From d8f7a4f46bd495615d4d5934f6a794c258c07145 Mon Sep 17 00:00:00 2001
From: Evan Su <48808396+HACKERALERT@users.noreply.github.com>
Date: Sun, 3 Aug 2025 13:36:53 -0400
Subject: [PATCH 1/3] Update README: remove homebrew and mobile section
Cleaning up the repo as I will potentially stop working on Picocrypt forever
---
README.md | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/README.md b/README.md
index acb5a4f..653e809 100644
--- a/README.md
+++ b/README.md
@@ -31,12 +31,6 @@ Picocrypt for macOS is very simple as well. Download Picocrypt here which allows you to encrypt and decrypt standard Picocrypt volumes (no advanced features or keyfiles) on any modern browser, including mobile devices. It's a simple, future-proof way to encrypt files that should work indefinitely due to the web's stable nature. Note that you can only encrypt single files up to a maximum size of 1 GiB.
-## Mobile đ§
-An experimental project PicoGo is a community-developed port of Picocrypt to platforms like Android and iOS using the Fyne GUI library. Feel free to try it out, but keep in mind that it is *not* part of the official core Picocrypt project (like the platforms listed above) and thus not subject to the same scrutiny and standards that the core project is. So, **use it with caution and diligence** during its experimental phase.
-
# Why Picocrypt?
Why should you use Picocrypt instead of VeraCrypt, 7-Zip, BitLocker, or Cryptomator? Here are a few reasons why you should choose Picocrypt:
From 0bb51602a321287e9d1f9e683152577f4862554c Mon Sep 17 00:00:00 2001
From: Evan Su <48808396+HACKERALERT@users.noreply.github.com>
Date: Sun, 3 Aug 2025 14:49:41 -0400
Subject: [PATCH 2/3] Update README: simplifications, macOS notice
---
README.md | 41 +++++++++++++++--------------------------
1 file changed, 15 insertions(+), 26 deletions(-)
diff --git a/README.md b/README.md
index 653e809..ad173f5 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@

-Picocrypt is a very small (hence Pico), very simple, yet very secure encryption tool that you can use to protect your files. It's designed to be the go-to tool for encryption, with a focus on security, simplicity, and reliability. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security, even from three-letter agencies like the NSA. Your privacy and security is under attack. Take it back with confidence by protecting your files with Picocrypt.
+Picocrypt is a very small (hence Pico), very simple, yet very secure encryption tool that you can use to protect your files. It's designed to be the go-to tool for file encryption, with a focus on security, simplicity, and reliability. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security.

@@ -16,45 +16,36 @@ Picocrypt is a very small (hence Pico), very simple, yet very secure encr
âšī¸ **You are highly recommended to read through the [Features](https://github.com/Picocrypt/Picocrypt?tab=readme-ov-file#features) section below to fully understand the features and limitations of Picocrypt before using it.** âšī¸
-Make sure to only download Picocrypt from this repository to ensure that you get the authentic and backdoor-free Picocrypt. When sharing Picocrypt with others, be sure to link to this repository to prevent any confusion.
-
-Beware of picocrypt.org ([archive.org snapshot](https://web.archive.org/web/20240816235513/http://picocrypt.org/)), which claims to be the official website for this project! Remember, there is no official website for Picocrypt. Even if this self-proclaimed website is taken down, I will not remove this message; let it be a real-world warning to stay vigilant.
+Make sure to only download Picocrypt from this repository to ensure that you get the authentic and backdoor-free Picocrypt. When sharing Picocrypt with others, be sure to link to this repository to prevent any confusion. Besides this repository, there is no official website/webpage or mobile apps for Picocrypt. For example, beware of picocrypt.org ([archive.org snapshot](https://web.archive.org/web/20240816235513/http://picocrypt.org/)), which claimed to be the official website for this project.
## Windows
-Picocrypt for Windows is as simple as it gets. To download the latest, standalone, and portable executable for Windows, click here. If Microsoft Defender or your antivirus flags Picocrypt as a virus, please do your part and submit it as a false positive for the betterment of everyone.
+To download the latest, standalone, and portable executable for Windows, click here.
+
+If your antivirus flags Picocrypt as a virus, please submit it as a false positive to help everyone.
If Picocrypt won't start, you may be missing OpenGL support. See here for a solution.
## macOS
-Picocrypt for macOS is very simple as well. Download Picocrypt here, open the container, and drag Picocrypt to your Applications. You may need to manually trust the app from a terminal and control-click on the app if macOS prevents you from opening it:
+Download Picocrypt here, open the container, and drag Picocrypt to your Applications. You will need to manually trust the app from a terminal if macOS prevents you from opening it:
```
xattr -d com.apple.quarantine /Applications/Picocrypt.app
```
Note: the macOS app is built for Apple silicon only. If you're still on Intel, you can build from source.
+**Warning: Picocrypt will cease to work on macOS in the future** because Apple doesn't care about backwards compatibility. Once OpenGL is removed and/or GLFW compatibility is broken, Picocrypt will no longer work and it will be very difficult to fix. If you're a macOS user, you're probably better off using the CLI or Web version instead. Maybe also consider using an OS that actually somewhat cares about its developers and users...
+
## Linux
-To use Picocrypt on Linux, you can download the raw binary here (you may need to install the packages below). Alternatively, you can try the .deb, Flatpak, run Picocrypt through Wine, or compile from source using the instructions in the `src/` directory.
+Download the raw binary here (you may need the packages below). Alternatively, try the .deb or Flatpak.
```
sudo apt install -y libc6 libgcc-s1 libgl1 libgtk-3-0 libstdc++6 libx11-6
```
## CLI
-A command-line interface is available for Picocrypt here. It can encrypt and decrypt files, folders, and globs, and supports paranoid mode and Reed-Solomon encoding. You can use it on systems that don't have a GUI or can't run the GUI app, or to write automated shell scripts for backups, etc.
+A command-line interface is available for Picocrypt here. It can encrypt and decrypt files, folders, and glob patterns, and supports paranoid mode and Reed-Solomon encoding. You can use it on systems that don't have a GUI or can't run the GUI app.
## Web
-A functionally limited web app is available here which allows you to encrypt and decrypt standard Picocrypt volumes (no advanced features or keyfiles) on any modern browser, including mobile devices. It's a simple, future-proof way to encrypt files that should work indefinitely due to the web's stable nature. Note that you can only encrypt single files up to a maximum size of 1 GiB.
-
-# Why Picocrypt?
-Why should you use Picocrypt instead of VeraCrypt, 7-Zip, BitLocker, or Cryptomator? Here are a few reasons why you should choose Picocrypt:
-
- - Unlike BitLocker and most cloud services, Picocrypt and its dependencies are completely open-source and auditable. You can verify for yourself that there aren't any backdoors or flaws. In fact, Picocrypt was audited by Radically Open Security in 2024 and no major security issues were discovered (you can read the full report here).
- - Picocrypt is tiny. While Cryptomator is over 50 MiB and VeraCrypt is over 20 MiB, Picocrypt sits at just 3 MiB, about the size of a medium-resolution photo. And that's not all - Picocrypt is portable (doesn't need to be installed) and doesn't require administrator/root privileges.
- - Picocrypt is easier and more productive to use than VeraCrypt. To encrypt files with VeraCrypt, you'd have to spend a minute or two just setting up a volume. With Picocrypt's simple UI, all you have to do is drag and drop your files, enter a password, and hit Encrypt. All the complex procedures are handled by Picocrypt internally. Who said secure encryption can't be simple?
- - Picocrypt is designed for security. 7-Zip is an archive utility and not an encryption tool, so its focus is not on security. Picocrypt, however, is built with security as the number one priority. Every part of Picocrypt exists for a reason and anything that could impact the security of Picocrypt is removed. Picocrypt is built with cryptography you can trust.
- - Picocrypt authenticates data in addition to protecting it, preventing hackers from maliciously modifying sensitive data. This is useful when you are sending encrypted files over an insecure channel and want to be sure that it arrives untouched.
- - Picocrypt actively protects header data from corruption by adding extra Reed-Solomon parity bytes, so if part of a volume's header (which contains important cryptographic components) corrupts (e.g., hard drive bit rot), Picocrypt can still recover the header and decrypt your data with a high success rate. Picocrypt can also encode the entire volume with Reed-Solomon to prevent any corruption to your important files.
-
+A functionally limited web app is available here which allows you to encrypt and decrypt standard Picocrypt volumes (no advanced features or keyfiles) on any modern browser, including mobile devices. It's a simple, future-proof way to securely encrypt files that should work indefinitely due to the web's stable nature. Note that you can only encrypt single files up to a maximum size of 512 MiB.
# Comparison
Here's how Picocrypt compares to other popular encryption tools.
@@ -77,12 +68,12 @@ Here's how Picocrypt compares to other popular encryption tools.
| Telemetry |â
None |â
None |â
None |â Unknown |â
None |
| Audited |â
[Yes](https://github.com/Picocrypt/storage/blob/main/Picocrypt.Audit.Report.pdf) |â
Yes |â No |â Unknown |â
Yes |
-Keep in mind that while Picocrypt does most things better than other tools, it's not a one-size-fits-all and doesn't try to be. There are use cases such as full-disk encryption where VeraCrypt and BitLocker would be a better choice. So while Picocrypt is a great choice for the majority of people, you should still do your own research and use what's best for you.
+Keep in mind that while Picocrypt does most things better than other tools, it's not a one-size-fits-all and doesn't try to be. There are use cases such as full-disk encryption where VeraCrypt and BitLocker would be a better (and the only) choice. So while Picocrypt is a great choice for the majority of people doing file encryption, you should still do your own research and use what's best for you.
# Features
-Picocrypt is a very simple tool, and most users will intuitively understand how to use it in a few seconds. On a basic level, simply dropping your files, entering a password, and hitting Encrypt is all that's needed to encrypt your files. Dropping the output back into Picocrypt, entering the password, and hitting Decrypt is all that's needed to decrypt those files. Pretty simple, right? For most users, this will be enough and the features below are not necessary.
+Picocrypt is a very simple tool and most users will intuitively understand how to use it in a few seconds. On a basic level, simply dropping your files, entering a password, and hitting Encrypt is all that's needed to encrypt your files. Dropping the output back into Picocrypt, entering the password, and hitting Decrypt is all that's needed to decrypt those files. Pretty simple, right?
-But while being simple, Picocrypt also strives to be powerful in the hands of knowledgeable and advanced users. Thus, there are some additional options that you may use to suit your needs. Read through their descriptions carefully as some of them can be complex to use correctly.
+While being simple, Picocrypt also strives to be powerful in the hands of knowledgeable and advanced users. Thus, there are some additional options that you may use to suit your needs. Read through their descriptions carefully as some of them can be complex to use correctly.
- Password generator: Picocrypt provides a secure password generator that you can use to create cryptographically secure passwords. You can customize the password length, as well as the types of characters to include.
- Comments: Use this to store non-sensitive text along with the volume (it won't be encrypted and simply can't be by design). For example, you can put a description of the file you're encrypting before sending it to someone. When the person you sent it to drops the volume into Picocrypt, your description will be shown to that person. Or, if you're backing up personal files, you can give a description of the volume's contents so you can quickly remind yourself without having to fully decrypt. Since comments are neither encrypted nor authenticated, it can be freely read and modified by an attacker. Thus, it should only be used for non-sensitive, informational purposes in trusted environments.
@@ -164,15 +155,13 @@ Also, a huge thanks to the following people who were the first to donate and sup
Finally, thanks to these people/organizations for helping me out when needed:
- - [ REDACTED ] for helping me create an AppImage for Picocrypt
- - u/Upstairs-Fishing867 for helping me test PGP signatures
- u/greenreddits for constant feedback and support
- u/Tall_Escape for helping me test Picocrypt
- u/NSABackdoors for doing plenty of testing
- @samuel-lucas6 for feedback, suggestions, and support
- @AsuxAX and @Minibus93 for testing new features
- @mdanish-kh and @stephengillie for WinGet package
- - @Retengart for helping create the Flatpak
+ - @Retengart for helping create the Flatpak and housekeeping it
- Privacy Guides for listing Picocrypt
- Radically Open Security for auditing Picocrypt
From 79a62d2424e32b8063a6e67e777a50fb9a5faa6f Mon Sep 17 00:00:00 2001
From: Evan Su <48808396+HACKERALERT@users.noreply.github.com>
Date: Sun, 3 Aug 2025 14:52:02 -0400
Subject: [PATCH 3/3] Update README.md: missing /decrypt in Web section
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index ad173f5..45273eb 100644
--- a/README.md
+++ b/README.md
@@ -45,7 +45,7 @@ sudo apt install -y libc6 libgcc-s1 libgl1 libgtk-3-0 libstdc++6 libx11-6
A command-line interface is available for Picocrypt here. It can encrypt and decrypt files, folders, and glob patterns, and supports paranoid mode and Reed-Solomon encoding. You can use it on systems that don't have a GUI or can't run the GUI app.
## Web
-A functionally limited web app is available here which allows you to encrypt and decrypt standard Picocrypt volumes (no advanced features or keyfiles) on any modern browser, including mobile devices. It's a simple, future-proof way to securely encrypt files that should work indefinitely due to the web's stable nature. Note that you can only encrypt single files up to a maximum size of 512 MiB.
+A functionally limited web app is available here which allows you to encrypt and decrypt standard Picocrypt volumes (no advanced features or keyfiles) on any modern browser, including mobile devices. It's a simple, future-proof way to securely encrypt files that should work indefinitely due to the web's stable nature. Note that you can only encrypt/decrypt single files up to a maximum size of 512 MiB.
# Comparison
Here's how Picocrypt compares to other popular encryption tools.