Version: 1.03
Author: Joshua M Clatney aka (Clats97)- Ethical Pentesting Enthusiast
Overview NOTE: ClatsGuard "classic" has been deprecated in favor of ClatsGuard Heavy, which is far more sophisticated. ClatsGuard File Encrypter, a Python-based GUI application for securely encrypting and decrypting files, uses ChaCha20-Poly1305, then AES-GCM-SIV with 256 bit keys for strong authenticated encryption, and Argon2id with a high memory cost for key derivation from a user-provided passphrase.
Key Features
- ChaCha20-Poly1305 & AES-GCM-SIV: Ensures data confidentiality and integrity with dual authenticated encryption.
- Argon2id Key Derivation: Strengthens passphrase-based keys with salt and high memory cost with multiple iterations.
- Hex Key Support: Allows use of raw 256-bit hex keys if you already have them.
- Hex Key Generation: Generates secure 256-bit keys if neccessary.
- GUI with Tkinter: User-friendly interface for easy file selection and encryption/decryption.
- Supported File Types:
.txt,.docx,.pdf,.xls,.pptx,.rtf, and more (see code for full list).
Requirements
- Python 3.6+ (Tested with Python 3.12.1)
- cryptography library (
pip install cryptography) - tkinter (usually included with most Python installations on Windows/macOS; on Linux, install via your package manager)
Installation
- Clone or download this repository.
- Install the required Python libraries: pip install cryptography
Key Management
• Passphrase-Derived Keys: You can generate a key from any passphrase. It is recommended to use a strong passphrase for better security.
• Hex Keys: If you already have a 256-bit hex key, you can directly paste it into the key field.
Encryption Workflow
- Click Browse to select the file.
- Optionally enter a passphrase in the "Seed Value" field and click Derive Key to generate a new key. or Paste an existing 256-bit hex key into the "Enter Key" field.
- Click Encrypt File.
- The tool generates an .enc file which contains the encrypted data, and if applicable, the salt header.
Decryption Workflow
- Click Browse to select the .enc file.
- Enter the passphrase used to generate the key.
- Click Decrypt File.
- The tool creates a new file with the original content.
Advanced Configuration
• Memory cost: Argon2id parameters are 2GiB of memory cost, 10 iterations, and 10 lanes. For specialized requirements, modify this value in the code. Higher memory & iterations add more security, but slow down the key derivation process.
• Allowed File Extensions: Expand or reduce the set of allowed file types by editing the ALLOWED_EXTENSIONS set in the source code.
Troubleshooting
• Invalid Key Error: Ensure you are using the correct passphrase or hex key. The tool expects a 64-character hex string for a direct key, corresponding to 256-bits.
• Missing cryptography: Run pip install cryptography. On some systems, you might need to install additional dev libraries or upgrade pip/setuptools.
Author
Joshua M Clatney (Clats97)
Ethical Pentesting Enthusiast
Copyright 2025 Joshua M Clatney (Clats97)
DISCLAIMER: This project comes with no warranty, express or implied. The author is not responsible for abuse, misuse, or vulnerabilities. Please use responsibly and ethically in accordance with relevant laws, regulations, legislation and best practices.