AES-256-GCM + Argon2id + ECCFrog522PP (KEM) — single-file, Windows-focused
Ghost build (portable)
Go to the v5.4 release page and download the latest portable ZIP:
➡ https://github.com/victormeloasm/froglock/releases/tag/5.4
Unzip and run the included FrogLock.exe (or similarly named EXE).
- No installer, no admin required.
- Runs in ghost mode: no logs, no registry writes by design.
- All cryptographic state lives in memory and is wiped on a best-effort basis.
⚠️ If SmartScreen or AV warns (common for fresh unsigned tools):
verify the file came from this repo, then click More info → Run anyway.
FROGLock encrypts files using AES-256-GCM with a random 256-bit Data Encryption Key (DEK).
That DEK is then sealed using a mandatory hybrid 2-of-2 scheme:
- Your password, stretched with Argon2id (time-tuned per machine)
- One or more ECCFrog522PP public keys, via KEM (key encapsulation)
To decrypt, both are required: the correct password and a matching FROG private key.
There is no password-only or KEM-only mode.
- Launch the app (the portable EXE from the 5.4 release).
- At the top-right, leave Paranoid Mode enabled (recommended).
- Click Generate FROG Keypair:
- Creates
frog522pp.sk(private) andfrog522pp.pub(public, Base64) in the app folder. - Your public key is copied to the clipboard automatically.
- Creates
- Share your public key (
frog522pp.pub/ clipboard Base64 string) with people who should send you encrypted files. - To add recipients you want to encrypt for:
- Click Recipients…, paste their FROG public keys (Base64, one per line), click Save.
- Choose a file:
- In Paranoid Mode, paste the full path in Manual Path.
- Or temporarily disable Paranoid Mode and use Browse.
- Enter a strong password (or click Generate Password to create one).
- Click Encrypt.
- In Paranoid Mode, the output name is randomized
(e.g.file_5f3c9b12.aescin the same folder). - In Standard Mode, the default output pattern is
<file>.aesc. - The clipboard is cleared on encrypt (best-effort).
- In Paranoid Mode, the output name is randomized
- Send the resulting
.aescfile to your recipient — they’ll need:- Their FROG private key, and
- The correct password.
- On exit, the
frog522pp.skfile in the app folder is secure-wiped (best-effort).
Keep an external backup of your private key somewhere safe.
- Title + Version + Mode
- Shows current version and whether you’re in Standard or Paranoid Mode.
- Paranoid Mode (checkbox or F9)
- Disables the file dialog Browse button (fewer shell/MRU traces).
- Encourages Manual Path usage.
- Uses randomized output names for encrypted files.
- Makes it easier to remove plaintext originals after successful encryption.
- File (dialog)
Standard file picker (disabled in Paranoid Mode). - Manual Path
Enter a full path like:
C:\Users\you\Desktop\secret.pdf - Password (hybrid)
The passphrase fed to Argon2id to derive a KEK.- Show toggles masking on/off.
- Generate Password creates a long, high-entropy password.
- Copy Password copies it to the clipboard (which is cleared on encrypt).
- Keep original after encrypt
- If unchecked, the app will try to delete the plaintext file after a successful encryption (best-effort — the OS and filesystem still have the last word).
- Recipients…
Manage the set of FROG public keys you encrypt to:- Paste Base64 ECCFrog522PP keys (compressed) — one per line.
- At least one valid recipient is required to encrypt.
- Generate FROG Keypair
- Generates a fresh FROG keypair:
frog522pp.sk(binary private key, 66 bytes)frog522pp.pub(Base64, 1-line public key)
- Public key is automatically copied to clipboard for sharing.
- Generates a fresh FROG keypair:
- Upload FROG .sk…
- Import an existing private key (for decrypt).
- Copy Public Key
- Copies your public key (
frog522pp.pub, Base64 canonical) to the clipboard.
- Copies your public key (
- Open Keys Folder
- Opens the app directory (where keys live and where
.skis secure-wiped on exit).
- Opens the app directory (where keys live and where
🔑 Important:
frog522pp.skis wiped from the app folder on exit.
Keep a separate secure backup if you care about long-term access to encrypted data.
- Encrypt / Decrypt
- Main operations for
.aescfiles.
- Main operations for
- Clear All
- Resets entries and clears transient UI state.
- Status text + Progress bar
- Shows what’s happening and percentage done (per file).
-
Inputs required
- Valid file path.
- Non-empty password.
- At least one valid FROG recipient public key (Base64).
-
Process
- Generate a random DEK (32 bytes).
- Use Argon2id (time-autotuned) to derive a password KEK using:
- salt, time (
t), memory (m), and parallelism (p) stored in the header.
- salt, time (
- For each recipient public key:
- Run ECCFrog522PP KEM → recipient-specific kem-KEK.
- For each recipient:
- Compute final KEK:
KEK_final = BLAKE2b(pass_KEK || kem_KEK || header_stub) - Encrypt the DEK with AES-GCM using
KEK_finaland attach it as a hybrid wrap entry.
- Compute final KEK:
- Encrypt the file data using AES-256-GCM:
- Single DEK, random nonce (96-bit), per file.
- Optional random padding applied before final tag.
- Write:
- Header with Argon2 params + hybrid wraps.
- Ciphertext.
- GCM tag.
-
Outputs
- A single
.aescfile containing:- Compact JSON header.
- Ciphertext.
- Authentication tag.
- A single
Sensitive values (DEK, pass_KEK, kem_KEK) are zeroized from memory where possible.
-
Inputs required
.aescfile.- Correct password.
- Matching FROG private key (
frog522pp.sk) available to the app.
-
Process
- Read header and parse:
- Magic/versions.
- Argon2 parameters (
t,m,p,salt). - Hybrid wraps.
wrap_orderandalg_suiteare strictly verified:wrap_ordermust be"kem_then_pass".alg_suitemust be"FROG-522PP|AES-256-GCM|Argon2id".
- Re-derive password KEK via Argon2id.
- For each hybrid wrap:
- Use your FROG private key to try to recover kem-KEK.
- Rebuild
KEK_finaland try to decrypt the DEK. - Stop at the first successful unwrap.
- Decrypt file content with AES-GCM using the unwrapped DEK.
- Remove padding and write plaintext to the output file.
- Read header and parse:
-
Outputs
- The original file content (usually original name or
filename.decif needed). - If no wrap matches:
"Hybrid unlock failed (password or FROG key mismatch)."
- The original file content (usually original name or
An AttemptTracker limits repeated failures for the same file over a time window to slow brute force.
Paranoid Mode is meant for users who care about minimizing traces:
- File dialog disabled — you must paste paths manually.
- Randomized encrypted filenames — harder to correlate by name alone.
- Pairs naturally with:
- Unchecking “Keep original after encrypt”.
- Using strong, unique passwords per file.
- Storing private keys outside the working directory when not in use.
frog522pp.pub— public key- Base64 canonical, single line.
- Safe to share.
frog522pp.sk— private key- 66-byte binary.
- Never share this.
- Stored in the app directory while running.
- ACL-locked where supported (owner-only).
- Secure-wiped on exit (multi-pass overwrite + delete, best-effort).
🔁 Make your own offline backup of
frog522pp.sk.
If you lose it, you will not be able to decrypt hybrid-encrypted files.
- Adaptive chunk size
- From ~64 KiB up to 4 MiB depending on file size and available RAM.
- Optional memory-mapped I/O for huge files
- Enable with:
set FROG_MMAP=1 - Optional thresholds:
set FROG_MMAP_MIN_MB=1024 # default 1024 (1 GiB) set FROG_MMAP_MAX_MB=4096 # default 4096 (4 GiB)
- Enable with:
- Optional strict anti-debug
- By default the app will not kill itself if a debugger is attached.
- To enable strict anti-debug behavior:
With this set, detection of a debugger causes immediate exit.
set FROGLOCK_STRICT_ANTIDEBUG=1
- Attempt limiting
- Per-file rate limit: too many failed decrypt attempts in a short window will trigger:
"Too many attempts. Wait a bit."
- Per-file rate limit: too many failed decrypt attempts in a short window will trigger:
Requirements
- Python 3.12+ recommended.
- Git and
pip.
git clone https://github.com/victormeloasm/froglock.git
cd froglock
pip install -r requirements.txt
# Optional speedups:
pip install numpy gmpy2 pywin32
python FrogLock.pyExample one-liner (PowerShell/CMD):
pyinstaller --noconfirm --onefile --clean --noupx --noconsole ^
--name FrogLock ^
FrogLock.pyYou can add --exclude-module numpy --exclude-module gmpy2 to trim size if needed.
-
Confidentiality & integrity
- AES-256-GCM with 96-bit nonce and 128-bit tag.
-
Hybrid secrecy
-
DEK can only be unwrapped with:
- Correct password (Argon2id, autotuned by time), and
- A valid FROG private key matching one of the recipients.
-
-
No telemetry
- No network calls, no phone-home, no analytics.
-
Memory hygiene
- Uses
VirtualLock,VirtualUnlock, andRtlSecureZeroMemorywhere available. - DEK and KEKs are stored in
bytearrays and wiped after use.
- Uses
-
Disk hygiene
- Key files and temporary outputs created with restrictive permissions.
frog522pp.sksecure-wiped from the app folder on exit (best-effort).
-
Header design
- JSON-based, compact.
- Includes Argon2 parameters and hybrid wraps.
- Avoids leaking plaintext paths or user-identifying metadata.
-
“Invalid path.” Path is malformed or contains disallowed segments (
..). Paste a clean absolute path. -
“Hybrid is mandatory: add at least one FROG recipient.” You tried to encrypt without any valid FROG public keys in the Recipients list.
-
“Missing FROG secret key (.sk).” For decryption, the private key must be loaded (
frog522pp.skin the app folder or imported via Upload FROG .sk…). -
“Hybrid unlock failed (password or FROG key mismatch).” Either:
- The password is wrong, or
- The private key does not match any wrap in the file header.
-
“Too many attempts. Wait a bit.” The per-file rate limit has been reached. Wait a few minutes before trying again.
-
SmartScreen / AV warning Common with new unsigned EXEs. Confirm the hash/source, then use More info → Run anyway.
-
“No valid FROG recipients. Check the public keys.” One or more pasted public keys were invalid or malformed. Ensure they are canonical Base64 FROG pubkeys.
- AES-GCM usually runs near disk speed on SSD/NVMe.
- Multiple recipients are handled with parallel KEM wraps.
gmpy2(optional) speeds up ECC math;numpy(optional) speeds up large buffer XOR.- Argon2id parameters are autotuned by time (~0.5s) rather than using a fixed profile, adapting to different hardware.
Key security changes compared to v5.3:
-
Unbiased FROG key generation
frog_privkey_generate()now uses rejection sampling to generate keys uniformly in[1, n-1]instead of relying onk % n.
-
Time-based Argon2id autotune
- Argon2id calibration is now based on real execution time (target ~500 ms),
choosing
{t, m, p}according to the machine’s capabilities.
- Argon2id calibration is now based on real execution time (target ~500 ms),
choosing
-
Stricter hybrid metadata
-
pass_params_make()explicitly sets:wrap_order = "kem_then_pass"alg_suite = "FROG-522PP|AES-256-GCM|Argon2id"
-
-
Strict validation on decrypt
decrypt_stream()refuses headers whosewrap_orderoralg_suitedo not match the expected values.
-
Improved key zeroization
- Both the DEK and the password-derived KEK (
kek_pass) are now explicitly locked and wiped after use.
- Both the DEK and the password-derived KEK (
-
Configurable anti-debug
- Anti-debug behavior is now controlled by the
FROGLOCK_STRICT_ANTIDEBUGenvironment variable instead of always killing the process when a debugger is detected.
- Anti-debug behavior is now controlled by the
-
UI
- Window size adjusted for a more compact look (no overly stretched layout).
- All existing GUI features preserved (Recipients manager, keypair generation, Paranoid Mode, etc.).
Q: Can I decrypt with just the password? No. Hybrid is mandatory: you need both the correct password and a matching FROG private key.
Q: Where should I store my private key?
Keep frog522pp.sk in the app folder only while using FrogLock and maintain a separate encrypted backup offline.
Q: What happens if I lose my .sk file?
You will not be able to decrypt hybrid-encrypted files. There is no backdoor or recovery mechanism.
Q: Does FROGLock remove all traces from the system? It avoids logs, registry writes, and trims clipboard and temp usage, especially in Paranoid Mode. However, OS-level traces (recent files, AV caches, pagefile, etc.) are outside the app’s control.
FROGLock is released under the MIT License — see LICENSE.
This software is provided “as is”, without warranty of any kind. Use it responsibly. You are solely responsible for backups, key management, and secure usage.