A powerful, multi-algorithm encryption and decryption desktop application with secure key management, built with PyQt6.
- Multiple Encryption Algorithms: Support for 9 different encryption algorithms
- Secure Key Storage: Keys are encrypted with AES-256-GCM using a master password
- Multi-language Support: Automatic detection of system language (English/French)
- Flexible Key Management: Store up to 50 keys per algorithm
- Multiple Output Formats: Base64 and Hexadecimal encoding support
- Cross-platform: Works on Windows, macOS, and Linux
- Installation
- Quick Start
- Supported Algorithms
- User Guide
- Security Architecture
- Technical Specifications
- Troubleshooting
- Contributing
- License
- Python 3.8 or higher
- pip (Python package manager)
pip install PyQt6 cryptographypython crypto_tool.pyWindows:
pythonw crypto_tool.pyLinux/macOS:
chmod +x crypto_tool.py
./crypto_tool.py- Launch the application - Run
python crypto_tool.py - Create a master password - On first launch, you'll be prompted to create a master password (minimum 8 characters)
- Generate a key - Go to "Key Management" tab, select an algorithm (e.g., AES-256), and click "Generate"
- Encrypt text - Switch to "Encryption" tab, select your key, enter text, and click "Encrypt"
- Copy the result - The encrypted text appears in Base64 or Hex format, ready to share
| Algorithm | Key Size | Description |
|---|---|---|
| AES-128 | 128 bits | Industry standard, very fast, hardware-accelerated |
| AES-256 | 256 bits | Maximum security AES variant, recommended for sensitive data |
| ChaCha20 | 256 bits | Modern stream cipher, excellent performance without hardware acceleration |
| Camellia-128 | 128 bits | ISO/NESSIE certified, AES alternative |
| Camellia-256 | 256 bits | Enhanced Camellia with 256-bit key |
| Algorithm | Key Size | Description |
|---|---|---|
| 3DES | 192 bits | Triple DES, still used in banking systems |
| Blowfish | 128 bits | 1990s algorithm, predecessor to Twofish |
| Algorithm | Key Size | Description |
|---|---|---|
| RC4 | 128 bits | Known vulnerabilities, used in WEP/early WPA |
| XOR | 128 bits | Trivial cipher, for educational purposes only |
The master password protects all your encryption keys. It is used to derive a strong encryption key via PBKDF2-SHA256 with 600,000 iterations.
Important considerations:
- Minimum length: 8 characters
- Use a strong, unique password
- If you forget your master password, all keys are permanently lost
- The password is never stored; only a verification hash is kept
Changing your master password:
- Go to "Key Management" tab
- Click "Change password"
- Enter your old password
- Enter and confirm your new password
Generate a random key:
- Select an algorithm from the list
- Click "Generate"
- Enter a descriptive name (e.g., "Work Backup 2024")
- The key is automatically generated and saved
Import an existing key:
- Select an algorithm
- Click "Add"
- Enter a name for the key
- Paste the key in Base64 or Hex format (depending on current display setting)
- Rename: Select a key and click "Rename" or right-click → Rename
- Delete: Select a key and click "Delete" or right-click → Delete
- Copy: Right-click on a key → Copy (copies to clipboard)
- Maximum 50 keys per algorithm
- Keys are stored encrypted in system settings
- Key names must be unique within an algorithm
- Go to the "Encryption" tab
- Select the desired algorithm from the dropdown
- Select the key to use
- Choose output format (Base64 or Hex)
- Enter or paste your plain text in the upper text area
- Click "Encrypt"
- The encrypted result appears in the lower text area
- Go to the "Encryption" tab
- Select the same algorithm used for encryption
- Select the same key used for encryption
- Set the format to match the encrypted text (Base64 or Hex)
- Paste the encrypted text in the lower text area
- Click "Decrypt"
- The decrypted text appears in the upper text area
Common decryption errors:
- Wrong key selected
- Wrong algorithm selected
- Wrong format (Base64 vs Hex)
- Corrupted or truncated ciphertext
Master Password → PBKDF2-SHA256 (600,000 iterations) → 256-bit Master Key
Encryption Key + Random Salt → AES-256-GCM → Encrypted Key Blob
Components:
- Salt: 256 bits, randomly generated per installation
- IV/Nonce: 96 bits, randomly generated per encryption
- Authentication Tag: 128 bits, ensures integrity
| Algorithm | Mode | IV Size | Padding |
|---|---|---|---|
| AES-128/256 | CBC | 128 bits | PKCS7 |
| Camellia-128/256 | CBC | 128 bits | PKCS7 |
| 3DES | CBC | 64 bits | PKCS7 |
| Blowfish | CBC | 64 bits | PKCS7 |
| ChaCha20 | Stream | 128 bits | None |
| RC4 | Stream | None | None |
| XOR | Stream | None | None |
Encrypted output structure:
[IV/Nonce][Ciphertext] → Base64 or Hex encoding
| Package | Version | Purpose |
|---|---|---|
| PyQt6 | ≥ 6.4.0 | GUI framework |
| cryptography | ≥ 41.0.0 | Cryptographic primitives |
| Platform | Location |
|---|---|
| Windows | Registry: HKEY_CURRENT_USER\Software\CryptoTool |
| macOS | ~/Library/Preferences/com.cryptotool.plist |
| Linux | ~/.config/CryptoTool/CryptoToolPro.conf |
- OS: Windows 10+, macOS 10.14+, Linux (X11 or Wayland)
- Python: 3.8 or higher
- RAM: 50 MB minimum
- Disk: 10 MB for application + keys storage
- Ensure Caps Lock is off
- Try typing your password in a text editor first to verify
- If you've forgotten your password, you must delete the settings and start fresh (all keys will be lost)
Reset settings:
- Windows: Delete registry key
HKEY_CURRENT_USER\Software\CryptoTool - macOS:
rm ~/Library/Preferences/com.cryptotool.plist - Linux:
rm ~/.config/CryptoTool/CryptoToolPro.conf
- Verify you're using the exact same key
- Verify you're using the exact same algorithm
- Check that the format (Base64/Hex) matches
- Ensure the ciphertext wasn't truncated or modified
- Verify Python version:
python --version(must be 3.8+) - Reinstall dependencies:
pip install --upgrade PyQt6 cryptography - Check for error messages in terminal
- Make sure the vault is unlocked (status bar should show "Vault unlocked" in green)
- Select an algorithm from the list
- If vault is locked, enter your master password to unlock
Currently, the application does not support command-line arguments. All operations are performed through the GUI.
pip install pyinstaller
pyinstaller --onefile --windowed --name "CryptoTool" crypto_tool.pypip install py2app
python setup.py py2appUse tools like appimage-builder or pyinstaller to create portable executables.
Contributions are welcome! Please follow these steps:
- Fork the repository
- Create a feature branch:
git checkout -b feature/my-feature - Commit your changes:
git commit -am 'Add new feature' - Push to the branch:
git push origin feature/my-feature - Submit a Pull Request
- Follow PEP 8 guidelines
- Use type hints where possible
- Add docstrings to new functions and classes
- Update translations for new UI strings
- Add a new entry to the
TRANSLATIONSdictionary incrypto_tool.py - Copy all keys from the English (
'en') translation - Translate all values to the target language
- The language will be automatically detected based on system locale
- This software is provided as-is for educational and personal use
- Do not use weak algorithms (RC4, XOR) for sensitive data
- Backup your keys - if you lose your master password, keys cannot be recovered
- The application does not transmit any data - all operations are local
- Keys are stored encrypted but physical access to the machine could allow extraction
This project is licensed under the MIT License - see the LICENSE file for details.
- PyQt6 - GUI framework
- cryptography - Cryptographic library
- Python - Programming language
- Initial release
- Support for 9 encryption algorithms
- Secure key storage with master password
- Multi-language support (English, French)
- Base64 and Hexadecimal encoding
- Up to 50 keys per algorithm