SwatCrypt
XChaCha20-Poly1305 file encryption with Argon2id key derivation. Encrypts single or multiple files/folders into a single .swc bundle with optional gzip compression, tamper detection via AEAD, and Explorer context menu integration.
Encrypting files is easy to get subtly wrong, so SwatCrypt picks defaults that close off whole categories of mistake rather than offering a menu of footguns. It wraps one or many files into a single .swc bundle using XChaCha20-Poly1305 — the 192-bit nonce means you can stop worrying about nonce reuse — and derives the key from your passphrase with Argon2id. There’s a GUI for everyday use and a CLI for scripting and inspecting headers, and the application code is compiled with #![forbid(unsafe_code)] so the crypto can’t be broken by a stray unsafe block here.
Security model
Defaults:
- cipher:
XChaCha20-Poly1305 - KDF:
Argon2id - KDF memory: 64 MiB
- KDF iterations: 3
- KDF parallelism: 1
- bundle format: one
.swcfile containing a manifest and tar stream - optional gzip compression, off by default
- symlinks rejected
- tamper detection through AEAD authentication
SwatCrypt does not store passphrases in a keyring. If you lose the passphrase, the data cannot be decrypted.
What it does
- Encrypts a single file.
- Encrypts multiple files into one bundle.
- Encrypts folders while preserving relative paths.
- Decrypts
.swcbundles to an output directory. - Optionally compresses before encryption.
- Can wipe originals after verify-decrypt.
- Shows progress in both GUI and CLI modes.
- Adds Windows Explorer integration from an in-app toggle.
Install
Download the latest release from:
https://github.com/Swatto86/SwatCrypt/releases
Run swatcrypt.exe with no arguments to launch the GUI.
GUI workflow
- Open SwatCrypt.
- Choose files or folders.
- Choose encrypt or decrypt.
- Enter and confirm the passphrase.
- Choose whether to enable compression.
- Choose output path.
- Start the operation and watch progress.
Encryption defaults to <input>.swc for a single input or bundle.swc for multiple selections. Decryption defaults to a <cipher>_dec output directory.
CLI commands
Launch GUI:
swatcrypt
Encrypt:
swatcrypt encrypt path/to/file.txt
Decrypt:
swatcrypt decrypt path/to/file.swc
Show header information without decrypting:
swatcrypt info path/to/file.swc
CLI options
Encrypt options:
| Option | Purpose |
|---|---|
--output <file> | Output .swc path |
--compress | Compress before encryption |
--passphrase <pw> | Provide passphrase non-interactively |
--chunk-size <bytes> | Encryption chunk size |
--force | Overwrite existing output |
--wipe | Wipe originals after successful verify-decrypt |
Decrypt options:
| Option | Purpose |
|---|---|
--output <dir> | Output directory |
--passphrase <pw> | Provide passphrase non-interactively |
--force | Overwrite existing output |
Prefer interactive passphrase entry unless you understand the shell-history and process-list risks of passing secrets on the command line.
Explorer integration
On Windows, open the GUI and use Integration to install or remove per-user context menu entries. This uses HKCU keys and does not require administrator rights.
The context menu adds:
- Decrypt with SwatCrypt for
.swcfiles - Open in SwatCrypt for launching the GUI with selected items pre-filled
Format overview
The .swc file contains a plaintext authenticated header and an encrypted payload. The payload contains a manifest plus a tar stream, optionally gzip-compressed. The header is authenticated as additional data, so tampering is detected during decryption.
Build from source
git clone https://github.com/Swatto86/SwatCrypt.git
cd swatcrypt
cargo build --release
Run GUI:
cargo run
Run CLI:
cargo run -- encrypt path/to/file.txt
Troubleshooting
Decryption fails
Check the passphrase and confirm the file is a complete .swc bundle. Authentication failure can mean wrong passphrase or file corruption/tampering.
Output already exists
Choose a different output path or use --force when you intentionally want to overwrite.
Explorer menu is missing
Open the GUI and use the Integration toggle again. On Windows 11, check the extended context menu.
Links
- GitHub:
https://github.com/Swatto86/SwatCrypt - Releases:
https://github.com/Swatto86/SwatCrypt/releases