██████╗ ██╗ ██╗██╗ ██████╗██╗ ██╗ ██████╗██████╗ ██╗ ██╗██████╗ ████████╗
██╔═══██╗██║ ██║██║██╔════╝██║ ██╔╝██╔════╝██╔══██╗╚██╗ ██╔╝██╔══██╗╚══██╔══╝
██║ ██║██║ ██║██║██║ █████╔╝ ██║ ██████╔╝ ╚████╔╝ ██████╔╝ ██║
██║▄▄ ██║██║ ██║██║██║ ██╔═██╗ ██║ ██╔══██╗ ╚██╔╝ ██╔═══╝ ██║
╚██████╔╝╚██████╔╝██║╚██████╗██║ ██╗╚██████╗██║ ██║ ██║ ██║ ██║
╚══▀▀═╝ ╚═════╝ ╚═╝ ╚═════╝╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝
Encrypt. Decrypt. Sign. Verify. — Military-grade offline crypto toolkit.
Sibling to QuickTransform (
qt) — same philosophy, different domain.
QuickCrypt is a fast, offline, military-grade cryptographic toolkit — CLI and GUI — built in pure Rust. No cloud. No complexity. No secrets ever leave your machine.
- CLI (
qc) for scripts, automation, and power users - GUI (
qc-gui) for visual operations with dark/light themes - Cross-platform — Windows, Linux, macOS
- Zero config — no key stores, no daemons, no setup
Developers deal with encryption daily — protecting config files, generating keys, inspecting JWTs, signing data. The tooling is painful:
| Tool | Problem |
|---|---|
openssl |
Hundreds of cryptic subcommands |
gpg |
Complex key management, steep learning curve |
| Online tools | Your secrets leave your machine |
age |
Encryption only — no JWT, HMAC, certs, TOTP |
jwt-cli |
JWT only, not a general crypto toolkit |
QuickCrypt solves all of these. One binary, two letters: qc.
| Category | Operations |
|---|---|
| Encryption | AES-256-GCM, ChaCha20-Poly1305, RSA-OAEP |
| Signatures | Ed25519, RSA-PSS (IND-CCA2) |
| Key Generation | AES-128/256, RSA (2048–8192), Ed25519, passwords, random hex |
| JWT | Decode & verify (HMAC-SHA256) |
| HMAC | SHA-256, SHA-512 with constant-time verification |
| Passwords | bcrypt & Argon2id hashing + verification |
| TOTP | 2FA code generation (SHA-1 & SHA-256) |
| Certificates | X.509 inspection & expiry check |
| Tools | Strength checker, fingerprint, hex encode/decode, secure file wipe |
| Dark Theme — AES-256-GCM Encryption | Light Theme — RSA-4096 Key Generation |
|---|---|
 |
 |
| TOTP SHA-256 — 2FA Codes | Argon2id Password Hashing |
|---|---|
 |
 |
| Help System — 11 Tabbed Sections | Recent Actions Audit Log |
|---|---|
 |
 |
| Encryption & Decryption | Key Generation & HMAC |
|---|---|
 |
 |
# CLI only
cargo install quickcrypt
# CLI + GUI
cargo install quickcrypt --features guiDownload from Releases:
| Platform | CLI | GUI |
|---|---|---|
| Windows | qc.exe (~3 MB) |
qc-gui.exe (~6.6 MB) |
| Linux | qc |
qc-gui |
| macOS | qc |
qc-gui |
git clone https://github.com/Brutus1066/QuickCrypt.git
cd QuickCrypt
# CLI only
cargo build --release
# CLI + GUI
cargo build --release --features gui
# Binaries at target/release/qc(.exe) and target/release/qc-gui(.exe)# Ubuntu/Debian
sudo apt install libgtk-3-dev
# Fedora
sudo dnf install gtk3-devel
# Arch
sudo pacman -S gtk3# Windows
.\scripts\install-windows.ps1
# Linux
./scripts/install-linux.sh
# macOS
./scripts/install-macos.sh# Encrypt a string (AES-256-GCM)
qc encrypt "my secret data" -p "StrongPass!23"
# Decrypt it back
qc decrypt <ciphertext> -p "StrongPass!23"
# ChaCha20-Poly1305
qc encrypt "secret" -p "StrongPass!23" --chacha
# Generate keys
qc keygen aes256 # 256-bit AES key
qc keygen ed25519 -o mykey # Ed25519 key pair
qc keygen password 32 # 32-char secure password
# Sign & verify
qc sign data.txt --privkey mykey.pem
qc verify data.txt --sig data.sig --pubkey mykey.pub.pem
# JWT
qc jwt decode <token>
qc jwt verify <token> -s "secret"
# HMAC
qc hmac sha256 "message" -k "key"
# Password hashing
qc password argon2 "MyPassword123"
qc password verify-argon2 "MyPassword123" "$argon2id$..."
# TOTP 2FA
qc totp "JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP"
# Utilities
qc strength "MyP@ssw0rd"
qc fingerprint mykey.pem
qc wipe sensitive.txtLaunch the GUI:
qc-guiAll commands support --json for machine-readable output, ideal for scripting and automation:
qc encrypt "data" -p "StrongPass!23" --json
# {"action":"encrypt","cipher":"AES-256-GCM","strength":"STRONG","ciphertext":"..."}
qc keygen aes256 --json
# {"action":"keygen","type":"aes256","key":"a1b2c3..."}
qc hmac verify sha256 "msg" -k "key" -m <mac> --json
# {"action":"hmac_verify","algorithm":"sha256","valid":true}
qc strength "MyP@ssw0rd" --json
# {"action":"strength","rating":"STRONG","length":10,...}In
--jsonmode, verification commands return{"valid": true/false}instead of non-zero exit codes.
AES-256-GCM (default) or ChaCha20-Poly1305 with Argon2id key derivation (64 MiB, 3 iterations, 4 lanes).
qc encrypt "secret data" -p "MyPassphrase!1"
qc encrypt "secret data" -p "MyPassphrase!1" --chacha
qc decrypt <ciphertext> -p "MyPassphrase!1" # auto-detects cipher
qc encrypt "secret data" -p "MyPassphrase!1" -o secret.enc
qc decrypt secret.enc -p "MyPassphrase!1"Passphrase policy: Minimum 8 characters, at least 2 of: uppercase, lowercase, digit, special.
RSA-OAEP with SHA-256 (IND-CCA2 secure). Key sizes: 2048–8192 bits.
qc encrypt "secret" --pubkey recipient.pub.pem
qc decrypt <ciphertext> --privkey mykey.pemEd25519 (default, recommended) or RSA-PSS.
# Ed25519
qc sign document.txt --privkey mykey.pem
qc verify document.txt --sig document.sig --pubkey mykey.pub.pem
# RSA-PSS
qc sign data.txt --privkey rsa.pem --key-type rsa
qc verify data.txt --sig data.sig --pubkey rsa.pub.pem --key-type rsaqc keygen aes128 # 128-bit AES key (hex)
qc keygen aes256 # 256-bit AES key (hex)
qc keygen rsa # RSA-2048 key pair
qc keygen rsa 4096 # RSA-4096 key pair
qc keygen rsa -o mykey # Output to mykey.pem + mykey.pub.pem
qc keygen ed25519 # Ed25519 key pair
qc keygen ed25519 -o signing # Output to signing.pem + signing.pub.pem
qc keygen random 64 # 64 random bytes (hex)
qc keygen password # 24-char secure password
qc keygen password 32 # 32-char secure passwordqc jwt decode <token>
qc jwt decode <token> --verbose
qc jwt verify <token> -s "secret"
qc jwt verify <token> -s "secret" --verboseqc hmac sha256 "message" -k "key"
qc hmac sha512 "message" -k "key"
qc hmac verify sha256 "message" -k "key" -m <mac>qc password bcrypt "MyPassword123"
qc password argon2 "MyPassword123"
qc password verify-bcrypt "MyPassword123" "$2b$12$..."
qc password verify-argon2 "MyPassword123" "$argon2id$..."qc totp "JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP"
qc totp "BASE32SECRET" --digits 8 --period 60
qc totp "BASE32SECRET" --algo sha256qc cert inspect server.crt
qc cert expiry server.crt3-pass overwrite (zeros → 0xFF → random) + truncate + delete.
qc wipe sensitive_file.txt # Prompts for confirmation
qc wipe sensitive_file.txt --force # Skip confirmationqc strength "MyP@ssw0rd" # Rate passphrase strength
qc fingerprint mykey.pem # SHA-256 fingerprint| Feature | Implementation |
|---|---|
| Symmetric Cipher | AES-256-GCM (default) or ChaCha20-Poly1305 |
| Key Derivation | Argon2id — 64 MiB memory, 3 iterations, 4 lanes |
| Salt | 256-bit (32 bytes), cryptographically random per operation |
| RSA Padding | OAEP-SHA256 (encrypt) + PSS-SHA256 (sign) — IND-CCA2 secure |
| RSA Signing | PSS with randomized padding (upgraded from PKCS#1 v1.5) |
| RSA Key Size | Enforced 2048–8192 bits, multiples of 1024 |
| HMAC Comparison | Raw-byte constant-time via subtle crate |
| Memory Safety | Private keys in Zeroizing<String>, buffers zeroize()d on drop |
| Passphrase Policy | Minimum 8 chars, 2+ character categories required |
| Password Hashing | bcrypt (cost 4–31) and Argon2id (19 MiB, 2 iterations) |
| TOTP | Short secrets auto-padded to algorithm minimum (128-bit for SHA-256) |
| Secure Deletion | 3-pass overwrite + truncate before removal |
RUSTSEC-2023-0071: The rsa 0.9 crate has a timing side-channel (Marvin Attack) in PKCS#1 v1.5 decryption. QuickCrypt mitigates this by using PSS for signing and OAEP for encryption. Tracking: RustCrypto/RSA#19.
[1 byte: version] [32 bytes: salt] [12 bytes: nonce] [N bytes: ciphertext + auth tag]
| Version | Cipher |
|---|---|
0x01 |
AES-256-GCM |
0x02 |
ChaCha20-Poly1305 |
Base64-encoded when printed to stdout. Decryption auto-detects the cipher from the version byte.
QuickCrypt exposes all crypto operations as a Rust library:
use quickcrypt::crypto::{symmetric, asymmetric, keys, hmac_auth, jwt, password, totp};
// Symmetric encryption (auto-detects cipher on decrypt)
let ct = symmetric::encrypt(b"secret", "StrongPass!23")?;
let pt = symmetric::decrypt(&ct, "StrongPass!23")?;
// ChaCha20-Poly1305
let ct = symmetric::encrypt_chacha(b"secret", "StrongPass!23")?;
// Generic cipher selection
use quickcrypt::crypto::symmetric::CipherKind;
let ct = symmetric::encrypt_with(b"data", "pass", CipherKind::ChaCha20)?;
let pt = symmetric::decrypt_with(&ct, "pass")?;
// RSA
let kp = asymmetric::generate_rsa_keypair(4096)?;
let ct = asymmetric::rsa_encrypt(b"secret", &kp.public_pem)?;
let pt = asymmetric::rsa_decrypt(&ct, &kp.private_pem)?;
// Ed25519 signing
let kp = asymmetric::generate_ed25519_keypair()?;
let sig = asymmetric::ed25519_sign(b"data", &kp.private_pem)?;
let ok = asymmetric::ed25519_verify(b"data", &sig, &kp.public_pem)?;
// HMAC
let mac = hmac_auth::hmac_sign("sha256", b"message", b"key")?;
let ok = hmac_auth::hmac_verify("sha256", b"message", b"key", &mac)?;
// Password hashing
let hash = password::bcrypt_hash("password", 12)?;
let ok = password::bcrypt_verify("password", &hash)?;
let hash = password::argon2_hash("password")?;
// TOTP
use quickcrypt::crypto::totp::TotpAlgorithm;
let (code, remaining) = totp::generate("JBSWY3DPEHPK3PXP", 6, 30, TotpAlgorithm::SHA1)?;
// Key generation
let key = keys::generate_aes_key(256)?;
let pwd = keys::generate_password(24)?;
let fp = keys::fingerprint(b"key data");The GUI provides the same crypto engine with a modern, themed interface:
# Build
cargo build --release --features gui
# Run
./target/release/qc-guiFeatures:
- Dark & Light themes
- 11-section help system with tabbed navigation
- Recent Actions audit log — timestamped record of every operation
- Background threading for RSA keygen & password hashing
- Keyboard shortcuts:
Ctrl+Enter(execute),Ctrl+L(clear) - Copy to clipboard & save to file
- Real-time passphrase strength meter
All pure Rust. No OpenSSL. No system libraries (except platform windowing for GUI).
| Crate | Purpose |
|---|---|
aes-gcm 0.10 |
AES-256-GCM authenticated encryption |
chacha20poly1305 0.10 |
ChaCha20-Poly1305 authenticated encryption |
argon2 0.5 |
Argon2id key derivation & password hashing |
rsa 0.9 |
RSA-OAEP encryption & RSA-PSS signing |
ed25519-dalek 2 |
Ed25519 signing & verification |
jsonwebtoken 9 |
JWT decode & verify |
hmac 0.12 + sha2 0.10 |
HMAC-SHA256/SHA512 |
x509-parser 0.16 |
X.509 certificate inspection |
totp-rs 5 |
TOTP 2FA code generation |
bcrypt 0.15 |
bcrypt password hashing |
zeroize 1 |
Secure memory erasure |
subtle 2 |
Constant-time comparison |
clap 4 |
CLI argument parsing |
eframe 0.29 |
GUI framework (optional) |
91 tests — all passing
75 unit tests across 9 modules
16 integration tests (end-to-end CLI pipeline)
0 failures
cargo test # Run all tests
cargo clippy # Zero warningssrc/
main.rs # CLI entry point (qc)
gui_main.rs # GUI entry point (qc-gui)
lib.rs # Library exports + shared utilities
crypto/
mod.rs # Module declarations
symmetric.rs # AES-256-GCM, ChaCha20-Poly1305, CipherKind
asymmetric.rs # RSA-OAEP, RSA-PSS, Ed25519
keys.rs # Key generation, fingerprint
jwt.rs # JWT decode & verify
hmac_auth.rs # HMAC-SHA256/512
totp.rs # TOTP 2FA (SHA-1, SHA-256)
cert.rs # X.509 certificate inspection
password.rs # bcrypt & Argon2id
secure_wipe.rs # 3-pass file destruction
build.rs # Windows resource embedding (icon)
scripts/ # Platform install scripts
tests/ # Integration tests
assets/ # Screenshots
SHA-256 hashes for v1.0.0 release binaries (Windows x86_64):
ea8fcf2aa385d43a40064739fa805d7931dd864de480e033cca903a7f06d9bbc qc.exe
6fc03b0c9cf0b3c0d20392684482bdc7c826f6828183a08e181187789b5f695d qc-gui.exe
Verify with:
# Windows PowerShell
Get-FileHash qc.exe -Algorithm SHA256
Get-FileHash qc-gui.exe -Algorithm SHA256
# Linux/macOS
sha256sum qc qc-gui| Tool | Domain | Binary | Install |
|---|---|---|---|
| QuickTransform | Encode. Decode. Hash. Generate. | qt |
cargo install quicktransform |
| QuickCrypt | Encrypt. Decrypt. Sign. Verify. | qc |
cargo install quickcrypt |
QuickCrypt uses typed Result<T, String> errors throughout. Every function returns a descriptive error message on failure — no panics in library code.
CLI behaviour:
- Normal mode: errors print to stderr with colored indicators (
✗ Error: ...) and exit code 1 --jsonmode: errors return{"error": "message"}on stdout with exit code 0 (no stderr)- Verification failures in
--jsonmode return{"valid": false}instead of exit code 1
GUI behaviour:
- Errors display inline with red status labels
- All operations (success and failure) are recorded in the Recent Actions audit log
- Background operations (RSA keygen, password hashing) show spinners and report results asynchronously
Common error scenarios:
| Error | Cause | Fix |
|---|---|---|
| "Passphrase too weak" | Under 8 chars or missing categories | Use 8+ chars with mixed uppercase, lowercase, digits, symbols |
| "Invalid base64" | Corrupted ciphertext on decrypt | Ensure the full ciphertext string is passed |
| "Key size must be 2048–8192" | Invalid RSA key size | Use a power‑of‑2 value in range |
| "HMAC verification failed" | Wrong key or tampered message | Check key and message match the original |
| "Invalid TOTP secret" | Non-base32 secret | Ensure the secret uses valid base32 characters |
GUI not starting on Linux? Install GTK3 development libraries and rebuild:
sudo apt install libgtk-3-dev
cargo build --release --features guiCommand not found after install? Add the install directory to your PATH:
export PATH="$PATH:$HOME/.local/bin"Build fails on Windows? Ensure you have the MSVC toolchain installed via Visual Studio Build Tools.
MIT License — see LICENSE for details.
LAZYFROG | kindware.dev | GitHub