Hardware-authenticated file encryption using physical USB keys.
Aegis is a desktop application that encrypts and decrypts files using AES-256-GCM encryption with the cryptographic key stored exclusively on a physical USB drive. No passwords, no cloud storage - just plug in your USB key and protect your files.
- Physical key authentication: Your encryption key lives only on your USB drive
- AES-256-GCM encryption: Military-grade authenticated encryption
- Simple GUI: Modern interface with dark/light theme support
- Batch processing: Encrypt or decrypt multiple files simultaneously
- Cross-platform: Works on Windows and Linux
- Zero knowledge architecture: Without the USB key, encrypted files are permanently inaccessible
- Python 3.11 or higher
- USB drive (any size)
- Clone the repository
git clone https://github.com/Lif28/Aegis.git
cd Aegis- Install dependencies
pip install -r requirements.txt- Run the application
python3 main.py- Insert a USB drive into your computer
- Click "Generate key" in the application
- A 256-bit encryption key will be created and saved as
key.aegison your USB drive - Keep this USB drive secure - it's your master key
- Insert your USB key (status indicator will turn green)
- Click the file browser area
- Select Encrypt mode
- Click "Process Files"
- Encrypted files will have the
.aegisextension
- Insert your USB key
- Add
.aegisfiles to the list - Select Decrypt mode
- Click "Process Files"
- Original files will be restored
- Delete original files: Removes source files after successful encryption/decryption
- Theme toggle: Switch between dark and light interface themes
- Batch operations: Process multiple files in a single operation
1. Read plaintext file
2. Generate cryptographically secure 16-byte nonce
3. Encrypt using AES-256-GCM with USB key
4. Write: [nonce(16) + ciphertext + tag(16)] to .aegis file
Encrypted files (.aegis) contain:
[Nonce - 16 bytes][Ciphertext - variable][Authentication Tag - 16 bytes]
- Key storage: 256-bit key stored on USB drive as
key.aegis - Algorithm: AES-256 in Galois/Counter Mode (GCM)
- Authentication: Built-in integrity verification prevents tampering
- Nonce: Unique random IV for each encryption operation
- Key isolation: Encryption key never persists on computer disk
Create a standalone executable without requiring Python installation:
pip install pyinstallerpyinstaller --onefile --windowed --name Aegis --icon=logo.ico --add-data "logo.png;." --hidden-import=PIL._tkinter_finder --collect-submodules PIL --collect-all sv_ttk --clean main.pyThe executable will be in dist\Aegis.exe. You can:
- Run it directly from
dist\folder - Move it anywhere you want (Desktop, Documents, etc.)
- Create a shortcut for easy access
sudo apt install make python3-tkmake installThis will:
- Compile the executable with PyInstaller
- Install it to
~/.local/bin/Aegis - Create desktop entry and icon
Aegis/
├── main.py # GUI and application logic
├── crypto.py # Encryption/decryption core
├── logo.png # Application icon
├── logo.ico # Windows icon
├── aegis.desktop # Linux desktop entry
├── Makefile # Linux build/install automation
├── requirements.txt # Python dependencies
└── README.md # Documentation
pycryptodome>=3.23.0
psutil>=5.9.8
sv-ttk>=2.6.1
Pillow>=10.2.0
- Store your USB key in a physically secure location
- Create a backup copy of
key.aegisand store it separately - Test decryption before deleting original files
- Never share your USB key or the
key.aegisfile
Protects against:
- Unauthorized access to encrypted files on compromised systems
- Data breaches where only encrypted files are stolen
- Theft of laptop/computer without USB key
Does not protect against:
- Physical theft of both computer and USB key simultaneously
- Malware that captures files before encryption
- Coerced key disclosure
- Keyloggers
- Loss or destruction of the USB key (results in permanent data loss)
- Loss of USB key = permanent data loss. There is no password reset or recovery mechanism.
- No backdoor exists by design - this ensures your security but means we cannot help recover lost keys.
- Always maintain backups of the
key.aegisfile in secure, separate locations.
- Verify USB drive is inserted and mounted
- On Linux, check
/media/or/mnt/directories - Ensure proper filesystem permissions
- Try removing and reinserting the drive
- Generate a new key using the "Generate key" button
- Verify
key.aegisexists in the USB root directory - Check that you're using the correct USB drive
- Ensure the file hasn't been renamed or moved
- Confirm you're using the correct USB key
- Verify the
.aegisfile isn't corrupted - Ensure the file was encrypted with this specific key
- Check for filesystem errors on storage device
- Cipher: AES-256 (Advanced Encryption Standard, 256-bit key)
- Mode: GCM (Galois/Counter Mode - authenticated encryption)
- Key Length: 256 bits (32 bytes)
- Nonce Length: 128 bits (16 bytes)
- Authentication Tag: 128 bits (16 bytes)
- Library: PyCryptodome
This software is provided "as is" without warranty of any kind. The developer is not responsible for data loss, security breaches, or any damages arising from the use of this software. Users are responsible for:
- Maintaining secure backups of encryption keys
- Protecting physical USB keys from loss or theft
- Testing encryption/decryption before deleting original files
- Understanding the risks of hardware-based key storage
- PyCryptodome for cryptographic primitives
- sv-ttk for modern theme implementation
- psutil for cross-platform USB detection
Aegis comes from Greek mythology - the impenetrable shield of Zeus and Athena that provided divine protection. The name reflects the application's main purpose: providing unbreakable defense for your files through hardware-authenticated encryption. Just as the mythological Aegis was a physical object of protection, this tool uses a physical USB key to safeguard your data.