Picocrypt

Picocrypt is a very small (hence Pico), very simple, yet very secure encryption tool that you can use to protect your files. It's designed to be the go-to tool for encryption, with a focus on security, simplicity, and reliability. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security, even from three-letter agencies like the NSA. Your privacy and security is under attack. Take it back with confidence by protecting your files with Picocrypt.

Picocrypt

# Downloads **Make sure to only download Picocrypt from this repository** to ensure that you get the authentic and backdoor-free Picocrypt. When sharing Picocrypt with others, be sure to link to this repository to prevent any confusion. **Beware of picocrypt.org, which claims to be the official website for this project! Remember, there is no official website for Picocrypt.** Even if this self-proclaimed website is taken down, I will not remove this message; let it be a real-world warning to stay vigilant. ## Windows Picocrypt for Windows is as simple as it gets. To download the latest, standalone, and portable executable for Windows, click here. If Microsoft Defender or your antivirus flags Picocrypt as a virus, please do your part and submit it as a false positive for the betterment of everyone. If you use Picocrypt frequently, you can download an installer here for easier launching. It does not require any admin permissions to install and it also bundles a software OpenGL renderer for compatibility, so if the portable executable isn't working, this installer likely will. ## macOS Picocrypt for macOS is very simple as well. Download Picocrypt here, open the container, and drag Picocrypt to your Applications. You may need to manually trust the app from a terminal and control-click on the app if macOS prevents you from opening it: ``` xattr -d com.apple.quarantine /Applications/Picocrypt.app ``` ## Linux To use Picocrypt on Linux, you can download the raw binary here (you may need to install the packages below). Alternatively, you can try the .deb, Flatpak, run Picocrypt through Wine, or compile from source using the instructions in the `src/` directory. ``` sudo apt install -y libc6 libgcc-s1 libgl1 libgtk-3-0 libstdc++6 libx11-6 ``` ## CLI A command-line interface is available for Picocrypt here. It can encrypt and decrypt files, folders, and globs, and supports paranoid mode and Reed-Solomon encoding. You can use it on systems that don't have a GUI or can't run the GUI app, or to write automated shell scripts for backups, etc. ## Web A functionally limited web app is available here which allows you to encrypt and decrypt standard Picocrypt volumes (no advanced features or keyfiles) on any modern browser, including mobile devices. It's a simple, future-proof way to encrypt files that should work indefinitely due to the web's stable nature. Note that you can only encrypt single files up to a maximum size of 1 GiB. ## Mobile 🚧 An experimental project PicoGo is a community-developed port of Picocrypt to platforms like Android and iOS using the Fyne GUI library. Feel free to try it out, but keep in mind that it is *not* part of the official core Picocrypt project (like the platforms listed above) and thus not subject to the same scrutiny and standards that the core project is. So, **use it with caution and diligence** during its experimental phase. # Why Picocrypt? Why should you use Picocrypt instead of VeraCrypt, 7-Zip, BitLocker, or Cryptomator? Here are a few reasons why you should choose Picocrypt: # Comparison Here's how Picocrypt compares to other popular encryption tools. | | Picocrypt | VeraCrypt | 7-Zip GUI | BitLocker | Cryptomator | | -------------- | -------------- | -------------- | -------------- | -------------- | -------------- | | Free |✅ Yes |✅ Yes |✅ Yes |✅ Bundled |✅ Yes | | Open Source |✅ GPLv3 |✅ Multi |✅ LGPL |❌ No |✅ GPLv3 | | Cross-Platform |✅ Yes |✅ Yes |❌ No |❌ No |✅ Yes | | Size |✅ 3 MiB |❌ 20 MiB |✅ 2 MiB |✅ N/A |❌ 50 MiB | | Portable |✅ Yes |✅ Yes |❌ No |✅ Yes |❌ No | | Permissions |✅ None |❌ Admin |❌ Admin |❌ Admin |❌ Admin | | Ease-Of-Use |✅ Easy |❌ Hard |✅ Easy |✅ Easy |🟧 Medium | | Cipher |✅ XChaCha20 |✅ AES-256 |✅ AES-256 |🟧 AES-128 |✅ AES-256 | | Key Derivation |✅ Argon2 |🟧 PBKDF2 |❌ SHA-256 |❓ Unknown |✅ Scrypt | | Data Integrity |✅ Always |❌ No |❌ No |❓ Unknown |✅ Always | | Deniability |✅ Supported |✅ Supported |❌ No |❌ No |❌ No | | Reed-Solomon |✅ Yes |❌ No |❌ No |❌ No |❌ No | | Compression |✅ Yes |❌ No |✅ Yes |✅ Yes |❌ No | | Telemetry |✅ None |✅ None |✅ None |❓ Unknown |✅ None | | Audited |✅ [Yes](https://github.com/Picocrypt/storage/blob/main/Picocrypt.Audit.Report.pdf) |✅ Yes |❌ No |❓ Unknown |✅ Yes | Keep in mind that while Picocrypt does most things better than other tools, it's not a one-size-fits-all and doesn't try to be. There are use cases such as full-disk encryption where VeraCrypt and BitLocker would be a better choice. So while Picocrypt is a great choice for the majority of people, you should still do your own research and use what's best for you. # Features Picocrypt is a very simple tool, and most users will intuitively understand how to use it in a few seconds. On a basic level, simply dropping your files, entering a password, and hitting Encrypt is all that's needed to encrypt your files. Dropping the output back into Picocrypt, entering the password, and hitting Decrypt is all that's needed to decrypt those files. Pretty simple, right? While being simple, Picocrypt also strives to be powerful in the hands of knowledgeable and advanced users. Thus, there are some additional options that you may use to suit your needs. # Security For more information on how Picocrypt handles cryptography, see Internals for the technical details. If you're worried about the safety of me or this project, let me assure you that this repository won't be hijacked or backdoored. I have 2FA (TOTP) enabled on all accounts with a tie to Picocrypt (GitHub, etc.), in addition to full-disk encryption on all of my portable devices. For further hardening, Picocrypt uses my isolated forks of dependencies and I fetch upstream only when I have taken a look at the changes and believe that there aren't any security issues. This means that if a dependency gets hacked or deleted by the author, Picocrypt will be using my fork of it and remain completely unaffected. I've also meticulously gone through every single setting in the Picocrypt organization and repos, locking down access behind multiple layers of security such as read-only base-level member permissions, required PRs and mandatory approvals (which no one can do but me), mandatory CODEOWNERS approvals, and I'm the only member of the Picocrypt organization and repos (except for PicoGo). You can feel confident about using Picocrypt as long as you understand: Picocrypt operates under the assumption that the host machine it is running on is safe and trusted. If that is not the case, no piece of software will be secure, and you will have much bigger problems to worry about. As such, Picocrypt is designed for the offline security of volumes and does not attempt to protect against side-channel analysis. # Donations When I was actively developing Picocrypt, I accepted donations, but now that Picocrypt is complete and production-ready, there's no need anymore. Instead, take your time and effort to share the love of Picocrypt with others. Donations are nice, but being able to help others is a lot more valuable to me than a few spare dollars. Knowing that Picocrypt is helping people secure their files is plenty enough for me. # FAQ **Does the "Delete files" feature shred files?** No, it doesn't shred any files and just deletes them as your file manager would. On modern storage mediums like SSDs, there is no such thing as shredding a file since wear leveling makes it impossible to overwrite a particular sector. Thus, to prevent giving users a false sense of security, Picocrypt doesn't include any shredding features at all. **Is Picocrypt quantum-secure?** Yes, Picocrypt is secure against quantum computers. All of the cryptography used in Picocrypt works off of a private key, and private-key cryptography is considered to be resistant against all current and future developments, including quantum computers. # Acknowledgements A thank you from the bottom of my heart to the significant contributors on [Open Collective](https://opencollective.com/picocrypt): Also, a huge thanks to the following people who were the first to donate and support Picocrypt: Finally, thanks to these people/organizations for helping me out when needed: