We’ve all been there. You have sensitive files—personal documents, financial records, private photos—and you need to protect them. Maybe you’re storing them in the cloud, sharing via email, or just want extra security on your hard drive.
But here’s the problem: most encryption tools are either too complicated (VeraCrypt) or too weak (ZIP encryption). What if there was something in between—simple, strong, and honest about what it can and can’t do?
That’s exactly what AEGD (AES-Argon2 Encryption Tool) provides. A streamlined encryption tool built on proven cryptography.
AEGD is a secure file encryption tool using AES-GCM for authenticated encryption and Argon2id or bcrypt for key derivation. It protects personal files with industry-standard cryptography while keeping things simple!
What You’ll Learn
- What makes AEGD secure
- How to use it for file encryption
- Security parameters and why they matter
- When to use this tool
What is AEGD?
AEGD stands for AES-Argon2 Encryption Tool. It’s a Python-based encryption utility designed for personal file protection.
Core Technologies
| Component | Algorithm | Purpose |
|---|---|---|
| Encryption | AES-256-GCM | Authenticated encryption |
| Key Derivation | Argon2id or bcrypt | Password to encryption key |
| Key Length | 256 bits | Strong encryption key |
What It Does
- Encrypt files with a password
- Decrypt files back to original
- Preserve file metadata
- Verify integrity (detect tampering)
Key Features
📖 🛡️ AES-GCM Encryption
Industry-standard authenticated encryption:
- Provides both confidentiality AND integrity
- Resistant to chosen-ciphertext attacks
- Detects any tampering with encrypted files
- Widely vetted by cryptographers
🔑 Dual Key Derivation Options
Argon2id (Recommended)
- Winner of the Password Hashing Competition
- Memory-hard design resists GPU/ASIC attacks
- Best protection against modern hardware
bcrypt
- Industry standard since 1999
- Battle-tested and widely compatible
- Good for older systems
📁 Simple File Format
Clear, auditable structure:
- Header with version info
- Encrypted chunks (64KB each)
- Each chunk has integrity protection
- No hidden features or complexity
📋 Metadata Preservation
- Preserves file permissions
- Maintains timestamps
- Optional feature (can be disabled)
- All metadata encrypted with file
✅ Strong Password Requirements
Prevents weak passwords:
- Minimum 12 characters
- Requires uppercase
- Requires lowercase
- Requires numbers
- Requires special characters
🧪 Built-in Security Tests
Verify everything works:
- Test Argon2 implementation
- Test bcrypt implementation
- Verify encryption/decryption
- Check integrity protection
Security Parameters
AES-GCM
| Parameter | Value |
|---|---|
| Key Length | 256 bits |
| Nonce Length | 96 bits |
| Chunk Size | 64KB |
Argon2id
| Parameter | Value |
|---|---|
| Time Cost | 3 |
| Memory Cost | 128MB |
| Parallelism | 4 |
| Output | 32 bytes |
bcrypt
| Parameter | Value |
|---|---|
| Rounds | 12 |
| Output | 24 bytes |
| Max Password | 72 characters |
Why This Tool is Secure
Honest About Limitations
The documentation explicitly states what AEGD can’t do:
- Protect against physical access to your computer
- Guarantee complete memory wiping in Python
- Resist nation-state attackers
- Protect against malware on your system
This transparency is a feature, not a bug.
Proven Cryptography Only
- No custom algorithms - Only standard, vetted implementations
- No “secret” features - Everything is auditable
- No complexity - Fewer features = fewer vulnerabilities
Simple = Secure
- Less code = easier to audit
- Fixed parameters = no misconfiguration
- Clear format = transparent operation
Use Cases
✅ Perfect For
- Encrypting personal documents before cloud storage
- Protecting sensitive files on shared computers
- Securing USB drives or external storage
- Encrypting files before email attachment
- Personal diary or journal encryption
- Protecting financial documents
❌ Not For
- Full disk encryption (use VeraCrypt)
- System-level encryption (use LUKS)
- Enterprise key management (use proper KMS)
Installation
# Clone the repository
git clone https://gitlab.com/krafi/aegd.git
cd aegd
No additional dependencies needed—just Python 3!
Usage
Encrypt a File
python3 simple_crypto.py encrypt myfile.txt
You’ll be prompted for a password meeting the requirements.
Decrypt a File
python3 simple_crypto.py decrypt myfile.txt.aegd
Run Security Tests
# Test current KDF
python3 simple_crypto.py --test
# Test Argon2 specifically
python3 test_mode.py argon2
# Test bcrypt
python3 test_mode.py bcrypt
Security Features Explained
Why AES-GCM?
GCM (Galois/Counter Mode) provides:
- Confidentiality: No one can read your files
- Integrity: Any tampering is detected
- Authentication: Confirms the file wasn’t forged
Unlike basic CBC mode, GCM won’t silently accept tampered data.
Why Argon2?
Argon2id won the Password Hashing Competition because:
- Memory-hard: Uses lots of memory, making GPU/ASIC attacks expensive
- Side-channel resistant: Less vulnerable to timing attacks
- Modern: Designed in 2015 with latest research
Why Chunked Encryption?
Breaking files into 64KB chunks:
- Memory efficient (doesn’t load whole file)
- Parallelizable for speed
- Each chunk has its own nonce
- Limits damage from partial corruption
What Makes This Different
AEGD vs. Kryptor:
Kryptor is the direct upgrade. It uses the same modern cryptography (Argon2id + ChaCha20) but is a more mature project. It also supports folders, which AEGD does not seem to handle natively.
AEGD vs. Age:
Age is the “Techie” Choice. It is the most minimal and trusted tool for single files. However, it is strictly command-line based. If you are comfortable with the terminal, Age is arguably the most secure option because it has a smaller attack surface.
AEGD vs. VeraCrypt:
VeraCrypt is for Paranoia. It is much harder to use. You create a “container” file that acts like a fake hard drive. It is overkill if you just want to email a file or lock a single document.
AEGD vs. Cryptomator:
Cryptomator is for Clouds. If you are encrypting files to put them on Google Drive or iCloud, Cryptomator is superior because it encrypts the filenames. AEGD does not appear to encrypt filenames (just metadata inside the file), meaning people can see what you are hiding, even if they can’t read it.
AES-256-GCM vs ChaCha20
If you pick AEGD, you are getting AES-256-GCM. It is safe and standard. If you pick Age or Kryptor, you are getting ChaCha20. It is equally safe, arguably more robust against bad coding, and runs better on mobile devices.
vs. ZIP Encryption
| Feature | ZIP Encryption | AEGD |
|---|---|---|
| Key Derivation | PBKDF2 | Argon2/bcrypt |
| Encryption | CBC (weak) | GCM (strong) |
| Integrity | None | Authenticated |
vs. VeraCrypt
| Feature | VeraCrypt | AEGD |
|---|---|---|
| Complexity | High | Low |
| Volume | Full disk | Single files |
| Transparency | Complex | Simple |
vs. Commercial Tools
| Feature | Commercial | AEGD |
|---|---|---|
| Source | Closed | Open |
| Algorithms | Proprietary | Standard |
| Auditable | No | Yes |
Conclusion
AEGD provides honest, straightforward encryption for personal files. It uses proven cryptography (AES-GCM + Argon2id) without the complexity of enterprise tools.
If you need to protect files from casual snooping, this is perfect. It’s simple, secure, and transparent about what it does.
Remember: No encryption tool protects against physical access or malware. Use appropriately!
Source Code
View and contribute: AEGD on GitLab
Stay secure!
Discussion
0 commentsJoin the Discussion
Sign in to post comments and join the conversation.
No comments yet. Be the first to share your thoughts!