V.enc - Transparent File Encryption for VS Code

V.enc is a VS Code extension that provides transparent, on-the-fly encryption and decryption for files ending with the .venc extension. It ensures that your files are safely encrypted at rest on your local disk, but appear as plain text inside your VS Code editor when authorized.

✨ Features

• Transparent Encryption/Decryption: Open any .venc file, enter the password, and edit the plaintext. When you save, V.enc automatically encrypts and signs the file before writing it to the disk.
• Strong Cryptography (AES-256-GCM): Uses industry-standard AES-256-GCM encryption with keys derived using PBKDF2 (100,000 iterations, SHA-256, random salts). Cryptographic integrity is checked on every read.
• Directory-Specific Session Cache: Passwords are saved in-memory and are tied to specific workspace folders or directories. Once VS Code is closed, the passwords are wiped from memory.
• Prompt Deduplication: Opening multiple .venc files at once will only prompt you for the password once per directory.
• Secure Workspace Mode: Reopen your entire workspace under the venc:// scheme to get a native, flicker-free file tree where all .venc files automatically decrypt on click.
• Re-encryption Utility: Quickly change a directory's encryption password and re-encrypt all .venc files in the workspace with a single command.
• Custom Premium Icon: Features a custom-designed dark/light-mode compatible icon for .venc files in the file explorer.

🛠️ Commands

This extension contributes the following commands to the Command Palette:

1. V.enc: Set/Change Password for Directory (v-enc.setPassword):
   • Sets or clears the active session password for the current directory.
2. V.enc: Change Password & Re-encrypt Files (v-enc.changePassword):
   • Updates the password and re-encrypts all .venc files in the workspace.
3. V.enc: Reopen Workspace in Secure Mode (v-enc.openWorkspace):
   • Reopens the current folder as a virtual secure workspace (venc:// scheme).

🔒 Security Envelope & Format

Each encrypted .venc file on disk contains a payload structured as follows:

• 0-3 (4 bytes): Magic Header VENC
• 4-19 (16 bytes): Key derivation salt
• 20-31 (12 bytes): AES-GCM Initialization Vector (IV)
• 32-47 (16 bytes): AES-GCM Authentication Tag
• 48+ (variable): Ciphertext

[!WARNING] Because V.enc does not use a master key recovery mechanism, lost passwords are unrecoverable. Ensure you keep a backup of your passwords.

🚀 Getting Started

1. Open a workspace folder in VS Code.
2. Set a password for the folder by clicking the status bar item 🔒 V.enc: Not Set (or run V.enc: Set/Change Password for Directory in the Command Palette).
3. Create or rename a file to end with .venc (e.g. secrets.venc).
4. Type some secret data and save the file.
5. If you open secrets.venc in an external editor like Notepad, you will see it is fully encrypted. Inside VS Code, it will be automatically decrypted and editable.