DOCUMENTATION

ECRYPTO Documentation

Complete guide to military-grade folder and file encryption. Learn installation, usage, security best practices, and advanced features.

Download Latest How It Works GitHub

Key Features

Enterprise security made accessible with an intuitive interface

Military-Grade Security

XChaCha20-Poly1305 AEAD cipher with 256-bit keys and Argon2id key derivation

Interactive File Browser

Visual drive and folder navigation with smart path detection

Cross-Platform

Works seamlessly on Windows, macOS, and Linux

Single Secure Container

Compress and encrypt entire folders into .ecrypt files

Flexible Authentication

Use passphrases or raw 32-byte key files

Tamper Detection

Authentication tags prevent unauthorized modifications

Installation

Multiple installation methods for all platforms

Option 1: Pre-built Binaries (Recommended)

Windows 
Invoke-WebRequest -Uri "https://github.com/pandarudra/ecrypto/releases/latest/download/ecrypto-windows-amd64.exe" -OutFile "ecrypto.exe"

# Run it
.\ecrypto.exe
macOS 
curl -L -o ecrypto "https://github.com/pandarudra/ecrypto/releases/latest/download/ecrypto-darwin-amd64"
chmod +x ecrypto
sudo mv ecrypto /usr/local/bin/
Linux 
wget -O ecrypto "https://github.com/pandarudra/ecrypto/releases/latest/download/ecrypto-linux-amd64"
chmod +x ecrypto
sudo mv ecrypto /usr/local/bin/

Option 2: NPM (Global CLI)

npm install -g ecrypto-cli

# Use anywhere
ecrypto-cli --help
  • Automatic updates
  • Cross-platform support
  • No manual binary management

Option 3: Build from Source

git clone https://github.com/pandarudra/ecrypto.git
cd ecrypto
go build -o ecrypto
  • Requires Go 1.24+
  • Latest development features
  • Full control over build

Interactive File Browser

Navigate your file system visually without typing paths manually

Drive Selection

💾 Select Drive

  [1] 💾 C:
  [2] 💾 D:
  [3] 💾 E:

Start by choosing your drive on Windows systems

Folder Navigation

📂 Current: C:\Users\Name

  [1] ⬆️  ..
  [2] 📁 Documents
  [3] 📁 Downloads
  [4] 📁 Pictures (250 MB)
  [5] 📄 report.pdf (2.5 MB)

Browse folders with numbered selection and size preview

Visual navigation File size preview Quick folder access Path paste support

Quick Start Guide

Interactive Mode (Recommended for Beginners)

.\ecrypto.exe

You'll see an intuitive menu: 

██████ ▄█████ █████▄  ██  ██ █████▄ ██████ ▄████▄
██▄▄   ██     ██▄▄██▄  ▀██▀  ██▄▄█▀   ██   ██  ██
██▄▄▄▄ ▀█████ ██   ██   ██   ██       ██   ▀████▀

[1] [ENCRYPT]  Encrypt a Folder/File
[2] [DECRYPT]  Decrypt a Folder/File
[3] [KEYGEN]   Generate Encryption Key
[4] [INFO]     View Container Info
[5] [UNDO]     Undo Recent Operation
[6] [EXIT]     Quit Application
  • Select operation by number
  • Browse or paste file paths
  • Choose passphrase or key file
  • Done — data encrypted securely

Command Reference

Complete CLI command documentation

Encrypt Folder

ecrypto encrypt \
  --in "C:\MyFolder" \
  --out "backup.ecrypt" \
  --pass "password"

Encrypt File

ecrypto encrypt \
  --in "C:\document.pdf" \
  --out "document.ecrypt" \
  --pass "password"

Generate Key File

ecrypto keygen \
  --out encryption.key

Encrypt with Key File

ecrypto encrypt \
  --in "C:\MyFolder" \
  --out "backup.ecrypt" \
  --key-file encryption.key

Decrypt Container

ecrypto decrypt \
  --in "backup.ecrypt" \
  --out "restored" \
  --pass "password"

View Container Info

ecrypto info \
  --file backup.ecrypt

Command Flags

Command Flag Description Default
encrypt --in Input folder or file path Required
--out Output .ecrypt file path Required
--pass Passphrase (Argon2id) -
--key-file 32-byte Base64 key file -
--argon-m Argon2 memory (KiB) 262144 (256MB)
--argon-t Argon2 iterations 3
--argon-p Argon2 parallelism 1
Command Flag Description Default
decrypt --in Input .ecrypt file Required
--out Output folder path Required
--pass Passphrase -
--key-file Key file path -
keygen --out Output key file stdout
info --file .ecrypt file path Required

Common Use Cases

Personal Backups

ecrypto encrypt \
  --in "C:\Users\Name\Documents" \
  --out "documents_backup.ecrypt" \
  --pass "SecurePassword123!"

Regular backups for cloud storage and disaster recovery

Secure File Transfer

ecrypto keygen --out key.txt
ecrypto encrypt \
  --in "sensitive.pdf" \
  --out "transfer.ecrypt" \
  --key-file key.txt

Send encrypted file via one channel, key via another

Performance Tuning

# Fast (128MB memory)
ecrypto encrypt --in folder \
  --out backup.ecrypt \
  --pass "password" \
  --argon-m 131072 --argon-t 2

Adjust parameters for older hardware

High Security

# Strong (512MB memory)
ecrypto encrypt --in folder \
  --out critical.ecrypt \
  --pass "password" \
  --argon-m 524288 --argon-t 5

Maximum protection for sensitive data

Security Model

Cryptographic implementation and threat protection

XChaCha20-Poly1305 AEAD Argon2id KDF 256-bit Keys RFC 8439 Compliant RFC 9106 Compliant

Cryptographic Components

  • Cipher: XChaCha20-Poly1305 (AEAD cipher with 256-bit keys)
  • KDF: Argon2id (256MB memory, 3 iterations, 1 parallelism)
  • Nonce: 24 bytes (random, never reused)
  • Salt: 16 bytes (random per container)
  • MAC: Poly1305 (16-byte authentication tag)
Protection Implementation
Unauthorized Access 256-bit XChaCha20-Poly1305 encryption
Metadata Leakage File names encrypted within container
Data Tampering Poly1305 authentication tag verification
Brute Force Argon2id memory-hard key derivation
Rainbow Tables Unique salt per container
Nonce Reuse Random 24-byte nonce per encryption

Security Best Practices

Strong Passphrases

  • Minimum 16 characters
  • Mix uppercase, lowercase, numbers, symbols
  • Use password manager (1Password, Bitwarden)
  • Never reuse across containers

Key File Management

  • Store in password manager
  • Keep on encrypted USB drive
  • Never store with encrypted files
  • Backup securely

Backup Strategy

  • Test decryption before deleting originals
  • Store containers in cloud (safe when encrypted)
  • Keep keys separate from containers
  • Regular backup rotation

Secure Deletion

# Windows
sdelete -p 3 "C:\Original"

# Linux/macOS
shred -vfz -n 3 /path/file

Use secure deletion tools for originals

Troubleshooting

Access Denied Error

Cause: Output path is directory, not file

Fix: Specify file ending with .ecrypt

Authentication Failed

Cause: Wrong passphrase or corrupted file

Fix: Verify passphrase, check file integrity

Out of Memory

Cause: Argon2 memory too high

Fix: Reduce --argon-m parameter

Slow Performance

Cause: Large folders or high Argon2 settings

Fix: Use key files or reduce parameters

Path Not Found

Cause: Paths with spaces not quoted

Fix: Use quotes: "C:\My Folder"

Invalid Command

Cause: Wrong syntax

Fix: Use --help for correct syntax

Container Architecture

Internal structure of .ecrypt containers

.ecrypt Container Format (v1)
┌─────────────────────────────────────────
│ HEADER (59 bytes, authenticated)
├─────────────────────────────────────────
│ Magic Bytes      "ECRYPT01"
│ Version          1
│ KDF Type         0=raw key | 1=argon2id
│ Argon2 Params    memory, iterations, parallelism
│ Salt             16 bytes (random)
│ Nonce            24 bytes (random)
├─────────────────────────────────────────
│ ENCRYPTED PAYLOAD (XChaCha20-Poly1305)
├─────────────────────────────────────────
│ ├─ Compressed ZIP Archive
│ │  ├─ File hierarchy
│ │  ├─ File contents
│ │  └─ Metadata
│ └─ Authentication Tag (16 bytes)
└─────────────────────────────────────────

File Flow:
Input → ZIP Compress → Encrypt → .ecrypt Container

Additional Resources

Project Links

Standards & Specifications

Contributing

  • Report bugs and issues
  • Suggest new features
  • Submit pull requests
  • Improve documentation
  • Security audits welcome

Support

  • Star the repository
  • Share with colleagues
  • Write reviews and articles
  • Sponsor development