to upload to cloud providers. Simply choose a unit (KiB, MiB, or GiB) and enter your desired number for that unit. To decrypt the chunks, simply drag one of them into Picocrypt, and the chunks will be automatically recombined during decryption.

In addition to these comprehensive options for encryption and decryption, Picocrypt also provides a checksum generator for validating the integrity of sensitive files, which supports numerous hash functions like MD5, BLAKE2, and SHA3.

Security

For more information on how Picocrypt handles cryptography, see Internals for the technical details. If you're worried about the safety of me or this project, let me assure you that this repository won't be hijacked or backdoored. I have 2FA (TOTP) enabled on all accounts with a tie to Picocrypt (GitHub, Google, Reddit, Ubuntu One/Snapcraft, Discord, etc.), in addition to full-disk encryption on all of my portable devices. For further hardening, Picocrypt uses my isolated forks of dependencies and I fetch upstream only when I have taken a look at the changes and believe that there aren't any security issues. This means that if a dependency gets hacked or deleted by the author, Picocrypt will be using my fork of it and remain completely unaffected. You can feel confident about using Picocrypt.

Community

Here are some places where you can stay up to date with Picocrypt and get involved:

I highly recommend you join Picocrypt's subreddit because all updates and polls will be posted there. Remember to only trust these social networks and be aware of hackers that might try to impersonate me. I will never ask you for your password, and anyone who does is not me. I will never tell you to download a file from a suspicious link, and anyone who does is not me.

Stargazers

How's Picocrypt doing? Take a look below to find out. Stargazers over time

Donations

If you find Picocrypt useful, please consider tipping my PayPal. I'm providing this software completely free of charge, and would love to have some supporters that will motivate me to continue my work on Picocrypt.

Thank You's

A thank you from the bottom of my heart to the people on Open Collective who have made a significant contribution:

  • jp26 ($50)
  • Tybbs ($10)
  • N. Chin ($10)
  • Manjot ($10)
  • Phil P. ($10)
You are the people who inspire me to work on Picocrypt and provide it free of charge to everyone!

Also, a huge thanks to the following list of five people, who were the first to donate and support Picocrypt:

  • W.Graham
  • N. Chin
  • Manjot
  • Phil P.
  • E. Zahard

As well, a great thanks to these people, who have helped translate Picocrypt and make it more accessible to the world:

  • @umitseyhan75 for Turkish
  • @digitalblossom for German
  • @zeeaall for Brazilian Portuguese
  • @kurpau for Lithuanian
  • u/francirc for Spanish
  • yn for Russian
  • @Etim-Orb for Hungarian

Finally, thanks to these people for helping me out when needed:

  • Fuderal on Discord for helping me setup a Discord server
  • u/greenreddits for constant feedback and support
  • u/Tall_Escape for helping me test Picocrypt
  • u/NSABackdoors for doing plenty of testing
  • @samuel-lucas6 for feedback, suggestions, and support
Comments
  • Add Localization Support

    Add Localization Support

    Not just for graphical user interface but also for encoding/characterset. As you may see in the screenshot below some letters (Turkish ones in my case) becomes to question marks. Also, I want to conribute as a translator, so waiting for it.

    Adsız

  • Add a Password Generator

    Add a Password Generator

    A button right side of password entered area named "generate" would be pretty usefull. Ideally I would suggest implement Bitwarden's generator. And some optional checkboxes like "copy the generated password to the clipboard" or "remove the password from the clipboard after x time passed" or "save the generated password to a text file where the encrypted files will be located".

  • Update the executable icon with high definiton ones

    Update the executable icon with high definiton ones

    Support at least 256x256 size for the .ico file which is todays standart. Preferably under PNG container for better quality. Also provide lower sizes for ensuring compability. Sample Icon group size chart: 16x16 32x32 48x48 64x64 96x96 128x128 256x256

  • [Suggestion] Comparison Table between other encryption software

    [Suggestion] Comparison Table between other encryption software

    It would be interesting a comparison table like this https://www.cryfs.org/comparison It is at the end of the page.

    Some of the possible software to compare: cryfs (can be used with sirikali GUI), finalcrypt, cryptomator, veracrypt and zulucrypt.

  • pcv file comments get cut off

    pcv file comments get cut off

    When making an encrypted file, the option to put a comment (read-only) can be written without a length limit. but when you drag the pvc file to the picocrypt window, it gets cut-off. For example, the comment "this message is going to be cut off because of the window" will only be readable to "~of the w" image Im on Windows, Picocrypt version 1.26

  • Picocrypt don't start

    Picocrypt don't start

    Hello, in xUbuntu 20.04 Picocrypt show error:

    $ picocrypt
    panic: failed to create window: VersionUnavailable: GLX: Failed to create context: GLXBadFBConfig
    
    goroutine 1 [running, locked to thread]:
    github.com/HACKERALERT/giu.NewMasterWindow({0x8b4d1d, 0x9}, 0x13e, 0x1df, 0xa0?)
    	/root/go/pkg/mod/github.com/!h!a!c!k!e!r!a!l!e!r!t/[email protected]/MasterWindow.go:73 +0x626
    main.main()
    	/root/parts/picocrypt/build/Picocrypt.go:1719 +0x38
    

    As i understand problem with openGL version. How correct it? Thank!

  • Text not fully readable in GUI / App does not adjust to Windows scaling

    Text not fully readable in GUI / App does not adjust to Windows scaling

    2021-09-26 14_51_11-Picocrypt

    Text is overlapping at the “Advanced” section, and the window size is fixed, so I can't make it readable. (See screenshot)

    Windows 10, 1920×1080 screen resolution, scaling is at 125%. (So the app should/must adjust for the selected scaling of the Windows resolution.)

  • Encryption crashes with large files

    Encryption crashes with large files

    Hi,

    Picocrypt sounds great to encrypt backup files prior to uploading them on storage platforms such as Azure Storage / AWS S3, etc.

    However, while I can encrypt my 1 or 2TB files with 7z, Picocrypt cannot.

    Is there a way to allow large file encryption with Picocrypt? I guess the limitation comes from my system disk (1TB SSD) but there should be a way since 7z has no issue.

  • Extremely slow decrypt ?

    Extremely slow decrypt ?

    Hello,

    I was trying out Picocrypt, so I took a folder (2.3GB) and encrypted it with Picocrypt. I used the Reed Solomon feature since my goal is long term cloud storage. Encryption was kinda slow, but I suppose that's normal considering that the tooltip on reed solomon warns you "slow). Anyway, this is not an issue, it took about 10min to encrypt which is fine for me.

    However, when I tried to decrypt said file (2.6GB after encryption with RS) it was very very very slow. The ETA was of 5 hours! Immagine

    What's going on here? I don' think this behavior is normal/working as intended

    Some info about me:

    OS: Windows 10 Home 21H2 Build 19044.1586 CPU Intel(R) Core(TM) i5-1035G1 CPU @ 1.00GHz 1.19 GHz RAM 8,00 GB Picocrypt version 1.25

    Even if in the screenshot you see the force decrypt option ticked, I first tried with the simple decrypt, but it was slow in the same way. So, before opening this, I tried with the "force decrypt" option ticked hoping it would have speed up things. However, no success.

  • [UI] Unable to see long paths in

    [UI] Unable to see long paths in "Output" section of the UI

    Hello,

    If output file is long enough you are not able to see it completely Maybe making that box horizontally scrollable could be a fix, but any solution would be fine

    Below an highlighted graphical explaination of the issue: Immagine

  • Official Flatpak either along with or a replacement for snap

    Official Flatpak either along with or a replacement for snap

    Having an official Flatpak would be better than having a snap package.

    Flatpaks work everywhere. Snaps only work on distros with systemd and app images require glibc.

    Secondly, snaps don't really provide better security than Flatpaks. Many security researchers who have criticized Flatpaks have also criticized snaps. At least flatpak have put effort into fixing these issues.

    https://theevilskeleton.gitlab.io/2021/02/11/response-to-flatkill-org.html

    Flatpak still has issues, but they are constantly improving and are much better at being a universal package manager than snap.

  • Türkçe translation update

    Türkçe translation update

    This pull request does not include the latest changes that been made 4 days ago, specifically the commit 229861020f435bef58aa34d5e09078311eba06f5

    Those changes will be updated as well.

XXTEA is a fast and secure encryption algorithm.

XXTEA Golang Introduction xxtea is a fast and secure encryption algorithm. This project is the Golang implementation of the xxtea encryption algorithm

Aug 3, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Jan 6, 2023
Gtrace - Unofficial, simple yet effective Google Cloud Trace CLI tool

Unofficial, simple yet effective Google Cloud Trace CLI tool. Installation Homeb

Jan 4, 2023
A tool for secrets management, encryption as a service, and privileged access management
A tool for secrets management, encryption as a service, and privileged access management

Vault Please note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault, please respo

Jan 2, 2023
An easy-to-use XChaCha20-encryption wrapper for io.ReadWriteCloser (even lossy UDP) using ECDH key exchange algorithm, ED25519 signatures and Blake3+Poly1305 checksums/message-authentication for Go (golang). Also a multiplexer.

Quick start Prepare keys (on both sides): [ -f ~/.ssh/id_ed25519 ] && [ -f ~/.ssh/id_ed25519.pub ] || ssh-keygen -t ed25519 scp ~/.ssh/id_ed25519.pub

Dec 30, 2022
password manager using age for encryption

page ====== password manager using age (https://age-encryption.org/) for encryption. encrypted secrets are files in the $PAGE_SECRETS/ directory that

May 30, 2022
SingularityCE is the Community Edition of Singularity, an open source container platform designed to be simple, fast, and secure.

SingularityCE Guidelines for Contributing Pull Request Template Project License Documentation Support Citation SingularityCE is the Community Edition

Jan 5, 2023
Not Yet Another Password Manager written in Go using libsodium

secrets Secure and simple passwords manager written in Go. It aims to be NYAPM (Not Yet Another Password Manager), but tries to be different from othe

May 30, 2022
Yet another log4j vulnerability scanner

k-amon-k - Yet another log4j scanner Quick-n-Dirty installation Assuming you hav

Oct 12, 2022
Secure software enclave for storage of sensitive information in memory.

MemGuard Software enclave for storage of sensitive information in memory. This package attempts to reduce the likelihood of sensitive data being expos

Dec 30, 2022
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Minify and Secure Docker containers (free and open source!) Don't change anything in your Docker container image and minify it by up to 30x making it

Dec 27, 2022
How to systematically secure anything: a repository about security engineering
How to systematically secure anything: a repository about security engineering

How to Secure Anything Security engineering is the discipline of building secure systems. Its lessons are not just applicable to computer security. In

Jan 5, 2023
Secure Remote Password library for Go

go-srp NOTE: This is a port of node-srp to Go. I recommend reading their README for general information about the use of SRP. Installation go get gith

Aug 8, 2022
A Go Library For Generating Random, Rule Based Passwords. Many Random, Much Secure.
A Go Library For Generating Random, Rule Based Passwords. Many Random, Much Secure.

Can Haz Password? A Go library for generating random, rule based passwords. Many random, much secure. Features Randomized password length (bounded). T

Dec 6, 2021
coyim - a safe and secure chat client
coyim - a safe and secure chat client

CoyIM - a safe and secure chat client CoyIM is a new client for the XMPP protocol. It is built upon https://github.com/agl/xmpp-client and https://git

Dec 7, 2022
Windows 11 TPM 2.0 and Secure Boot Setup.exe/Registry bypass written in Go.

Win11-Patcher Windows 11 TPM 2.0 and Secure Boot Setup.exe bypass written in Go. Compiling Requires Go (no shit) Requires a version of 7zip that you c

Dec 19, 2022
Pokes users on Slack about outstanding risks found by Crowdstrike Spotlight or vmware Workspace ONE so they can secure their own endpoint.
Pokes users on Slack about outstanding risks found by Crowdstrike Spotlight or vmware Workspace ONE so they can secure their own endpoint.

?? security-slacker Pokes users on Slack about outstanding risks found by Crowdstrike Spotlight or vmware Workspace ONE so they can secure their own e

Nov 29, 2022
Secure Boot certificates from the Framework Laptop

Framework Laptop UEFI Secure Boot Certificates Source: Extracted from a live machine (FRANBMCP08) Date: 2021-10-21 KEK (Key Exchange Key) This certifi

Dec 8, 2022