{"id":30820893,"url":"https://github.com/redstonemango/mangrypt","last_synced_at":"2026-05-18T02:12:29.248Z","repository":{"id":319237126,"uuid":"1027555706","full_name":"RedStoneMango/Mangrypt","owner":"RedStoneMango","description":"User-friendly encryption application designed to protect sensitive user data.","archived":false,"fork":false,"pushed_at":"2026-03-26T14:30:47.000Z","size":5950,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-27T05:46:16.504Z","etag":null,"topics":["aes-gcm","argon2id","encryption","java","javafx","sensitive-data"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RedStoneMango.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-07-28T07:29:00.000Z","updated_at":"2026-03-26T14:30:59.000Z","dependencies_parsed_at":null,"dependency_job_id":"c75ac160-37ff-4c85-ad68-3898d901203b","html_url":"https://github.com/RedStoneMango/Mangrypt","commit_stats":null,"previous_names":["redstonemango/mangrypt"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/RedStoneMango/Mangrypt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedStoneMango%2FMangrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedStoneMango%2FMangrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedStoneMango%2FMangrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedStoneMango%2FMangrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RedStoneMango","download_url":"https://codeload.github.com/RedStoneMango/Mangrypt/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedStoneMango%2FMangrypt/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33162448,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-17T22:39:12.733Z","status":"online","status_checked_at":"2026-05-18T02:00:06.436Z","response_time":71,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aes-gcm","argon2id","encryption","java","javafx","sensitive-data"],"created_at":"2025-09-06T10:03:44.458Z","updated_at":"2026-05-18T02:12:29.242Z","avatar_url":"https://github.com/RedStoneMango.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Mangrypt\n\n\u003e [!IMPORTANT] \n\u003e **Mangrypt currently is under active development and neither stable nor completed (yet). Features may change and bugs may occur. Use with caution!**\n\n**Mangrypt** is a user-friendly encryption application designed to protect sensitive user data. It supports encryption for text, images, audio, and video, storing data in individually encrypted `.mgvault` files for easy management.\n\n---\n\n## Download \u0026 Installation\n\n_[Coming soon]_\n\n---\n\n## Application UI\n\n\u003e ![IMPORTANT]\n\u003e These images are outdated\n\nThe following references illustrate the application UI's appearance:\n\n| Vault File Overview                       | Accessing a Vault                                |\n|-------------------------------------------|--------------------------------------------------|\n| ![Vault List](uiReferences/VaultList.png) | ![Passphrase Input](uiReferences/VaultLogin.png) |\n\n| Folder Overview                            | Folder content                                      |\n|--------------------------------------------|-----------------------------------------------------|\n| ![Vault List](uiReferences/FolderList.png) | ![Passphrase Input](uiReferences/FolderContent.png) |\n\n| Text-Data View                               | Obscuring Sensitive Data                        |\n|----------------------------------------------|-------------------------------------------------|\n| ![Vault List](uiReferences/TextDataView.png) | ![Passphrase Input](uiReferences/Obscuring.png) |\n\n\u003e UI elements shown may change in future versions and may not exactly match these screenshots.\n\n---\n\n## Encryption Architecture\n\n### How Vault Encryption Works\n\nMangrypt uses a layered and secure encryption model built on modern cryptographic standards to encrypt the `.mgvault` files on your disk:\n\n1. **Master Key Derivation**  \n   Two passwords are securely combined, and concatenated. This combined secret is then used with **Argon2id** to derive a 256-bit master key.\n\n    Mangrypt uses two separate passwords and the Argon2id algorithm (winner of the Password Hashing Competition) to securely derive your master key. Argon2id is widely regarded as one of the safest password hashing algorithms available today.\n\n2. **Per-Encryption Key Derivation**  \n   For each encryption operation, a random per-encryption salt is generated. This salt, together with the master key, is processed through **HKDF** (HMAC-based Key Derivation Function) to create a unique encryption key.\n\n   \u003e Every time you encrypt data, Mangrypt generates a fresh key — even if you're encrypting the same data with the same passwords. This prevents patterns from forming and increases security.\n\n3. **Encryption Algorithm**  \n   AES in GCM mode (128-bit key) is used for authenticated encryption, providing both confidentiality and integrity. Each encryption operation uses a new random IV (12 bytes).\n\n   \u003e AES-128-GCM encrypts your data while ensuring any tampering is detected through an authentication tag that verifies data integrity. AES is a widely used encryption standard, adopted by governments and organizations worldwide for its strong security.\n\n4. **Data Format**  \n   Encrypted data is structured as:  \n   `version (4B) | masterSalt (16B) | perEncryptSalt (16B) | IV (12B) | Ciphertext + Tag`\n\n   \u003e Just a few inevitable pieces of data remain unencrypted: the salts and IV are internal, non-sensitive values required for decryption. The version field enables future compatibility and seamless migration with newer versions of Mangrypt. All actual content is securely encrypted within the ciphertext.\n\n5. **Domain Separation**  \n   A constant domain separator (e.g. `mangrypt-vault-v1`) is included as Additional Authenticated Data (AAD) during encryption.\n\n   \u003e The domain separator helps cryptographic tools recognize Mangrypt data and defend against certain types of protocol confusion or replay attacks.\n   \n\nThis model provides:\n- **Strong forward secrecy**\n- **Unique encryption keys per operation**\n- **No persistent unencrypted secrets**\n- **Resilience against tampering and cryptographic misuse**\n\nSensitive keys and passwords are immediately zeroed (= erased) from memory after use.\n\n---\n\n### In-App Obscuring\n\nMangrypt prioritizes your data privacy even while the application is running. To protect sensitive information from accidental exposure, Mangrypt automatically **locks and obscures your vault** whenever the application window loses focus (for example, if you switch to another program or minimize the app).\n\nWhen this happens, the vault content is hidden behind a secure overlay, and you will need to re-enter the **access password** to unlock it again.\n\n\u003e The **access password** is one of the two passwords used to encrypt your vault and can be set individually for each vault. This design allows you to secure each vault separately, ensuring that only someone with the correct access password can view its contents after the app is locked.\n\nAfter unlocking with the access password, you can seamlessly continue working with your vault exactly where you left off. This obscuring layer temporarily covers the app’s UI but **does not close or unload the vault in the background**, maintaining your session and unsaved changes intact.\n\nThis automatic locking mechanism helps safeguard your sensitive data from prying eyes during moments of inactivity or distraction, giving you peace of mind that your encrypted vault remains secure at all times.\n\n---\n\n\n### Memory Usage\n\nThe **Java Virtual Machine** employs a **Garbage Collector (GC)** that automatically identifies and clears unused objects from memory, automatically erasing possibly sensitive data after their use.\n\nMangrypt follows secure memory handling practices to reduce the risk of memory leaks and unintended data persistence. Passwords are immediately overwritten after use and the use of immutable objects is minimized.\n\nWhile **JavaFX (JFX)** components internally use `String` objects, Mangrypt ensures that any sensitive input from the UI is promptly converted to `char[]` for controlled handling. These UI fields are cleared as soon as they’re no longer needed, minimizing exposure within the application's memory.\n\n---\n\n### Security Notice\n\nWhile Mangrypt is designed with strong encryption practices and careful attention to security, it has **not yet undergone a formal third-party security audit**. This means that, although it is built with nothing but best practices in mind, absolute protection cannot be guaranteed at this stage.\n\n**Help harden Mangrypt. If you're a security expert, your review or audit would be extremely valuable.**\n\nFor information on feedback or contributions, see [here](#-feedback--contributions).\n\n---\n\n## Automated Testing with JUnit\n\n**JUnit 5** is used for comprehensive automated testing of the encryption, decryption and hashing logic. These tests help ensure the **correctness**, **integrity**, and **security** of the cryptographic operations. By simulating various input scenarios — including tampered data, incorrect passwords, edge cases, and concurrency — these tests aim to proactively identify potential **weaknesses or vulnerabilities** in the encryption and decryption processes.\n\nIf you want to run the tests yourself, clone the repository and run them via maven:\n\n```bash\ngit clone https://github.com/RedStoneMango/Mangrypt.git\ncd Mangrypt/\n./mvnw test\n```\n\n---\n\n## Build, Frameworks and Dependencies\n\nMangrypt is written using:\n\n- **JDK:** [`OpenJDK`](https://openjdk.org/) 23\n- **Build Tool:** [`Apache Maven`](https://maven.apache.org/) 3.8.5\n- **UI Framework:** [`JavaFX`](https://openjfx.io) 23\n- **Object Serialisation:** [`Kryo`](https://github.com/EsotericSoftware/kryo) 5.6.2\n- **Cryptographic Algorithms:** [`Bouncy Castle`](https://www.bouncycastle.org/) 1.82 (jdk18on)\n- **Cryptographic Acceleration:** [`Google Conscrypt`](https://conscrypt.org/) 2.5.2\n- **Utility Dependencies:** [`Mango-Utils`](https://github.com/RedStoneMango/Mango-Utils) 2.2.0\n- **WebP Image Processing:** [`WebP-ImageIO`](https://github.com/milad-zanganeh/webp-imageio) 1.2\n- **Automated Unit Tests:** [`JUnit`](https://junit.org/) 5.10.2\n- **Native Packaging:** [`javapackager`](https://github.com/javapackager/JavaPackager) 1.7.6\n\n---\n\n## Benefits\n\nMangrypt offers a robust and secure encryption experience with several technical advantages:\n\n- **Strong Encryption Architecture:** Combines **Argon2id**, **HKDF**, and **AES-GCM** to ensure both confidentiality and authenticity of user data.\n- **Multi-Media Support:** Encrypts text, images, audio, and video files.\n- **Auto-Lock on Focus Loss:** Automatically obscures sensitive content when the app loses focus.\n- **Memory Safety:** Implements secure memory handling and zeroization of sensitive variables after use.\n- **File Management:** Stores vaults in individually encrypted `.mgvault` files, providing easy backup and export capabilities.\n- **Cross-Platform:** Works on Windows, macOS, and Linux.\n- **Automated Testing:** Encryption mechanics are tested using 50+ automated procedures to identify potential weaknesses.\n- **Open Source:** Transparent development with opportunities for community contributions.\n\n---\n\n## Requirements\n\nTo run Mangrypt, ensure your environment meets the following minimum requirements:\n\n| Requirement       | Specification                                |\n|-------------------|----------------------------------------------|\n| Operating System  | Windows, macOS, or Linux                     |\n| Memory            | 4 GB minimum (8 GB recommended)              |\n| Disk Space        | At least 100 MB (more for vault storage)     |\n| Screen Resolution | 1280x720 or higher for optimal UI experience |\n\n---\n\n## License\n\nThis project is licensed under [![GitHub License](https://img.shields.io/github/license/RedStoneMango/Mangrypt)](https://github.com/RedStoneMango/Mangrypt/blob/main/LICENSE).\n\nYou may use the project as long as you follow the terms of that very license.\n\n---\n\n## Feedback \u0026 Contributions\n\nFeedback, suggestions, and contributions are most welcome. To participate, [open an issue](https://github.com/RedStoneMango/Mangrypt/issues) or submit a pull request.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredstonemango%2Fmangrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fredstonemango%2Fmangrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredstonemango%2Fmangrypt/lists"}