Aria - Symmetric file encryption utility for Linux and Windows (64)
version 3.04, 09 July 2026
See CHANGES below
Files in this archive:
1) Linux
aria - main program, user interface
ekit - encryption and hashing engine
2) Windows
aria.exe - main program, user interface
ekit.exe - encryption and hashing engine
sdelete.exe - used on Windows in the absence of a native shred function. I
didn't make sdelete, it is part of the sysinternals package available from MS.
*Note: ekit (Linux) or ekit.exe (Windows) must be either in your path or the
current working directory for Aria to work.
*Note for Windows users: sdelete.exe must be either in your path or the current
working directory for the "shred" function to work, otherwise, a standard
delete will take place.
Usage:
Aria is straightforward, only a couple things of note.
1) Optional ASL, if you type any text in this field, and it could be random
giberish, this will be hashed and added to the tests that must match for a
successful decryption to happen. This field is for further user obfuscation,
and does not need to be remembered.
2) Hash Offset, the user provided password will be mixed with a random salt
and that result will be hashed between 200,000 and 300,000 times. Any number
entered into this field will be added to that. The user must remember the
offset, and will need to enter it in the decyrption dialog. This option is
meant for further user control and obfuscation.
3) Garble Filename, if this box is checked, the resulting encrypted file will
be given a random filename, which is a hash of the computer clock at runtime.
The real name will be stored in the encrypted file metadata, and the file will
decrypt to the original filename.
The frontend, aria and aria.exe, are written using TCL and the TK graphical
toolkit. The hashing and encryption engine, ekit and ekit.exe are written in
Crystal. I didn't write sdelete.exe, it's a freebie that is included in the
sysinternals package of utilities available from Microsoft.
If you enjoy the little scripts that I make, consider sending me a nice photo
of your hometown.
Have fun,
Dana Booth
danabooth@mail.com
CHANGELOG
3.04 - If the file being encrypted is on a Linux filesystem, the file's
attributes will be preserved. Which also makes this meaningless if the file is
then deciphered onto a non-Linux filesystem. There wasn't much point in
preserving Windows attributes.
3.03 - (along with several unpublished updates and not compatible with previous
published versions)
Several changes:
* Hashing and encryption engine is different, now ekit, alkit was becoming too
long with different options
* Switched to SHA256 file hash verification
* Bcrypt level 13 keystream generation has been added to the already robust
hashing routine
* Salt generation is now based on Bcrypt
* Garbage generation for obfuscation of metadata is more effecient
* Probably some other stuff I can't think of right now
1.08.2 - I have been informed of an issue concerning passing the keystream seed
to alkit. Although I cannot re-produce it, I have seen the screen shot. I have
mapped some characters out of the seed that will fix this issue.
1.08.1 - Final change to keystream creation.
1.08 - Revise the keystream creation routine, which is _much_ faster. Alkit has
been revised for this, so it's important to replace alkit with this new version
if you have it on your device already. I've removed the "beta" tag, meaning I
believe that any future versions I well keep compatible.
1.07b - Had to quickly fix a problem deleting temp files.
1.06x - 6 is a bad luck number.
1.05b -
- Automatically detects an encrypted file's method of enryption, the user does
not need to remember or check via menu option anymore.
- alkit(.exe) loads the (Crystal language) openssl module and uses the local
copy of openssl.cnf. Aria (with alkit) will now make available in the pull down
list several legacy providers (ciphers) if openssl.cnf provides for that.
1.04b - Not released, it contained one minor fix concerning protecting original
files
1.03b -
- This release is not compatible with previous releases
- clear CPU cache: After any encryption or decipering routine, Aria now makes
a call to alkit that does one million encryptions of a random string using one
million different encryption keys, the purpose of which is to clear the CPU
cache of any sensitive information. This is a new function in alkit, so the
previous version of alkit cannot be used with this version of Aria.
- Optional ASL string: If this field is left blank, a random string will be
instead of nothing at all. (range of a hash of a random number)
- Help menu: There is now a menu item that'll disply which cipher was used
during encryption of a file, in case it's forgotten.
1.02b - Not released, no notable changes.
1.01b - Added the ability to check the original filename of a "garbled" file.
This is added to the file pull down menu. The user, of course, needs to know
the password used to encrypt the file originally. Does not affect compatibility
with previous versions.
1.0b - Revised the method of calculating the salt, which is a hash of the
system clock, previous versions reversed the initial string, which was
not necessary. This does not affect compatibility with 0.12a. The version is
changed to beta, this script is pretty small and simple, so there's not that
much that can go wrong, so we'll see what happens. Hopefully a few people will
download it and give me some feedback.
0.12a - Aria wasn't cleaning up the temp directory properly, this is fixed.
I've also changed the way it calculates the IV, meaning that this version is
not compatible the previous version.
0.11a - I took a little util I made for myself, and added a pull down menu with
a few additional ciphers.