A command-line utility for securely encrypting and decrypting files using a key + password combo.

• Key
  • Overview
    • Summary
    • TL;DR
  • Installation
  • Usage
    • Generate a New Key
    • Lock (Encrypt) a File
    • Unlock (Decrypt) a File
    • Use Verbose Mode
    • Use a Custom Key Path
  • Configuration
  • Security
  • Development
    • Build
  • License

Key is a simple command-line tool for securely encrypting and decrypting files. It uses both a personal key and a password to encrypt and decrypt files, ensuring that your data remains safe even if your key file is compromised. Through this two-factor approach, Key provides robust security for your sensitive files.

Furthermore, Key is designed to be user-friendly, with clear commands such as lock and unlock to manage file encryption and decryption. It also supports configuration via a config file, environment variables, or command-line flags, allowing for flexible usage.

Key employs strong encryption standards, including AES-GCM for file encryption and PBKDF2 for password-based key derivation. It ensures that keys are securely wiped from memory after use and that passwords are never stored.

Key is a file encryption tool that uses a two-factor approach:

1. A personal encryption key
2. A password protecting that key

This approach ensures that even if your key file is compromised, your data remains secure without the password. Key is easy to use, with simple commands for locking and unlocking files, and it supports configuration through various means.

Linux / MacOS:

chmod +x ./install.sh  # make install.sh executable
./install.sh  # run the install script

Windows:

.\install.ps1  # run the install script in PowerShell

Before first use, generate your personal encryption key:

key newkey

This creates an encrypted key file at the configured location (default: ~/.key/key.pem).

key lock myfile.txt

key unlock myfile.txt

Add the -v flag to see detailed operation steps:

key -v unlock myfile.txt

1. Key allows specifying a custom key file path with the --key-path flag:

key --key-path /path/to/my/key.pem unlock myfile.txt

2. Or with the KEY_KEY_PATH environment variable:

export KEY_KEY_PATH=/path/to/my/key.pem

3. Or by setting it in the configuration file (see below).

Key uses a configuration file located at ~/.key/config.toml. It simply contains the path to your key file.

# Key Manager Configuration
key_path = "$HOME/.key/key.pem"

• Keys are encrypted using AES-GCM with password-derived keys (PBKDF2)
• Files are encrypted with AES-GCM using the decrypted key
• Keys are wiped from memory after use
• Passwords are never stored

• Built with Go 1.25+
• Uses Cobra for CLI commands
• Uses Viper for configuration
• Dependencies managed with Go modules

go build -o bin/key

This project is licensed under the MIT License.