Aiursoft.FileLock
10.0.3
dotnet tool install --global Aiursoft.FileLock --version 10.0.3
dotnet new tool-manifest
dotnet tool install --local Aiursoft.FileLock --version 10.0.3
#tool dotnet:?package=Aiursoft.FileLock&version=10.0.3
nuke :add-package Aiursoft.FileLock --version 10.0.3
Aiursoft.FileLock
Aiursoft.FileLock is a Zero-Trust, command-line file encryption tool designed for secure storage and cloud archiving.
It converts your file structure into a flat, obfuscated vault where filenames, directory structures, and file contents are completely hidden from the storage provider.
Why FileLock?
- 🛡️ Zero-Trust Architecture: The server (or storage medium) sees nothing but random UUIDs. It cannot know what you stored, nor the original filenames or directory tree.
- 🔒 Industrial Strength Cryptography:
- AES-256-GCM: Authenticated encryption that prevents tampering.
- PBKDF2 (600,000 iterations): Protects your password against brute-force attacks.
- HKDF Key Derivation: Each file uses a unique key derived from your master password and its unique salt.
- 🕵️ Metadata Obfuscation: Original filenames and paths are encrypted inside the file payload. The physical files are renamed to meaningless
UUID.enc. - 🚀 Cross-Platform: Runs anywhere .NET runs (Windows, Linux, macOS).
Install
Requirements:
- .NET 10 SDK or later.
Run the following command to install this tool globally:
dotnet tool install --global Aiursoft.FileLock
Usage
Once installed, you can use the file-lock command in your terminal.
1 Encrypt a folder
Encrypt a local folder into a secure vault. You will be prompted to enter a password securely (input will be hidden).
file-lock encrypt -i ./my-secrets -o ./my-vault
Options:
-i, --input: Source folder path to encrypt. (Required)-o, --output: Destination folder for the encrypted vault. (Required)-p, --password: (Optional) Provide password directly. If not set, interactive mode is used.
What happens?
Your my-secrets folder structure will be flattened into my-vault. Inside my-vault, you will see only files like a3f1...9b2.enc and a vault.config. No one can tell if it's a video, a document, or a picture.
2 Decrypt a vault
Restore your files from the vault to a readable folder.
file-lock decrypt -i ./my-vault -o ./restored-files
Options:
-i, --input: Encrypted vault path. (Required)-o, --output: Destination folder for restored files. (Required)-p, --password: (Optional) Provide password directly.
What happens?
FileLock reads the encrypted metadata, reconstructs your original directory tree (e.g., photos/2023/party.jpg), and restores the file contents.
Security Design
We take security seriously. Here is the cryptographic stack used in FileLock:
- Vault Initialization: A random 32-byte
VaultSaltis generated when a vault is created. - Master Key Derivation:
PBKDF2-HMAC-SHA256is used with 600,000 iterations to derive a Master Key from your password and the Vault Salt. - Per-File Key: For every single file, a unique
FileUUIDis generated. We useHKDFto derive a uniqueFileKeyfrom the Master Key and the FileUUID. - Encryption: The file content AND the original file path are packed together and encrypted using
AES-256-GCM.- This ensures that even if two files have identical content, their encrypted output will be completely different.
- GCM mode ensures data integrity; any modification to the encrypted file will cause decryption to fail immediately.
Contributing
There are many ways to contribute to the project: logging bugs, submitting pull requests, reporting issues, and creating suggestions.
License
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
This package has no dependencies.