Iro is a modern, secure, and efficient file archiver built with Rust. It is designed as a workspace containing a shared core library, a command-line interface (CLI), and a desktop application.
It protects your sensitive data with state-of-the-art cryptography and obfuscation techniques, making it extremely resistant to brute-force attacks and reverse engineering.
The project is organized as a Rust Cargo workspace with three main members:
The heart of the application. This library contains all the business logic for file processing.
- Compression: Uses
zstdfor high-performance compression. - Encryption: Implements
ChaCha20Poly1305for state-of-the-art security. - Abstraction: Defines the
ProgressCallbacktrait to allow both the CLI and Desktop apps to report progress in their own way.
A lightweight command-line interface for power users and automation.
- Interface: Built with
clapfor robust argument parsing. - Feedback: Uses
indicatiffor beautiful terminal progress bars. - Usage: Perfect for scripts, servers, or quick operations without a GUI.
- Read CLI Documentation
A modern, cross-platform desktop application.
- Backend: Built with Tauri v2, leveraging the
iro-corelibrary for heavy lifting. - Frontend: Built with React 19, TypeScript, and Tailwind CSS v4.
- Features: Drag & Drop, Theme Support, Native Integration.
- Read Desktop Documentation
- Strong Encryption: Uses ChaCha20-Poly1305 (AEAD) for authenticated encryption.
- Secure Key Derivation: Uses Argon2id to derive keys from passwords, preventing GPU/ASIC brute-force attacks.
- Obfuscation:
- String Obfuscation: All sensitive strings in the binary are encrypted at compile time.
- Header Obfuscation:
- Stealth Magic: The file signature is a truncated SHA-256 hash, appearing as random bytes to standard tools.
- Random Padding: Adds variable-length random padding (0-255 bytes) to the header to prevent file size analysis.
- Dynamic Nonce: Each data chunk uses a unique, dynamically calculated nonce.
- Memory Security:
- Zeroize: Passwords and encryption keys are automatically wiped from memory immediately after use or when dropped.
- Compression: Uses Zstd for high-performance compression.
- Usability:
- Progress bars for packing, unpacking, and verifying.
- List contents without unpacking.
- Verify archive integrity without unpacking.
- Adjustable compression levels.
- Stream Processing: Handles large files efficiently with low memory footprint.
- Rust: Latest stable version.
- Node.js: Version 18 or higher (for Desktop).
- Build Tools: VS C++ Build Tools (Windows) or Xcode Command Line Tools (macOS).
To build the entire workspace (Core, CLI, and Desktop backend):
cargo build --releaseTo run the desktop application in development mode:
cd desktop
npm install
npm run tauri devPlease refer to the specific documentation for each component:
- CLI Usage: See CLI README
- Desktop Usage: See Desktop README
# Pack
iro-cli pack ./my_folder -o archive.iro
# Unpack
iro-cli unpack archive.iro -o ./output- Key Derivation: User password + Random 32-byte Salt -> Argon2id (tuned for high memory usage) -> 32-byte Key.
- Header Protection:
- Stealth Magic: The file signature is a truncated SHA-256 hash, appearing as random bytes.
- Random Padding: Variable-length random padding (0-255 bytes) is added to obscure file size.
- Encryption: The data is compressed with Zstd, then split into 1MB chunks. Each chunk is encrypted with ChaCha20-Poly1305 using the derived Key and a unique Nonce (Base Nonce XOR Chunk Index).
- Integrity: Poly1305 tags ensure that any modification to the ciphertext is detected, and decryption is aborted immediately.
- Memory Safety: The
zeroizecrate is used to wipe sensitive data (passwords, keys, buffers) from memory as soon as they are no longer needed.
MIT