Secret - Command line file encryption program

Quick links



Latest stable release is 0.9. It was released 2019-07-08.

Secret is a command line file encryption program for Unix-like operating systems. Port for Windows is under development and will be available in August 2019. Secret already works with WSL. Secret supports encrypting individual files and directories.

How Secret works

Secret uses AES with 256 bit keys in CTR mode. Before decryption, files are autenticated using HMAC to ensure the data is not tampered. With HMAC, SHA512 is used. Most of the time SHA512 is actually faster on 64bit machines than SHA256. SHA512 is also very secure hash algorithm to use together with HMAC. For IV (nonce), 128 bit cryptographically random data is used.

For the actual encryption, OpenSSL Evp API is used.

Secret supports encrypting any size of files. Files are read and encrypted in chunks so for encrypting a big file does not require truckloads of memory.


A simple example how to encrypt a file: secret -e /home/niko/passwords.txt

For more, see the manual

Download Secret

At the moment I don't provide binaries for Secret, but there will be at least Windows binaries in the future. Source code for Secret is hosted on Github.

Licenced under the MIT open source license.
Copyright © Niko Rosvall 2019
Follow on Twitter
Made in Finland