HN Showcase
Back to browse
GitHub Repository

Simple, flexible file-by-file encryption for secure storage.

4 starsJava

LockFS

by 0xGhostInAJar·Feb 18, 2026·3 points·4 comments
Visit ProjectView on HN

AI Analysis

MidNiche GemShip It
The Take

The idea is pleasantly pragmatic: encrypt each file independently so you never have to rewrite a giant container when adding or moving data — that genuinely simplifies backups across mixed storage. The repo feels like an MVP: a runnable jar and clear UX goals, but it omits crucial cryptography details (cipher choices, key derivation, filename/metadata leakage, threat model) and usage examples, so it’s useful in concept but needs more security documentation and benchmarks before I’d trust it with sensitive data.

Category
Security
Target Audience

Privacy-focused power users, sysadmins, and anyone who manages encrypted backups across heterogeneous storage (USB drives, cloud, NAS).

Post Description

LockFS is a small open-source Java tool that encrypts files individually instead of bundling everything into a single container.

Many vault systems rely on large encrypted blobs or container files. They can become complex to handle as they grow and complicate backups across mixed storage sizes.

LockFS takes a file-level approach: - Each file is encrypted independently - No monolithic container growth - Files can be added, moved, or removed without rewriting a large archive

Contributions and feedback are welcome.

Similar Projects

SecurityMid

LockFS is a flexible file-by-file encryption for secure storage

Encrypts files one-by-one from a single runnable JAR, which is nice for cross-platform use and managing many small vaults without re-archiving. The README clearly explains usage, but there’s no visible discussion of algorithms, key management, integrity guarantees, or threat model — that omission keeps this from standing out in a space already served by mature tools like age/gocryptfs.

Ship ItNiche Gem
0xGhostInAJar
104mo ago
Security●●Solid

LockFS Is Now Stable

Per-file encryption beats vault bundling for expandable encrypted storage.

Niche GemCozy
0xGhostInAJar
113mo ago
Security●●Solid

Secure Storage – An offline encrypted vault for iOS

Tidy, privacy-first vault that keeps everything on-device and uses Argon2id + AES-256 with per-field encryption — not just marketing buzz: the copy lists concrete choices like 64 MB memory hardness and biometric key storage in the secure enclave. Features such as camera card scanning, per-vault isolation, and on-demand file decryption are useful for single-device users, but the offline-only stance also limits appeal compared with cross-device managers like 1Password or Bitwarden.

Niche GemSlick
sbis04
114mo ago
Productivity●●Solid

Raft – Open-source tab manager because extensions have trust issues

This is built around a clear trust promise: every core feature is local-first, the repo includes tests proving no network calls in save/restore paths, and cloud sync is an opt-in, client-side AES-256-GCM + PBKDF2 scheme using Drive app-data. It doesn't reinvent session managers, but the combination of audited/no-telemetry UX, group-preserving session captures, and a one-time E2EE sync purchase is a tidy, user-friendly take that privacy-minded people will actually install.

Niche GemSlickSolve My Problem
kjraym
203mo ago
Security●●Solid

A System Level DNS Toggling App I Built

Makes flipping the system Private DNS on Android painless — includes a quick‑settings tile, an installable APK on GitHub Releases, and clear notes about the WRITE_SECURE_SETTINGS step so users know when ADB/root is required. It’s a pragmatic, single-purpose tool, but it’s held back by permission friction and lacks nicer features like per-app profiles, DNS validation or DoH support that would push it beyond a handy utility.

Niche GemShip It
arkaputatunda
104mo ago