Advanced terminal-based file and folder encryption suite for Linux featuring Fernet and AES-256-GCM encryption, key management, integrity verification, metadata handling, and secure batch workflows.
- Dual encryption support using Fernet and AES-256-GCM
- Secure file and folder encryption/decryption workflows
- AES-GCM authenticated encryption with tamper detection
- Streamed AES-GCM processing for improved large-file reliability
- Fernet encryption with automatic integrity validation
- Batch encryption/decryption for entire folders
- Recursive folder traversal support
- SHA256 manifest-based integrity verification system
- Persistent operations manifest logging
- Key generation for both Fernet and AES encryption
- Key metadata management and labeling system
- Key backup and restore functionality
- Secure key deletion workflow with confirmation protection
- Compression support for input files and folders
- Built-in self-test runtime verification mode
- Interactive terminal menu system with colored output
- Progress bars for large encryption/decryption operations
- Desktop launcher integration for Raspberry Pi desktop environments
- Structured logging system with operation tracking
| Mode | Purpose |
|---|---|
| Fernet | Simple authenticated symmetric encryption |
| AES-256-GCM | Advanced authenticated encryption with tamper detection |
Both encryption systems support secure file handling, batch operations, and manifest-based integrity tracking.
Access encryption, decryption, key management, integrity verification, backup, and recovery tools from one terminal interface.
Manage Fernet and AES keys, view metadata, monitor backup status, and track key history.
Encrypt files using AES-256-GCM with progress tracking and operation summaries.
Verify encrypted output against manifest hashes and confirm file integrity.
Restore keys and metadata from backups to recover encryption access when needed.
git clone https://github.com/WastelandSYS/encryptopi.git
cd encryptopi
chmod +x install.sh uninstall.sh
sudo ./install.shInstaller compatibility notes:
- Supports apt, dnf, yum, pacman, zypper, and apk package managers.
- Falls back to pip-based install when distro package detection is unavailable.
- If your distro enforces externally managed Python environments, the installer will attempt a compatible pip fallback and provide a virtualenv recovery command.
Launch with:
encryptopicd encryptopi
sudo ./uninstall.shThe uninstaller removes:
/usr/local/bin/encryptopi- desktop launchers
- application shortcuts
Your project folders and encrypted data remain untouched.
Default launch:
encryptopiGenerate Fernet key:
encryptopiThen select:
2. Generate Fernet Key
Generate AES-256 key:
encryptopiThen select:
5. Generate AES Key
Run runtime self-test:
python3 encryptopi.py --self-test --no-clearShow version:
python3 encryptopi.py --versionList keys in CLI mode:
python3 encryptopi.py --list-keys
python3 encryptopi.py --list-keys --jsonVerify manifest integrity in CLI mode:
python3 encryptopi.py --verify-manifestEncrypt a single file using Fernet (CLI mode):
python3 encryptopi.py encrypt --algo fernet --key mykey.key --infile example.txtDecrypt a single file using Fernet:
python3 encryptopi.py decrypt --algo fernet --key mykey.key --infile example.txt.encEncrypt using AES-256-GCM:
python3 encryptopi.py encrypt --algo aes --key aeskey.key --infile example.txtDecrypt AES-encrypted file:
python3 encryptopi.py decrypt --algo aes --key aeskey.key --infile example.txt.aesEncrypt an entire folder recursively:
python3 encryptopi.py encrypt --algo aes --key aeskey.key --folder myfolderCheck manifest integrity:
encryptopiThen select:
12. Check File Integrity
New advanced menu options:
- Single-file interactive encrypt/decrypt operations.
- Dry-run preview for batch operations before execution.
- Manifest tools submenu for verification, tail view, and pruning stale entries.
- Decompression workflow to safely extract ZIP archives to
decompressed_output/.
encryptopi automatically creates and manages:
input/
output/
decrypted_output/
decompressed_output/
keys/
key_backups/
logs/
Workflow overview:
- Place files/folders into
input/ - Encrypted outputs are written to
output/ - Decrypted outputs are written to
decrypted_output/ - Encryption keys are stored in
keys/ - Key backups are stored in
key_backups/ - Runtime logs are stored in
logs/ output/stores encrypted files andoperations_manifest.jsonl
- AES-256-GCM authenticated encryption
- SHA256 integrity verification
- Manifest-based operation tracking
- Tamper detection during AES decryption
- Automatic encryption/decryption logging
- Key confirmation safety prompts
- Backup-aware key management
- Metadata tagging for key organization
Designed primarily for Linux systems.
Tested on:
- Raspberry Pi OS
- Kali Linux ARM
- Raspberry Pi 4B
- Debian-based Linux systems
Notes:
install.shprefers system dependencies viaapton Debian/Raspberry Pi OS/Kali- If
apt-getis unavailable, installer prints guidance and falls back to pip when available - Desktop launcher support is included for Raspberry Pi desktop environments
- The installer creates a global
encryptopicommand shortcut - AES operations use the
cryptographyPython package backend
Installed automatically by install.sh:
cryptographycoloramatqdm
encryptopi was built to provide a more organized, visual, and user-friendly encryption workflow for Linux and Raspberry Pi systems without sacrificing powerful functionality.
The tool focuses on:
- secure encryption workflows
- clean terminal experience
- organized key management
- integrity verification
- batch folder encryption
- practical day-to-day usability
- Raspberry Pi compatibility
Encryptopi is released under the GNU General Public License v3.0. See LICENSE for the full license text.





