AEGD: Secure File Encryption with AES-GCM and Argon2

AEGD is a secure file encryption tool using AES-GCM and Argon2/bcrypt. Learn how to protect personal files with military-grade encryption, metadata preservation, and simple usage.

Rafi
Written by Rafi
📅
Published November 13, 2025
⏱️
Read Time 2 min
📊
Difficulty Intermediate

We’ve all been there. You have sensitive files—personal documents, financial records, private photos—and you need to protect them. Maybe you’re storing them in the cloud, sharing via email, or just want extra security on your hard drive.

But here’s the problem: most encryption tools are either too complicated (VeraCrypt) or too weak (ZIP encryption). What if there was something in between—simple, strong, and honest about what it can and can’t do?

That’s exactly what AEGD (AES-Argon2 Encryption Tool) provides. A streamlined encryption tool built on proven cryptography.

ℹ️ Info

AEGD is a secure file encryption tool using AES-GCM for authenticated encryption and Argon2id or bcrypt for key derivation. It protects personal files with industry-standard cryptography while keeping things simple!

What You’ll Learn

  • What makes AEGD secure
  • How to use it for file encryption
  • Security parameters and why they matter
  • When to use this tool

What is AEGD?

AEGD stands for AES-Argon2 Encryption Tool. It’s a Python-based encryption utility designed for personal file protection.

Core Technologies

ComponentAlgorithmPurpose
EncryptionAES-256-GCMAuthenticated encryption
Key DerivationArgon2id or bcryptPassword to encryption key
Key Length256 bitsStrong encryption key

What It Does

  • Encrypt files with a password
  • Decrypt files back to original
  • Preserve file metadata
  • Verify integrity (detect tampering)

Key Features

📖 🛡️ AES-GCM Encryption

Industry-standard authenticated encryption:

  • Provides both confidentiality AND integrity
  • Resistant to chosen-ciphertext attacks
  • Detects any tampering with encrypted files
  • Widely vetted by cryptographers
🔑 Dual Key Derivation Options

Argon2id (Recommended)

  • Winner of the Password Hashing Competition
  • Memory-hard design resists GPU/ASIC attacks
  • Best protection against modern hardware

bcrypt

  • Industry standard since 1999
  • Battle-tested and widely compatible
  • Good for older systems
📁 Simple File Format

Clear, auditable structure:

  • Header with version info
  • Encrypted chunks (64KB each)
  • Each chunk has integrity protection
  • No hidden features or complexity
📋 Metadata Preservation
  • Preserves file permissions
  • Maintains timestamps
  • Optional feature (can be disabled)
  • All metadata encrypted with file
Strong Password Requirements

Prevents weak passwords:

  • Minimum 12 characters
  • Requires uppercase
  • Requires lowercase
  • Requires numbers
  • Requires special characters
🧪 Built-in Security Tests

Verify everything works:

  • Test Argon2 implementation
  • Test bcrypt implementation
  • Verify encryption/decryption
  • Check integrity protection

Security Parameters

AES-GCM

ParameterValue
Key Length256 bits
Nonce Length96 bits
Chunk Size64KB

Argon2id

ParameterValue
Time Cost3
Memory Cost128MB
Parallelism4
Output32 bytes

bcrypt

ParameterValue
Rounds12
Output24 bytes
Max Password72 characters

Why This Tool is Secure

Honest About Limitations

The documentation explicitly states what AEGD can’t do:

  • Protect against physical access to your computer
  • Guarantee complete memory wiping in Python
  • Resist nation-state attackers
  • Protect against malware on your system

This transparency is a feature, not a bug.

Proven Cryptography Only

  • No custom algorithms - Only standard, vetted implementations
  • No “secret” features - Everything is auditable
  • No complexity - Fewer features = fewer vulnerabilities

Simple = Secure

  • Less code = easier to audit
  • Fixed parameters = no misconfiguration
  • Clear format = transparent operation

Use Cases

✅ Perfect For

  • Encrypting personal documents before cloud storage
  • Protecting sensitive files on shared computers
  • Securing USB drives or external storage
  • Encrypting files before email attachment
  • Personal diary or journal encryption
  • Protecting financial documents

❌ Not For

  • Full disk encryption (use VeraCrypt)
  • System-level encryption (use LUKS)
  • Enterprise key management (use proper KMS)

Installation

# Clone the repository
git clone https://gitlab.com/krafi/aegd.git
cd aegd

No additional dependencies needed—just Python 3!

Usage

Encrypt a File

python3 simple_crypto.py encrypt myfile.txt

You’ll be prompted for a password meeting the requirements.

Decrypt a File

python3 simple_crypto.py decrypt myfile.txt.aegd

Run Security Tests

# Test current KDF
python3 simple_crypto.py --test

# Test Argon2 specifically
python3 test_mode.py argon2

# Test bcrypt
python3 test_mode.py bcrypt

Security Features Explained

Why AES-GCM?

GCM (Galois/Counter Mode) provides:

  • Confidentiality: No one can read your files
  • Integrity: Any tampering is detected
  • Authentication: Confirms the file wasn’t forged

Unlike basic CBC mode, GCM won’t silently accept tampered data.

Why Argon2?

Argon2id won the Password Hashing Competition because:

  • Memory-hard: Uses lots of memory, making GPU/ASIC attacks expensive
  • Side-channel resistant: Less vulnerable to timing attacks
  • Modern: Designed in 2015 with latest research

Why Chunked Encryption?

Breaking files into 64KB chunks:

  • Memory efficient (doesn’t load whole file)
  • Parallelizable for speed
  • Each chunk has its own nonce
  • Limits damage from partial corruption

What Makes This Different

AEGD vs. Kryptor:

Kryptor is the direct upgrade. It uses the same modern cryptography (Argon2id + ChaCha20) but is a more mature project. It also supports folders, which AEGD does not seem to handle natively.

AEGD vs. Age:

Age is the “Techie” Choice. It is the most minimal and trusted tool for single files. However, it is strictly command-line based. If you are comfortable with the terminal, Age is arguably the most secure option because it has a smaller attack surface.

AEGD vs. VeraCrypt:

VeraCrypt is for Paranoia. It is much harder to use. You create a “container” file that acts like a fake hard drive. It is overkill if you just want to email a file or lock a single document.

AEGD vs. Cryptomator:

Cryptomator is for Clouds. If you are encrypting files to put them on Google Drive or iCloud, Cryptomator is superior because it encrypts the filenames. AEGD does not appear to encrypt filenames (just metadata inside the file), meaning people can see what you are hiding, even if they can’t read it.

AES-256-GCM vs ChaCha20

If you pick AEGD, you are getting AES-256-GCM. It is safe and standard. If you pick Age or Kryptor, you are getting ChaCha20. It is equally safe, arguably more robust against bad coding, and runs better on mobile devices.

vs. ZIP Encryption

FeatureZIP EncryptionAEGD
Key DerivationPBKDF2Argon2/bcrypt
EncryptionCBC (weak)GCM (strong)
IntegrityNoneAuthenticated

vs. VeraCrypt

FeatureVeraCryptAEGD
ComplexityHighLow
VolumeFull diskSingle files
TransparencyComplexSimple

vs. Commercial Tools

FeatureCommercialAEGD
SourceClosedOpen
AlgorithmsProprietaryStandard
AuditableNoYes

Conclusion

AEGD provides honest, straightforward encryption for personal files. It uses proven cryptography (AES-GCM + Argon2id) without the complexity of enterprise tools.

If you need to protect files from casual snooping, this is perfect. It’s simple, secure, and transparent about what it does.

Remember: No encryption tool protects against physical access or malware. Use appropriately!

Source Code

View and contribute: AEGD on GitLab

Stay secure!

Knowledge Check

Test your knowledge about AEGD encryption

Discussion

0 comments
Reading Progress
4 min left 0%
Welcome back! Sign in to join the discussion.

Please verify your email to sign in.

Enter the 6-digit code from your verification email.

Didn't receive the email?

Remember your password?

Create an account to comment and join the community.
Letters, numbers, and underscores only

Check your email! We've sent a verification code.

Enter the 6-digit code to complete your registration, or click the link in your email.

Didn't receive the email?

Wrong email?

Enter your email address and we'll send you a code to reset your password.

Remember your password?

Enter the 6-digit code from your email and create a new password.

Didn't receive code?

Welcome aboard!

Your account has been created successfully.

Welcome back! Sign in to join the discussion.

Please verify your email to sign in.

Enter the 6-digit code from your verification email.

Didn't receive the email?

Remember your password?

Create an account to comment and join the community.
Letters, numbers, and underscores only

Check your email! We've sent a verification code.

Enter the 6-digit code to complete your registration, or click the link in your email.

Didn't receive the email?

Wrong email?

Enter your email address and we'll send you a code to reset your password.

Remember your password?

Enter the 6-digit code from your email and create a new password.

Didn't receive code?

Welcome aboard!

Your account has been created successfully.