https://github.com/alichtman/deadbolt

Dead-simple file encryption for any OS
https://github.com/alichtman/deadbolt

aes-256 cryptography encryption encryption-decryption encryption-tool linux macos windows

Last synced: 2 days ago
JSON representation

Dead-simple file encryption for any OS

• Host: GitHub
• URL: https://github.com/alichtman/deadbolt
• Owner: alichtman
• License: mit
• Created: 2019-08-04T05:06:57.000Z (over 5 years ago)
• Default Branch: main
• Last Pushed: 2025-01-20T05:52:16.000Z (22 days ago)
• Last Synced: 2025-02-02T13:42:45.445Z (9 days ago)
• Topics: aes-256, cryptography, encryption, encryption-decryption, encryption-tool, linux, macos, windows
• Language: TypeScript
• Homepage:
• Size: 30.3 MB
• Stars: 348
• Watchers: 9
• Forks: 15
• Open Issues: 15
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# deadbolt



`deadbolt` simplifies encrypting and decrypting files. All you need is a password.

Select a file (or folder) to encrypt, enter a password, and … that’s it. Decryption is just as easy.

You can download `deadbolt` for **macOS**, **Windows**, or **Linux**. Any encrypted file can be shared across these platforms.

## Building / Installing

Check out the [releases tab](https://github.com/alichtman/deadbolt/releases) for pre-built binaries for Mac, Windows, and Linux.

### `macOS`

If you're running `macOS`, install `deadbolt` from [GitHub Releases](https://github.com/alichtman/deadbolt/releases).

If you have an Mac with an M-series chip, the `arm64` version is recommended. If you're not sure, the `x86_64` version will work on all Macs, but be extremely slow.

You can also install `deadbolt` using `brew`, however, [the recipe](https://github.com/Homebrew/homebrew-cask/blob/master/Casks/d/deadbolt.rb) may not be up-to-date.

```bash

$ brew install --cask deadbolt

```

### Windows

Download an `.exe` file, or installer, from [GitHub Releases](https://github.com/alichtman/deadbolt/releases).

### Linux

`AppImage` and `flatpak` packages are available for Linux. `AppImages` can run on all major Linux desktop distributions, and `flatpak` packages are provided as another option. Auto-updates are not supported for Linux currently.

#### Building and installing `flatpak` package from source

```bash

$ git clone https://github.com/alichtman/deadbolt.git && cd deadbolt

deadbolt on main is 📦 v2.0.0-beta via node v22.11.0 took 0s

$ npm install

deadbolt on main is 📦 v2.0.0-beta via node v22.11.0 took 0s

$ npm run package:linux-flatpak

deadbolt on main is 📦 v2.0.0-beta via node v22.11.0

$ ls -la release/build/

...

.rw-r--r--. alichtman alichtman  75 MB Sat Feb  8 21:42:00 2025 Deadbolt-2.0.0-beta.x86_64.flatpak

deadbolt on main is 📦 v2.0.0-beta via node v22.11.0 took 0s

$ flatpak install --user release/build/Deadbolt-2.0.0-beta.x86_64.flatpak

org.alichtman.deadbolt permissions:

    ipc   wayland   x11   dri   file access [1]

    [1] home

        ID                               Branch           Op           Remote                   Download

 1. [✓] org.alichtman.deadbolt           master           i            deadbolt-origin          0 bytes

Installation complete.

deadbolt on main is 📦 v2.0.0-beta via node v22.11.0 took 7s

$ flatpak run org.alichtman.deadbolt

```

#### Arch

`deadbolt` is [packaged as `deadbolt-bin` on `aur`](https://aur.archlinux.org/packages/deadbolt-bin). I do not maintain this package, so use at your own risk.

```bash

$ yay -S deadbolt-bin

```

## How it Works

### Non-Technical Version

`deadbolt` uses a proven, secure encryption algorithm to make sure your files stay safe.

### Technical Version

`deadbolt` is built on Electron and uses `crypto.js` from the `node.js` standard library. The encryption protocol used is `AES-256-GCM`. This algorithm is part of the NSA's [Commercial National Security Algorithm Suite](https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm) and is approved to protect up to TOP SECRET documents. A 256-bit derived key for the cipher is created using 11,000 iterations of `pbkdf2` with the `SHA-512 HMAC` digest algorithm, a 64-byte randomly generated salt, and a user generated password. The authenticity of the data is verified with the authentication tag provided by using GCM. These parameters were chosen by following the [NIST Guidelines for `pbkdf2`](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf).

## Security Review

The cryptography components of `deadbolt` were written by an ex-Facebook Security Engineer ([@alichtman](https://github.com/alichtman) -- me), and have been briefly reviewed by [Vlad Ionescu](https://github.com/vladionescu), an ex-Facebook tech lead from the Red Team / Offensive Security Group. Their review is:

> "yeah fuck it, it's fine. You're using very boring methods for everything -- that's the way to do it"

## FAQ

### Showing Extensions on `macOS`

By default, `macOS` hides file extensions. To reduce confusion about what type each file is, I recommend configuring `macOS` to show file extensions. You can do that with the following command: `$ defaults write NSGlobalDomain AppleShowAllExtensions -bool true && killall Finder`.

### Setting `deadbolt` as Default App for `.deadbolt` Files on macOS

You can set this app as the default app for `.deadbolt` files, which means you'll be able to double-click on `.deadbolt` files to open them with `deadbolt` for decryption.

You can set this up the first time you double-click on a `.deadbolt` file, or by right-clicking on a `.deadbolt` file, selecting `Get Info` and changing the default app in the `Open With:` section.

To do this programmatically, run the following snippet:

```bash

$ brew install duti

$ duti -s org.alichtman.deadbolt dyn.ah62d4rv4ge80k2xtrv4a all

```

The output of `$ duti -x deadbolt` should then be:

```bash

$ duti -x deadbolt

Deadbolt.app

/Applications/Deadbolt.app

org.alichtman.deadbolt

```