Analysis updated 2026-05-18
Store sensitive files on cloud storage like Dropbox or Google Drive without the provider being able to read them.
Encrypt a USB drive or shared media so the contents are unreadable if it is lost or handed to someone else.
Unlock an encrypted vault with a hardware security key or TPM chip instead of only a passphrase.
| penthertz/luksbox | openabdev/openab | gi-dellav/zerostack | |
|---|---|---|---|
| Stars | 502 | 480 | 459 |
| Language | Rust | Rust | Rust |
| Setup difficulty | moderate | moderate | easy |
| Complexity | 3/5 | 3/5 | 2/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Pre-1.0 software without an independent third-party security audit yet, treat vaults as a travelling copy, not your only copy of important data.
LUKSbox is an open source encrypted vault tool that lets you store sensitive files in cloud storage, on USB drives, or other shared media without having to trust whoever controls that storage. The core idea is simple: you create a single encrypted container file, ending in .lbx, on your own machine, and that file gets uploaded to Dropbox, Google Drive, iCloud, or wherever you want. The cloud provider only ever sees a blob of random looking data. They cannot read it, and neither can anyone who later demands access from them. The vault mounts as a real drive on Linux, macOS, and Windows, so once unlocked you drag files in and out like normal. Unlocking requires one of several keyslots: a passphrase, a physical security key such as a YubiKey or Titan Key using the FIDO2 standard, a TPM chip built into a computer, or a hybrid approach that also uses post quantum encryption, ML-KEM-768 or ML-KEM-1024, to protect against future quantum computers that could break today's encryption. The vault header can be stored in a separate file on different storage, making the main container file completely opaque with no identifiable metadata. The project is built in Rust, released under the Apache 2.0 open source license, and is currently in pre 1.0 status. The on-disk format is described as locked, the cryptographic algorithms are established NIST and RFC standards, and the README reports 9 internal audit rounds plus more than 30 million fuzz test iterations, though an independent third party audit has not yet been completed. The README is explicit that a LUKSbox vault should be a travelling copy of data, not the only copy, since a corrupted container or lost keys means the data cannot be recovered.
An open source Rust tool that creates encrypted vault files you can safely store on cloud storage or shared media, unlocked with a passphrase, hardware key, TPM, or post quantum keys.
Mainly Rust. The stack also includes Rust.
Use freely for any purpose, including commercial use, as long as you keep the copyright and license notices.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.