CLI file encryption tool based on AES-256-GCM and Argon2id.
argon2-cffi— Argon2id key derivationcryptography— cryptographic primitivestyper— CLI interfacerich— terminal display
Download the latest .whl from the releases page, then:
# Install pipx if you don't have it
pip install pipx
# Install cipher
pipx install "cipher @ file:///path/to/cipher-X.X.X-py3-none-any.whl"
# cipher is now available globally
cipher --helpDownload the new .whl from the releases page, then:
pipx install --force "cipher @ file:///path/to/cipher-X.X.X-py3-none-any.whl"pipx uninstall ciphergit clone https://codeberg.org/GautierPicon/cipher.git
cd cipheruv syncuv run cipher --helpuv run pytest# generates dist/cipher-X.X.X-py3-none-any.whl
uv buildcipher encrypt <file> [<file2> ...]
cipher encrypt <file> --genpass
cipher encrypt <file> -o <output>
cipher encrypt <file> --overwrite
cipher encrypt <file> -o <output> --overwritecipher decrypt <file.enc>
cipher decrypt <file.enc> -o <output>
cipher decrypt <file.enc> --overwrite
cipher decrypt <file.enc> -o <output> --overwritecipher verify <file.enc>cipher --help
cipher encrypt --help
cipher decrypt --help
cipher verify --help# Encrypt secret.txt → secret.enc
cipher encrypt secret.txt
# Encrypt rapport.pdf and name the output vault.enc
cipher encrypt rapport.pdf -o vault.enc
# Encrypt a folder
cipher encrypt my-folder/# Encrypt several files in one command — one password prompt for all
cipher encrypt file1.txt file2.pdf my-folder/
# With --overwrite if the .enc files already exist
cipher encrypt file1.txt file2.pdf --overwrite
-o/--outputcannot be used when encrypting multiple files.
# Generate a strong random password, use it to encrypt, and copy it to clipboard
cipher encrypt secret.txt --genpass⚠ The generated password is displayed once and cannot be recovered. Store it in a password manager.
# Decrypt secret.enc → restores original filename automatically
cipher decrypt secret.enc
# Decrypt and choose a custom output name
cipher decrypt vault.enc -o restored_report.pdf# Verify integrity and password without writing anything to disk
cipher verify secret.encverify decrypts every chunk in memory and checks the AES-GCM authentication tag. It confirms that:
- the password is correct,
- the file has not been tampered with or truncated.
No output file is ever created.
cipher runs on macOS, Linux, and Windows.
| Feature | macOS | Linux | Windows |
|---|---|---|---|
| Encryption / Decryption | ✓ | ✓ | ✓ |
| Verify | ✓ | ✓ | ✓ |
Clipboard (--genpass) |
pbcopy |
xclip / xsel / wl-copy |
clip |
File permissions (chmod 600) |
✓ | ✓ | skipped (no-op on NTFS) |
| Directory encryption | pipe | pipe | temp file (pipes are blocking on Windows) |
| Component | Choice | Why |
|---|---|---|
| Encryption | AES-256-GCM | Authenticated encryption (integrity + confidentiality) |
| KDF | Argon2id | GPU/ASIC-resistant; OWASP & RFC 9106 recommendation |
| KDF parameters | t=3, m=64 MiB, p=4 | OWASP 2024 interactive profile |
| Salt | 32 random bytes | Unique per file; protects against rainbow tables |
| Nonce | 64-bit random + 32-bit counter | Per-chunk; avoids reuse across files and chunks |
| File format | CIPHER02 | Self-contained header stores all KDF parameters |
Each .enc file is self-contained: the header embeds the magic bytes, all
Argon2id parameters, a 32-byte salt, and a 12-byte base nonce. This means
cipher can always re-derive the correct key even if the default parameters
change in a future version.
Chunks are encrypted individually with AES-256-GCM. Each chunk has its own nonce derived from the base nonce, so a truncated or reordered file is detected immediately. The filename is authenticated inside the first chunk.
Feedback is welcome! Feel free to open an issue or a pull request on the Codeberg repository.