Scroll Down

How It Works. Simply Put.

You don't need a PhD in cryptography to be safe.

inventory_2

1. The Digital Safe

Imagine your files are placed in a titanium safe that's scrambled with military-grade encryption. This is what USB-Vault does for your data.

key

2. The Physical Key

A physical USB drive is the primary key. You can also enable an optional password layer so unlocking requires both hardware verification and your chosen passphrase.

verified

3. The Digital Seal

A digital "wax seal" is placed on your safe. If even one byte is altered, the seal breaks, and the safe refuses to open, protecting you from tampering.

smart_toy

4. Simple GUI

No command-line wizardry required. A clean, simple graphical interface means powerful security is just a few clicks away for everyone.

The Risks. Read Carefully.

Our security is absolute. So is the responsibility.

key_off

Lost Key = Lost Data

Your USB key is always required. If you lose it and do not have a backup authorized key, your data cannot be decrypted. If you enable an optional password and forget it, there is no recovery backdoor.

delete_forever

Deletion is Permanent

If you or anyone else deletes the encrypted `.vault` file, it's the same as shredding a physical document. It cannot be recovered.

save

Backups are Your Job

We don't use cloud storage. You are responsible for your own backups. Keep a copy of the `.vault` file on a separate, secure drive.

memory

Hardware Can Fail

USB drives can fail. We strongly recommend using high-quality, reliable drives and having a backup key for critical data.

For Everyone

verified_user

Why use it?

Existing cloud storage is a target. Traditional passwords are weak. By linking encryption to physical USB hardware, you ensure that even if your laptop is stolen, the files cannot be opened without the physical key.

Terminal - usb-vault
Specs - USB-Vault 
{
  "algorithm": "AES-256-GCM",
  "kdf": {
    "type": "Argon2id",
    "salt": "16-byte random",
    "secret": "Hardware Fingerprint + Password"
  },
  "encryption": {
    "chunk_size": "64KB",
    "nonce": "8-byte file_nonce + 4-byte counter",
    "aad": "salt + nonce + 1-byte final chunk flag"
  },
  "security": {
    "key_clearance": "Securely zeroed in memory",
    "write_strategy": "Atomic file replace"
  }
}

For Developers

enhanced_encryption

AES-256-GCM Hardware Lock & Chunking

We bind the hardware fingerprint to a secure secret. Data is processed in 64KB chunks with unique nonces and AAD, ensuring mathematical integrity.

memory

Argon2id & Key Clearance

Derives a 32-byte key using Argon2id. Once encryption is done, the symmetric key is securely zeroed out in memory to prevent leakage.

terminal

Python Core Architecture

Chosen for ease of use and easier tinkering for beginners in the cybersecurity world, allowing you to inspect and verify the code yourself.