{"id":16209454,"url":"https://github.com/alichtman/deadbolt","last_synced_at":"2026-02-25T03:11:50.845Z","repository":{"id":53269884,"uuid":"200452183","full_name":"alichtman/deadbolt","owner":"alichtman","description":"Dead-simple file encryption for any OS","archived":false,"fork":false,"pushed_at":"2025-02-10T04:31:24.000Z","size":31747,"stargazers_count":356,"open_issues_count":16,"forks_count":15,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-04-08T20:17:58.951Z","etag":null,"topics":["aes-256","cryptography","encryption","encryption-decryption","encryption-tool","linux","macos","windows"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alichtman.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-08-04T05:06:57.000Z","updated_at":"2025-03-19T13:43:17.000Z","dependencies_parsed_at":"2024-01-13T22:53:22.685Z","dependency_job_id":"08d070d8-c485-4528-b6db-c6a7b4a3a956","html_url":"https://github.com/alichtman/deadbolt","commit_stats":{"total_commits":173,"total_committers":5,"mean_commits":34.6,"dds":0.3872832369942196,"last_synced_commit":"98e2d62aa95e263439a1b5a4d011488d9aca1fc7"},"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alichtman%2Fdeadbolt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alichtman%2Fdeadbolt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alichtman%2Fdeadbolt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alichtman%2Fdeadbolt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alichtman","download_url":"https://codeload.github.com/alichtman/deadbolt/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254493378,"owners_count":22080126,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aes-256","cryptography","encryption","encryption-decryption","encryption-tool","linux","macos","windows"],"created_at":"2024-10-10T10:29:42.537Z","updated_at":"2026-02-25T03:11:50.832Z","avatar_url":"https://github.com/alichtman.png","language":"TypeScript","readme":"# deadbolt\n\n\u003cimg src=\"img/deadbolt-header.png\" /\u003e\n\n`deadbolt` simplifies encrypting and decrypting files. All you need is a password. Works on any laptop / desktop that you do.\n\nYou can download `deadbolt` for **macOS**, **Windows**, or **Linux**. Any encrypted file can be shared across these platforms.\n\n## Quickstart\n\n### GUI\n\nDownload the desktop app from the [releases tab](https://github.com/alichtman/deadbolt/releases) or see the [installation section](#building--installing) below for platform-specific instructions.\n\nSelect a file (or folder) to encrypt, enter a password, and … that's it. Decryption is just as easy.\n\n### CLI\n\n`deadbolt` includes a command-line interface for encrypting and decrypting files without the GUI. If you don't provide a password, you'll be prompted to enter it securely.\n\n```bash\n$ git clone https://github.com/alichtman/deadbolt.git \u0026\u0026 cd deadbolt\n$ npm run install:cli\n\n# Encrypt a file or folder\n$ deadbolt encrypt secret.pdf\n\n# Decrypt a file\n$ deadbolt decrypt secret.pdf.deadbolt\n\n# Provide password directly (warning: may be logged in shell history)\n$ deadbolt encrypt secret.pdf --password \"my-secure-password\"\n$ deadbolt decrypt secret.pdf.deadbolt --password \"my-secure-password\"\n```\n\n## Building / Installing\n\nCheck out the [releases tab](https://github.com/alichtman/deadbolt/releases) for pre-built binaries for Mac, Windows, and Linux.\n\n### `macOS`\n\n#### Recommended: Installing with Homebrew\n\nThe recommended way to install `deadbolt` on `macOS` is with [Homebrew](https://brew.sh), which uses [this recipe](https://github.com/Homebrew/homebrew-cask/blob/master/Casks/d/deadbolt.rb):\n\n```bash\n# Install Homebrew\n$ /bin/bash -c \"$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)\"\n\n# Install deadbolt, using homebrew\n$ brew install deadbolt --cask\n```\n\nWhen you open the app, you'll receive a Gatekeeper warning about the app not being verified as malware-free.\n\n\u003cimg src=\"img/not-opened-warning-macos.png\" /\u003e\n\nThis is because the app is not signed/notarized, since I do not have an Apple Developer account. You can bypass this warning by running:\n\n```bash\n$ xattr -c /Applications/Deadbolt.app\n```\n\nOr, go to `System Preferences \u003e Security \u0026 Privacy \u003e General` and click \"Open Anyway\".\n\n\u003cimg src=\"img/security-privacy-apple-settings.png\" /\u003e\n\n#### Using `.dmg` from GitHub Releases\n\nInstall the `deadbolt.dmg` file from [GitHub Releases](https://github.com/alichtman/deadbolt/releases). There are builds for both `x86_64` (Intel) and `arm64` (Apple Silicon -- M1, M2, etc.) CPU architectures.\n\nAfter downloading:\n\n1. Double-click the `.dmg` file to mount it\n2. Drag the `Deadbolt` app to your `Applications` folder\n3. Unquarantine the app by running:\n\n```bash\n$ xattr -c /Applications/Deadbolt.app\n```\n\n### Windows\n\nDownload an `.exe` file, or installer, from [GitHub Releases](https://github.com/alichtman/deadbolt/releases).\n\n### Linux\n\n`AppImage` and `flatpak` packages are available for Linux. `AppImages` can run on all major Linux desktop distributions, and `flatpak` packages are provided as another option. Auto-updates are not supported for Linux currently.\n\n\u003c!-- TODO: Add reference to flathub once I get that published [Flathub](https://flathub.org/apps/details/org.alichtman.deadbolt)--\u003e\n\n#### Building and installing `flatpak` package from source\n\n```bash\n$ git clone https://github.com/alichtman/deadbolt.git \u0026\u0026 cd deadbolt\n\ndeadbolt on main is πŸ“¦ v2.0.0-beta via node v22.11.0 took 0s\n$ npm install\n\ndeadbolt on main is πŸ“¦ v2.0.0-beta via node v22.11.0 took 0s\n$ npm run package:linux-flatpak\n\ndeadbolt on main is πŸ“¦ v2.0.0-beta via node v22.11.0\n$ ls -la release/build/\n...\n.rw-r--r--. alichtman alichtman 75 MB Sat Feb 8 21:42:00 2025 Deadbolt-2.0.0-beta.x86_64.flatpak\n\ndeadbolt on main is πŸ“¦ v2.0.0-beta via node v22.11.0 took 0s\n$ flatpak install --user release/build/Deadbolt-2.0.0-beta.x86_64.flatpak\n\norg.alichtman.deadbolt permissions:\n ipc wayland x11 dri file access [1]\n\n [1] home\n\n\n ID Branch Op Remote Download\n 1. [βœ“] org.alichtman.deadbolt master i deadbolt-origin 0 bytes\n\nInstallation complete.\n\ndeadbolt on main is πŸ“¦ v2.0.0-beta via node v22.11.0 took 7s\n$ flatpak run org.alichtman.deadbolt\n```\n\n#### Arch Linux\n\n`deadbolt` is [packaged as `deadbolt-bin` on `aur`](https://aur.archlinux.org/packages/deadbolt-bin). I do not maintain this package.\n\n```bash\n$ yay -S deadbolt-bin\n```\n\n## How it Works\n\n### Non-Technical Version\n\n`deadbolt` uses proven, secure password hashing and data encryption algorithms to make sure your files stay private.\n\n### Technical Version\n\n`deadbolt` is built on Electron and uses `crypto.js` from the `node.js` standard library as well as the [`@node-rs/argon2` library](https://www.npmjs.com/package/@node-rs/argon2). `AES-256-GCM` is used as an encryption protocol, and `argon2id` is used as a password hashing function. The integrity of all encrypted data is verified with the authentication tag provided by AES-GCM mode.\n\n\u003e NOTE\n\u003e Starting in `deadbolt v2.1.0-alpha`, the password-based key derivation function (PBKDF) changed from `pbkdf2-sha512` to `argon2id`. All newly encrypted files will benefit from the security upgrade.\n\n### Deadbolt File Formats\n\nEncrypted files include a version header (starting with `DEADBOLT_V002` -- if it's missing, it's V1) at the beginning of the file, allowing for cryptographic improvements while maintaining backwards compatibility. \n\n**V002 Format (Current)**\n- **Password Hashing Algorithm**: `argon2id`\n- **Parameters**: [RFC 9106 FIRST recommendation](https://datatracker.ietf.org/doc/rfc9106/) (see Section 7.4: Parameter Choice)\n - Memory cost: 2 GiB (2,097,152 KiB)\n - Time cost: 1 iteration\n - Parallelism: 4 lanes\n- **Salt**: 128-bit (16-byte) randomly generated\n- **Output**: 256-bit (32-byte) key for AES-256-GCM\n\n**V001 Format (Legacy)**\n- **Password Hashing Algorithm**: `PBKDF2-SHA512`\n- **Parameters**:\n - Iterations: 10,000\n - HMAC digest: SHA-512\n- **Salt**: 512-bit (64-byte) randomly generated\n- **Output**: 256-bit (32-byte) key for AES-256-GCM\n- **Version Header**: None (no `DEADBOLT_V` prefix)\n- **Maintained for backwards compatibility** - V001 files can still be decrypted, but users are encouraged to re-encrypt with V002 for improved security\n\n## Security Review\n\nThe cryptography components of `deadbolt` were written by an ex-Facebook Security Engineer ([@alichtman](https://github.com/alichtman) -- me), and have been briefly reviewed by [Vlad Ionescu](https://github.com/vladionescu), an ex-Facebook Red Team / Offensive Security Group tech lead. Their review is:\n\n\u003e \"yeah fuck it, it's fine. You're using very boring methods for everything -- that's the way to do it\"\n\n## FAQ\n\n### Showing Extensions on `macOS`\n\nBy default, `macOS` hides file extensions. To reduce confusion about what type each file is, I recommend configuring `macOS` to show file extensions. You can do that with the following command: `$ defaults write NSGlobalDomain AppleShowAllExtensions -bool true \u0026\u0026 killall Finder`.\n\n### Setting `deadbolt` as Default App for `.deadbolt` Files on macOS\n\nYou can set this app as the default app for `.deadbolt` files, which means you'll be able to double-click on `.deadbolt` files to open them with `deadbolt` for decryption.\n\nYou can set this up the first time you double-click on a `.deadbolt` file, or by right-clicking on a `.deadbolt` file, selecting `Get Info` and changing the default app in the `Open With:` section.\n\nTo do this programmatically, run the following snippet:\n\n```bash\n$ brew install duti\n$ duti -s org.alichtman.deadbolt dyn.ah62d4rv4ge80k2xtrv4a all\n```\n\nThe output of `$ duti -x deadbolt` should then be:\n\n```bash\n$ duti -x deadbolt\nDeadbolt.app\n/Applications/Deadbolt.app\norg.alichtman.deadbolt\n```\n","funding_links":[],"categories":["Install from Source","Encryption","ζš—ε·εŒ–","TypeScript"],"sub_categories":["Encryption","Virtualization","Audio Record and Process","γ‚ͺーディγ‚ͺιŒ²ιŸ³γƒ»ε‡¦η†"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falichtman%2Fdeadbolt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falichtman%2Fdeadbolt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falichtman%2Fdeadbolt/lists"}