🍁 **Proudly made in Canada.** 🍁

Picocrypt

Picocrypt is a very small (hence Pico), very simple, yet very secure encryption tool that you can use to protect your files. It's designed to be the go-to tool for file encryption, with a focus on security, simplicity, and reliability. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security.

Picocrypt

# ❄️ Project archived ❄️ Picocrypt has been permanently archived and frozen into a read-only state. Read the [reason](https://github.com/Picocrypt/Picocrypt/issues/134) why. ***Please read it carefully and fully**; it's not the format you might expect.* **Picocrypt is still fully functional, stable, and secure as is. You can continue using it confidently.** Archiving Picocrypt doesn't mean there's anything wrong with it, just that I'm done working on it. A community-developed successor to Picocrypt is available and called [Picocrypt NG](https://github.com/Picocrypt-NG). ⚠️ **I do not endorse, develop, nor support Picocrypt NG; use it at your own risk.** ⚠️ Picocrypt NG is not subject to the same rigorous testing and design I applied to Picocrypt. # Downloads ℹ️ **You are highly recommended to read through the [Features](https://github.com/Picocrypt/Picocrypt?tab=readme-ov-file#features) section below to fully understand the features and limitations of Picocrypt before using it.** ℹ️ Make sure to only download Picocrypt from this repository to ensure that you get the authentic and backdoor-free Picocrypt. When sharing Picocrypt with others, be sure to link to this repository to prevent any confusion. Besides this repository, there is no official website/webpage or mobile apps for Picocrypt. For example, beware of picocrypt.org ([archive.org snapshot](https://web.archive.org/web/20240816235513/http://picocrypt.org/)), which claimed to be the official website for this project. ## Windows To download the latest, standalone, and portable executable for Windows, click here. If it won't start, see here for a solution or use the installer below which automatically fixes the issue (recommended). If you use Picocrypt frequently, you can also download the [installer](https://github.com/Picocrypt/Picocrypt/releases/download/1.49/Installer.exe) for easy access, automatic file extension association, and bundled compatibility helpers. Administrator privileges are not required to run the installer. If your antivirus flags Picocrypt as a virus, please report it as a false positive to help everyone. ## macOS Download Picocrypt here, open the container, and drag Picocrypt to your Applications. You will need to manually trust the app from a terminal if macOS prevents you from opening it: ``` xattr -d com.apple.quarantine /Applications/Picocrypt.app ``` Note: the macOS app is built for Apple silicon only. If you're still on Intel, you can build from source. **Warning: Picocrypt will cease to work on macOS in the future** because Apple doesn't care about backwards compatibility. Once OpenGL is removed and/or GLFW compatibility is broken, Picocrypt will no longer work and it will be very difficult to fix. If you're a macOS user, you're probably better off using the CLI or Web version instead. Maybe also consider using an OS that actually somewhat cares about its developers and users... ## Linux Download the raw binary here (you may need the packages below). Alternatively, try the .deb or Flatpak. ``` sudo apt install -y libc6 libgcc-s1 libgl1 libgtk-3-0 libstdc++6 libx11-6 ``` ## CLI A command-line interface is available for Picocrypt here. It can encrypt and decrypt files, folders, and glob patterns, and supports paranoid mode and Reed-Solomon encoding. You can use it on systems that don't have a GUI or can't run the GUI app. ## Web A functionally limited web app is available here which allows you to encrypt and decrypt standard Picocrypt volumes (no advanced features or keyfiles) on any modern browser, including mobile devices. It's a simple, future-proof way to securely encrypt files that should work indefinitely due to the web's stable nature. Note that you can only encrypt/decrypt single files up to a maximum size of 512 MiB. # Comparison Here's how Picocrypt compares to other popular encryption tools. | | Picocrypt | VeraCrypt | 7-Zip GUI | BitLocker | Cryptomator | | -------------- | -------------- | -------------- | -------------- | -------------- | -------------- | | Free |✅ Yes |✅ Yes |✅ Yes |✅ Bundled |✅ Yes | | Open Source |✅ GPLv3 |✅ Multi |✅ LGPL |❌ No |✅ GPLv3 | | Cross-Platform |✅ Yes |✅ Yes |❌ No |❌ No |✅ Yes | | Size |✅ 3 MiB |❌ 20 MiB |✅ 2 MiB |✅ N/A |❌ 50 MiB | | Portable |✅ Yes |✅ Yes |❌ No |✅ Yes |❌ No | | Permissions |✅ None |❌ Admin |❌ Admin |❌ Admin |❌ Admin | | Ease-Of-Use |✅ Easy |❌ Hard |✅ Easy |✅ Easy |🟧 Medium | | Cipher |✅ XChaCha20 |✅ AES-256 |✅ AES-256 |🟧 AES-128 |✅ AES-256 | | Key Derivation |✅ Argon2 |🟧 PBKDF2 |❌ SHA-256 |❓ Unknown |✅ Scrypt | | Data Integrity |✅ Always |❌ No |❌ No |❓ Unknown |✅ Always | | Deniability |✅ Supported |✅ Supported |❌ No |❌ No |❌ No | | Reed-Solomon |✅ Yes |❌ No |❌ No |❌ No |❌ No | | Compression |✅ Yes |❌ No |✅ Yes |✅ Yes |❌ No | | Telemetry |✅ None |✅ None |✅ None |❓ Unknown |✅ None | | Audited |✅ [Yes](https://github.com/Picocrypt/storage/blob/main/Picocrypt.Audit.Report.pdf) |✅ Yes |❌ No |❓ Unknown |✅ Yes | Keep in mind that while Picocrypt does most things better than other tools, it's not a one-size-fits-all and doesn't try to be. There are use cases such as full-disk encryption where VeraCrypt and BitLocker would be a better (and the only) choice. So while Picocrypt is a great choice for the majority of people doing file encryption, you should still do your own research and use what's best for you. # Features Picocrypt is a very simple tool and most users will intuitively understand how to use it in a few seconds. On a basic level, simply dropping your files, entering a password, and hitting Encrypt is all that's needed to encrypt your files. Dropping the output back into Picocrypt, entering the password, and hitting Decrypt is all that's needed to decrypt those files. Pretty simple, right? While being simple, Picocrypt also strives to be powerful in the hands of knowledgeable and advanced users. Thus, there are some additional options that you may use to suit your needs. Read through their descriptions carefully as some of them can be complex to use correctly. # Security For more information on how Picocrypt handles cryptography, see Internals for the technical details. If you're worried about the safety of me or this project, let me assure you that this repository won't be hijacked or backdoored. I have 2FA (TOTP) enabled on all accounts with a tie to Picocrypt (GitHub, etc.), in addition to full-disk encryption on all of my portable devices. For further hardening, Picocrypt uses my isolated forks of dependencies and I fetch upstream only when I have taken a look at the changes and believe that there aren't any security issues. This means that if a dependency gets hacked or deleted by the author, Picocrypt will be using my fork of it and remain completely unaffected. I've also meticulously gone through every single setting in the Picocrypt organization and repos, locking down access behind multiple layers of security such as read-only base-level member permissions, required PRs and mandatory approvals (which no one can do but me), mandatory CODEOWNERS approvals, and I'm the only member of the Picocrypt organization and repos. You can feel confident about using Picocrypt as long as you understand: Picocrypt operates under the assumption that the host machine it is running on is safe and trusted. If that is not the case, no piece of software will be secure, and you will have much bigger problems to worry about. As such, Picocrypt is designed for the offline security of volumes and does not attempt to protect against side-channel analysis. # Donations When I was actively developing Picocrypt, I accepted donations, but now that Picocrypt is complete and production-ready, there's no need anymore. Instead, take your time and effort to share the love of Picocrypt with others. Donations are nice, but being able to help others is a lot more valuable to me than a few spare dollars. Knowing that Picocrypt is helping people secure their files is plenty enough for me. # FAQ **Does the "Delete files" feature shred files?** No, it doesn't shred any files and just deletes them as your file manager would. On modern storage mediums like SSDs, there is no such thing as shredding a file since wear leveling makes it impossible to overwrite a particular sector. Thus, to prevent giving users a false sense of security, Picocrypt doesn't include any shredding features at all. **Is Picocrypt quantum-secure?** Yes, Picocrypt is secure against quantum computers. All of the cryptography used in Picocrypt works off of a private key, and private-key cryptography is considered to be resistant against all current and future developments, including quantum computers. # License All original code (non-forked repositories) in the [Picocrypt organization](https://github.com/orgs/Picocrypt/repositories) is licensed under **GPL-3.0-only**. This includes the GUI, CLI, and web application. Forked repositories retain their respective upstream licenses. # Acknowledgements A thank you from the bottom of my heart to the significant contributors on [Open Collective](https://opencollective.com/picocrypt): Also, a huge thanks to the following people who were the first to donate and support Picocrypt: Finally, thanks to these people/organizations for helping me out when needed: