Lockbox
Tiny Rust CLI that encrypts a file or zipped directory with AES-256-GCM, emails the key + nonce to a recipient, then deletes the file and zeroes the key in memory. Make it so you can't open it again until the recipient hands the key back.
Overview
Lockbox is a small Rust program that puts a file beyond your own reach. It encrypts a file (or zipped directory) with AES-256-GCM, emails the hex-encoded key and nonce to a chosen recipient via the Resend API, then deletes the original and zeroes the key in memory. The onus is on the recipient to give you the means to decrypt it. Originally built to stop the author from ruminating over old letters and files in Obsidian vaults. Generates a random 256-bit key and 96-bit nonce per lock, and AES-256-GCM means any tampering fails decryption. Ships lock/unlock CLI subcommands plus a simple egui GUI via 'lockbox run'; swapping Resend for an SMTP send via the lettre crate is straightforward.
Gallery
Technical Specs
- Timeline
- May 2026
- Stack
- Rust Encryption standards egui Resend