I Built a File Encryption App in Rust. Here’s What I Learned About Trust.

Dark Master — Thu, 16 Apr 2026 10:17:55 +0000

I’m 17. I live in Karachi. I have 8GB of RAM and a laptop that throttles if you look at it wrong.

And I just shipped a desktop encryption app in Rust.

Not because someone asked me to. Because I needed it to exist.

Why Rust

I could’ve done this in Python in a weekend. But Python wouldn’t give me what I actually wanted — control. When you’re encrypting someone’s files, you don’t want a garbage collector making decisions behind your back. You don’t want mystery allocations. You want to know exactly what’s in memory and when it leaves.

Rust forces that conversation. The borrow checker is annoying until it saves you from a mistake you didn’t know you were making.

It took longer. It was worth it.

The Stack

AES-256-GCM-SIV for encryption. Argon2id for key derivation. HKDF-SHA512 to stretch the key material. egui for the UI because I didn’t want to ship an Electron app that weighs 200MB to encrypt a text file.

Each of these choices was deliberate. GCM-SIV over plain GCM because nonce reuse is a real-world failure mode, not a theoretical one. Argon2id because it’s memory-hard and scrypt has a worse story on GPUs. HKDF because you should never use a password directly as a key.

Security isn’t one big decision. It’s a hundred small ones.

18 Bugs

The first version had 18 bugs. I’m not hiding that. UTF-8 panics on non-ASCII filenames. The NSIS installer writing to the wrong path. A title bar gap being counted twice in the layout.

Become a Medium member
Most of them were embarrassing in hindsight. None of them were unfixable.

I used AI tooling heavily — Roo Code, Jules — to move through them faster. The AI didn’t replace the thinking. It replaced the typing. I still had to understand every change before it merged.

That distinction matters.

Why This Project, Really

Here’s the honest answer.

I live in a part of the world where privacy is not a default. Where your data going somewhere you didn’t intend is normal. Where you can’t always trust the platform, the app store, or the company behind the software you’re using.

I’m also Muslim. There’s a word in Arabic — amanah — it means a trust. Something given to you that you are responsible for. I think about that a lot when I think about other people’s files, other people’s messages, other people’s data.

If you handle someone’s information, that’s an amanah. Most software treats it like a liability.

I wanted to build something that treats it like what it actually is.

What’s Next

The app is called Neuron-Encrypt. It’s on GitHub. It’s GPL-v3 because I don’t want it locked behind anyone’s business model.

Version 1 works. It encrypts. It installs. It doesn’t phone home.

Version 2 will do more. But I’d rather ship something honest and small than something bloated and impressive-looking.

If you’re a developer who cares about this stuff — not the buzzwords, the actual problem — I’d like to hear from you.

Ubaid ur Rehman is a DAE Electronics student in Karachi building FOSS privacy tools. GitHub: darkmaster0345.

DEV Community: Dark Master

I Built a File Encryption App in Rust. Here’s What I Learned About Trust.