Sigil — Open Source Password Manager App

Sigil is an open-source, advanced encryption utility built for defense-in-depth and memory safety. Unlike standard tools that rely on a single algorithm, Sigil employs a multi-layered, configurable architecture to ensure your data remains secure against sophisticated cryptanalysis.

The application operates entirely offline, performing all cryptographic operations locally on your device with a modern Material 3 interface that balances high-level security with usability.

Core Security Features

• Encryption Profiles: Customize your security posture. Switch between "Standard AES-GCM" (Raw mode) for compatibility with external tools, or the "Sigil Chain" for maximum defense.
• Multi-Layer Cascade: The default Sigil Chain wraps your data in a hybrid cascade of XChaCha20-Poly1305 + Serpent-CBC + Twofish-CBC + AES-256-GCM. This defense-in-depth approach ensures that even if one algorithm is compromised, your data remains protected by independent layers.
• Zero-Knowledge Auth: Secure the app with a numeric PIN or a strong alphanumeric Password. Credentials are hashed using Salted Argon2id and never stored in a reversible format.
• Hardware-Backed Vault: When supported by the device, master keys are generated and stored in the Android Keystore (or StrongBox). Saved encryption passwords never touch the disk in plaintext.
• Memory Hygiene: Sensitive data buffers are zeroed where possible after use to reduce exposure to memory dumps.

Privacy & System Hardening

• Screen Security: Prevents screenshots and hides app content in the "Recent Apps" overview using FLAG_SECURE, protecting against visual snooping and malicious screen recorders.
• Clipboard Protection: Automatic wipe timers and Android 13+ sensitive content flags prevent clipboard managers from retaining your decrypted data.
• Offline-Only: Sigil does not request the INTERNET permission. It tracks no analytics, collects no telemetry, and stores no data on external servers.

Advanced User Toolkit

• Secure Keystore: Save, view, and manage encryption keys using the hardware-backed vault.
• Custom Encryption Control: Full manual control over encryption chains. Build your own cascade from 18 algorithms, reorder layers, and toggle ZLib compression.
• System Console: Real-time logging of the encryption process, providing precise timing metrics and error diagnostics.
• Advanced Theming: Material You Dynamic Colors, Dark/Light modes, and a custom HSV color engine.

Technical Specifications

• Key Derivation: Argon2id (Configurable up to 256MB RAM) + SHA-512 pre-hashing.
• Supported Algorithms: AES-256-GCM, AES-256-CBC, ChaCha20-Poly1305, XChaCha20-Poly1305, ARIA-256-GCM, Twofish, Serpent, Camellia, CAST6, RC6, SM4, GOST, SEED, Blowfish, IDEA, CAST5, TEA, and XTEA.

Open-Source Transparency

The complete source code is available for public audit on GitHub: https://github.com/Animesh-Varma/Sigil

For the complete release roadmap and planned features, please visit: https://github.com/Animesh-Varma/Sigil/releases

For any queries, please contact: sigil@animeshvarma.dev