Sigil
Everyone
info
500+
Downloads
Everyone
Learn more
About this app
About this app
Sigil is an open-source, offline zero-trust encryption utility designed to secure your sensitive data against modern threats. Unlike standard tools that rely on a single algorithm, Sigil offers a flexible "Encryption Profiles" system, allowing you to choose between maximum defense-in-depth or standard compatibility.
The application operates entirely offline, performing all cryptographic operations locally on your device with a modern Material 3 interface.
New in v0.4.5: Encryption Profiles
• Sigil Chain (Default): A pre-configured, multi-layer cascade (XChaCha20 + Serpent + Twofish + AES-256) designed for extreme resistance against cryptanalysis.
• Raw Mode: Standard, single-layer encryption (e.g., AES-256-GCM only) for maximum compatibility with external tools and faster processing.
• Custom Profiles: Build your own encryption chain! Select from 18 algorithms, reorder layers, and save your custom configuration for repeated use.
Core Security Features
• Hardware-Backed Vault: Master keys are generated and stored within the Android Trusted Execution Environment (TEE). Your saved encryption passwords never touch the disk in plaintext.
• Zero-Knowledge Auth: Support for PINs and Passwords, hashed using Argon2id. Credentials are never stored in a reversible format.
• Tamper-Proof Design: Sigil uses an Encrypt-then-MAC architecture. Any data corruption or tampering is detected and rejected before decryption is attempted.
• Memory Hygiene: Sensitive data is wiped from RAM immediately after use. A configurable grace period allows for convenient multitasking without compromising security.
Privacy & System Hardening
• Screen Shield: Utilizes FLAG_SECURE to block screenshots and hide content in the "Recent Apps" overview, protecting against shoulder surfing and spyware.
• Clipboard Auto-Wipe: Prevents clipboard managers from retaining your decrypted text.
• Truly Offline: No internet permission requested. No analytics, no telemetry, and no cloud backups. Your data never leaves your device.
Advanced User Toolkit
• Algorithm Registry: Support for 18 ciphers including AES-GCM, XChaCha20-Poly1305, ARIA, Serpent, Twofish, Camellia, and more.
• Secure Keystore: Save and manage your encryption keys securely. Includes an Entropy Meter to gauge password strength.
• App Lock: Biometric unlock verified by the hardware TEE or a custom high-security PIN.
• System Console: View real-time logs of the encryption process, including timing metrics and cryptographic parameters.
• Modern UI: Built with Jetpack Compose, featuring Material You dynamic colors and dark/light themes.
Technical Specifications
• Cryptography Library: Bouncy Castle (v1.83).
• Key Derivation: Argon2id (Memory-hard KDF) + SHA-512 pre-hashing to resist GPU brute-force attacks.
• Supported Algorithms: AES (GCM/CBC), ChaCha20-Poly1305, XChaCha20-Poly1305, ARIA-256-GCM, Serpent, Twofish, Camellia, SM4, CAST-256, RC6, SEED.
• Legacy Support: Blowfish, IDEA, CAST-128, GOST, TEA, XTEA (included for educational purposes).
Open Source Transparency
The complete source code is available for public audit on GitHub:
https://github.com/Animesh-Varma/Sigil
For the complete release catalog and planned features, please visit:
https://github.com/Animesh-Varma/Sigil/releases
For any queries, please contact: sigil@animeshvarma.dev
Sigil is an open-source, offline zero-trust encryption utility designed to secure your sensitive data against modern threats. Unlike standard tools that rely on a single algorithm, Sigil offers a flexible "Encryption Profiles" system, allowing you to choose between maximum defense-in-depth or standard compatibility.
The application operates entirely offline, performing all cryptographic operations locally on your device with a modern Material 3 interface.
New in v0.4.5: Encryption Profiles
• Sigil Chain (Default): A pre-configured, multi-layer cascade (XChaCha20 + Serpent + Twofish + AES-256) designed for extreme resistance against cryptanalysis.
• Raw Mode: Standard, single-layer encryption (e.g., AES-256-GCM only) for maximum compatibility with external tools and faster processing.
• Custom Profiles: Build your own encryption chain! Select from 18 algorithms, reorder layers, and save your custom configuration for repeated use.
Core Security Features
• Hardware-Backed Vault: Master keys are generated and stored within the Android Trusted Execution Environment (TEE). Your saved encryption passwords never touch the disk in plaintext.
• Zero-Knowledge Auth: Support for PINs and Passwords, hashed using Argon2id. Credentials are never stored in a reversible format.
• Tamper-Proof Design: Sigil uses an Encrypt-then-MAC architecture. Any data corruption or tampering is detected and rejected before decryption is attempted.
• Memory Hygiene: Sensitive data is wiped from RAM immediately after use. A configurable grace period allows for convenient multitasking without compromising security.
Privacy & System Hardening
• Screen Shield: Utilizes FLAG_SECURE to block screenshots and hide content in the "Recent Apps" overview, protecting against shoulder surfing and spyware.
• Clipboard Auto-Wipe: Prevents clipboard managers from retaining your decrypted text.
• Truly Offline: No internet permission requested. No analytics, no telemetry, and no cloud backups. Your data never leaves your device.
Advanced User Toolkit
• Algorithm Registry: Support for 18 ciphers including AES-GCM, XChaCha20-Poly1305, ARIA, Serpent, Twofish, Camellia, and more.
• Secure Keystore: Save and manage your encryption keys securely. Includes an Entropy Meter to gauge password strength.
• App Lock: Biometric unlock verified by the hardware TEE or a custom high-security PIN.
• System Console: View real-time logs of the encryption process, including timing metrics and cryptographic parameters.
• Modern UI: Built with Jetpack Compose, featuring Material You dynamic colors and dark/light themes.
Technical Specifications
• Cryptography Library: Bouncy Castle (v1.83).
• Key Derivation: Argon2id (Memory-hard KDF) + SHA-512 pre-hashing to resist GPU brute-force attacks.
• Supported Algorithms: AES (GCM/CBC), ChaCha20-Poly1305, XChaCha20-Poly1305, ARIA-256-GCM, Serpent, Twofish, Camellia, SM4, CAST-256, RC6, SEED.
• Legacy Support: Blowfish, IDEA, CAST-128, GOST, TEA, XTEA (included for educational purposes).
Open Source Transparency
The complete source code is available for public audit on GitHub:
https://github.com/Animesh-Varma/Sigil
For the complete release catalog and planned features, please visit:
https://github.com/Animesh-Varma/Sigil/releases
For any queries, please contact: sigil@animeshvarma.dev
Updated on
Safety starts with understanding how developers collect and share your data. Data privacy and security practices may vary based on your use, region, and age. The developer provided this information and may update it over time.
No data shared with third parties
Learn more about how developers declare sharing
No data collected
Learn more about how developers declare collection
What’s new
v0.4.5 - Encryption Profiles & Password Support
New Features:
- Encryption Profiles: Save, manage, and switch between custom cipher chains and standard configurations.
- Password Support: You can now secure the app with full alphanumeric passwords, removing the PIN-only restriction.
- New Algorithms: Added support for XChaCha20-Poly1305 and ARIA-256-GCM.
- Raw Mode: Added option to bypass Sigil headers for standard compatibility.
For all the changes, visit the release tab in app.
New Features:
- Encryption Profiles: Save, manage, and switch between custom cipher chains and standard configurations.
- Password Support: You can now secure the app with full alphanumeric passwords, removing the PIN-only restriction.
- New Algorithms: Added support for XChaCha20-Poly1305 and ARIA-256-GCM.
- Raw Mode: Added option to bypass Sigil headers for standard compatibility.
For all the changes, visit the release tab in app.
Everyone
Learn moreApp support
About the developer
Pushpa Varma
animesh_varma@protonmail.com
India