From 6f3cbb0a38e2757556961fe467d10553de42d36e Mon Sep 17 00:00:00 2001
From: Evan Su <48808396+HACKERALERT@users.noreply.github.com>
Date: Thu, 10 Apr 2025 00:27:36 -0400
Subject: [PATCH 1/4] Auto press start/process button on Enter key
---
src/Picocrypt.go | 205 +++++++++++++++++++++++++----------------------
1 file changed, 108 insertions(+), 97 deletions(-)
diff --git a/src/Picocrypt.go b/src/Picocrypt.go
index 10baa94..430b94f 100644
--- a/src/Picocrypt.go
+++ b/src/Picocrypt.go
@@ -173,10 +173,117 @@ func (p *compressorProgress) Read(data []byte) (int, error) {
return read, err
}
+var onClickStartButton = func() {
+ // Start button should be disabled if these conditions are true; don't do anything if so
+ if (len(keyfiles) == 0 && password == "") || (mode == "encrypt" && password != cpassword) {
+ return
+ }
+
+ if keyfile && keyfiles == nil {
+ mainStatus = "Please select your keyfiles"
+ mainStatusColor = RED
+ return
+ }
+ tmp, err := strconv.Atoi(splitSize)
+ if split && (splitSize == "" || tmp <= 0 || err != nil) {
+ mainStatus = "Invalid chunk size"
+ mainStatusColor = RED
+ return
+ }
+
+ // Check if output file already exists
+ _, err = os.Stat(outputFile)
+
+ // Check if any split chunks already exist
+ if split {
+ names, _ := filepath.Glob(outputFile + ".*")
+ if len(names) > 0 {
+ err = nil
+ } else {
+ err = os.ErrNotExist
+ }
+ }
+
+ // If files already exist, show the overwrite modal
+ if err == nil && !recursively {
+ showOverwrite = true
+ modalId++
+ giu.Update()
+ } else { // Nothing to worry about, start working
+ showProgress = true
+ fastDecode = true
+ canCancel = true
+ modalId++
+ giu.Update()
+ if !recursively {
+ go func() {
+ work()
+ working = false
+ showProgress = false
+ giu.Update()
+ }()
+ } else {
+ // Store variables as they will be cleared
+ oldPassword := password
+ oldKeyfile := keyfile
+ oldKeyfiles := keyfiles
+ oldKeyfileOrdered := keyfileOrdered
+ oldKeyfileLabel := keyfileLabel
+ oldComments := comments
+ oldParanoid := paranoid
+ oldReedsolo := reedsolo
+ oldDeniability := deniability
+ oldSplit := split
+ oldSplitSize := splitSize
+ oldSplitSelected := splitSelected
+ oldDelete := delete
+ files := allFiles
+ go func() {
+ for _, file := range files {
+ // Simulate dropping the file
+ onDrop([]string{file})
+
+ // Restore variables and options
+ password = oldPassword
+ cpassword = oldPassword
+ keyfile = oldKeyfile
+ keyfiles = oldKeyfiles
+ keyfileOrdered = oldKeyfileOrdered
+ keyfileLabel = oldKeyfileLabel
+ comments = oldComments
+ paranoid = oldParanoid
+ reedsolo = oldReedsolo
+ deniability = oldDeniability
+ split = oldSplit
+ splitSize = oldSplitSize
+ splitSelected = oldSplitSelected
+ delete = oldDelete
+
+ work()
+ if !working {
+ resetUI()
+ cancel(nil, nil)
+ showProgress = false
+ giu.Update()
+ return
+ }
+ }
+ working = false
+ showProgress = false
+ giu.Update()
+ }()
+ }
+ }
+}
+
// The main user interface
func draw() {
giu.SingleWindow().Flags(524351).Layout(
giu.Custom(func() {
+ if giu.IsKeyReleased(giu.KeyEnter) {
+ onClickStartButton()
+ return
+ }
if showPassgen {
giu.PopupModal("Generate password:##"+strconv.Itoa(modalId)).Flags(6).Layout(
giu.Row(
@@ -653,103 +760,7 @@ func draw() {
return startLabel
}
return "Process"
- }()).Size(giu.Auto, 34).OnClick(func() {
- if keyfile && keyfiles == nil {
- mainStatus = "Please select your keyfiles"
- mainStatusColor = RED
- return
- }
- tmp, err := strconv.Atoi(splitSize)
- if split && (splitSize == "" || tmp <= 0 || err != nil) {
- mainStatus = "Invalid chunk size"
- mainStatusColor = RED
- return
- }
-
- // Check if output file already exists
- _, err = os.Stat(outputFile)
-
- // Check if any split chunks already exist
- if split {
- names, _ := filepath.Glob(outputFile + ".*")
- if len(names) > 0 {
- err = nil
- } else {
- err = os.ErrNotExist
- }
- }
-
- // If files already exist, show the overwrite modal
- if err == nil && !recursively {
- showOverwrite = true
- modalId++
- giu.Update()
- } else { // Nothing to worry about, start working
- showProgress = true
- fastDecode = true
- canCancel = true
- modalId++
- giu.Update()
- if !recursively {
- go func() {
- work()
- working = false
- showProgress = false
- giu.Update()
- }()
- } else {
- // Store variables as they will be cleared
- oldPassword := password
- oldKeyfile := keyfile
- oldKeyfiles := keyfiles
- oldKeyfileOrdered := keyfileOrdered
- oldKeyfileLabel := keyfileLabel
- oldComments := comments
- oldParanoid := paranoid
- oldReedsolo := reedsolo
- oldDeniability := deniability
- oldSplit := split
- oldSplitSize := splitSize
- oldSplitSelected := splitSelected
- oldDelete := delete
- files := allFiles
- go func() {
- for _, file := range files {
- // Simulate dropping the file
- onDrop([]string{file})
-
- // Restore variables and options
- password = oldPassword
- cpassword = oldPassword
- keyfile = oldKeyfile
- keyfiles = oldKeyfiles
- keyfileOrdered = oldKeyfileOrdered
- keyfileLabel = oldKeyfileLabel
- comments = oldComments
- paranoid = oldParanoid
- reedsolo = oldReedsolo
- deniability = oldDeniability
- split = oldSplit
- splitSize = oldSplitSize
- splitSelected = oldSplitSelected
- delete = oldDelete
-
- work()
- if !working {
- resetUI()
- cancel(nil, nil)
- showProgress = false
- giu.Update()
- return
- }
- }
- working = false
- showProgress = false
- giu.Update()
- }()
- }
- }
- }),
+ }()).Size(giu.Auto, 34).OnClick(onClickStartButton),
giu.Style().SetColor(giu.StyleColorText, mainStatusColor).To(
giu.Label(mainStatus),
),
From d9473f777bf020f79db8b057ca7510413df138d8 Mon Sep 17 00:00:00 2001
From: Evan Su <48808396+HACKERALERT@users.noreply.github.com>
Date: Thu, 10 Apr 2025 00:38:09 -0400
Subject: [PATCH 2/4] Bump to 1.48, update changelog
---
Changelog.md | 5 +++++
VERSION | 2 +-
src/Picocrypt.go | 4 ++--
3 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/Changelog.md b/Changelog.md
index 8a81c2e..4ede0b6 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -3,6 +3,11 @@
Migrate golang.org/x/crypto to standard library imports (https://github.com/golang/go/issues/65269)
+# v1.48 (Released 04/11/2025)
+
+ - ✓ Allow pressing 'Enter' key to press Start/Process button
+
+
# v1.47 (Released 02/19/2025)
- ✓ No code changes, just build on newly released Go 1.24
diff --git a/VERSION b/VERSION
index 99dd716..46284af 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.47
+1.48
\ No newline at end of file
diff --git a/src/Picocrypt.go b/src/Picocrypt.go
index 430b94f..84ac805 100644
--- a/src/Picocrypt.go
+++ b/src/Picocrypt.go
@@ -2,7 +2,7 @@ package main
/*
-Picocrypt v1.47
+Picocrypt v1.48
Copyright (c) Evan Su
Released under a GNU GPL v3 License
https://github.com/Picocrypt/Picocrypt
@@ -60,7 +60,7 @@ var TRANSPARENT = color.RGBA{0x00, 0x00, 0x00, 0x00}
// Generic variables
var window *giu.MasterWindow
-var version = "v1.47"
+var version = "v1.48"
var dpi float32
var mode string
var working bool
From 333aca2a8053dbda76a0892ac10f73b94396d128 Mon Sep 17 00:00:00 2001
From: Evan Su <48808396+HACKERALERT@users.noreply.github.com>
Date: Thu, 10 Apr 2025 01:20:40 -0400
Subject: [PATCH 3/4] Add warnings for zip and external destinations
When encrypting multiple files, Picocrypt will zip them to a temporary zip file on the target location with a .tmp extension. This comes with two issues: 1. requires double the volume size of free storage; 2. external drive must not be unsafe to host the unencrypted temporary zip file.
Prevent potential footguns by showing warnings where appropriate.
---
src/Picocrypt.go | 46 ++++++++++++++++++++++++++++++++++++++++++----
1 file changed, 42 insertions(+), 4 deletions(-)
diff --git a/src/Picocrypt.go b/src/Picocrypt.go
index 84ac805..2c2cc0a 100644
--- a/src/Picocrypt.go
+++ b/src/Picocrypt.go
@@ -30,6 +30,7 @@ import (
"os"
"path/filepath"
"regexp"
+ "runtime"
"strconv"
"strings"
"time"
@@ -131,6 +132,9 @@ var mainStatus = "Ready"
var mainStatusColor = WHITE
var popupStatus string
+var temporaryZip bool
+var externalDst bool
+
// Progress variables
var progress float32
var progressInfo string
@@ -606,7 +610,7 @@ func draw() {
giu.Checkbox("Paranoid mode", ¶noid),
giu.Tooltip("Provides the highest level of security attainable"),
giu.Dummy(-170, 0),
- giu.Style().SetDisabled(recursively).To(
+ giu.Style().SetDisabled(recursively || !(len(allFiles) > 1 || len(onlyFolders) > 0)).To(
giu.Checkbox("Compress files", &compress).OnChange(func() {
if !(len(allFiles) > 1 || len(onlyFolders) > 0) {
if compress {
@@ -736,6 +740,21 @@ func draw() {
} else {
file += filepath.Ext(inputFile) + ".pcv"
}
+ externalDst = false
+ GOOS := strings.ToLower(runtime.GOOS)
+ if strings.HasPrefix(GOOS, "windows") {
+ if !strings.HasPrefix(file, "C:") {
+ externalDst = true
+ }
+ } else if strings.HasPrefix(GOOS, "linux") {
+ if strings.Contains(file, "/media/") || strings.Contains(file, "/mnt/") {
+ externalDst = true
+ }
+ } else if strings.HasPrefix(GOOS, "darwin") {
+ if strings.Contains(file, "/Volumes/") {
+ externalDst = true
+ }
+ }
} else {
if strings.HasSuffix(inputFile, ".zip.pcv") {
file += ".zip"
@@ -761,9 +780,25 @@ func draw() {
}
return "Process"
}()).Size(giu.Auto, 34).OnClick(onClickStartButton),
- giu.Style().SetColor(giu.StyleColorText, mainStatusColor).To(
- giu.Label(mainStatus),
- ),
+ giu.Custom(func() {
+ if temporaryZip && externalDst {
+ giu.Style().SetColor(giu.StyleColorText, YELLOW).To(
+ giu.Label("Warning: unencrypted temp files will be created"),
+ ).Build()
+ } else if temporaryZip {
+ giu.Style().SetColor(giu.StyleColorText, WHITE).To(
+ giu.Label(mainStatus + " (info: will create temporary files)"),
+ ).Build()
+ } else if externalDst {
+ giu.Style().SetColor(giu.StyleColorText, WHITE).To(
+ giu.Label(mainStatus + " (info: target may be an external drive)"),
+ ).Build()
+ } else {
+ giu.Style().SetColor(giu.StyleColorText, mainStatusColor).To(
+ giu.Label(mainStatus),
+ ).Build()
+ }
+ }),
),
giu.Custom(func() {
@@ -1000,6 +1035,7 @@ func onDrop(names []string) {
// Set the input and output paths
inputFile = filepath.Join(filepath.Dir(names[0]), "Encrypted") + ".zip"
outputFile = inputFile + ".pcv"
+ temporaryZip = true
}
// Recursively add all files in 'onlyFolders' to 'allFiles'
@@ -2262,6 +2298,8 @@ func resetUI() {
mainStatus = "Ready"
mainStatusColor = WHITE
popupStatus = ""
+ temporaryZip = false
+ externalDst = false
progress = 0
progressInfo = ""
From a0e6e30e7b12e5b435b520976acccc48892a8ced Mon Sep 17 00:00:00 2001
From: Evan Su <48808396+HACKERALERT@users.noreply.github.com>
Date: Thu, 10 Apr 2025 01:37:56 -0400
Subject: [PATCH 4/4] add external drive warnings to changelog and readme
---
Changelog.md | 1 +
README.md | 8 ++++++++
2 files changed, 9 insertions(+)
diff --git a/Changelog.md b/Changelog.md
index 4ede0b6..3a088ad 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -6,6 +6,7 @@
# v1.48 (Released 04/11/2025)
- ✓ Allow pressing 'Enter' key to press Start/Process button
+ - ✓ Warn user when encrypting multiple files to an external drive
# v1.47 (Released 02/19/2025)
diff --git a/README.md b/README.md
index 73f0835..2b15221 100644
--- a/README.md
+++ b/README.md
@@ -92,6 +92,14 @@ While being simple, Picocrypt also strives to be powerful in the hands of knowle
- Recursively: If you want to encrypt and/or decrypt a large set of files individually, this option will tell Picocrypt to go through every recursive file that you drop in and encrypt/decrypt it separately. This is useful, for example, if you are encrypting thousands of large documents and want to be able to decrypt any one of them in particular without having to download and decrypt the entire set of documents. Keep in mind that this is a very complex feature that should only be used if you know what you are doing.
+# Caveats
+When encrypting multiple files, Picocrypt will automatically zip them into one file before encrypting it. However, this requires a two-step process that creates an unencrypted temporary `.zip.tmp` file in the same destination folder. This has two implications:
+
+ - There must be at least double the available free space on the target drive as the combined total size of input files
+ - The target drive must be safe to save confidential data; if not, the unencrypted temporary file may be recoverable even after deletion
+
+To mitigate these caveats, Picocrypt will show info and warning labels accordingly. However, it is best to prevent these issues altogether by always encrypting and decrypting on your main host drive and then copying encrypted volumes to and from external sources, or zipping up input files beforehand and encrypting that single file which doesn't have these caveats.
+
# Security
For more information on how Picocrypt handles cryptography, see Internals for the technical details. If you're worried about the safety of me or this project, let me assure you that this repository won't be hijacked or backdoored. I have 2FA (TOTP) enabled on all accounts with a tie to Picocrypt (GitHub, Reddit, Google, etc.), in addition to full-disk encryption on all of my portable devices. For further hardening, Picocrypt uses my isolated forks of dependencies and I fetch upstream only when I have taken a look at the changes and believe that there aren't any security issues. This means that if a dependency gets hacked or deleted by the author, Picocrypt will be using my fork of it and remain completely unaffected. You can feel confident about using Picocrypt as long as you understand: