Unicode Password Generator & File Protector

UNIGEN

Cross-platform Python 3 desktop app for generating cryptographically strong, high-entropy Unicode passwords and protecting sensitive files with authenticated AES-256-GCM encryption.

Python 3 Tkinter GUI 400+ Unicode Chars AES-256-GCM PBKDF2 600K Secure Shred Clipboard Exclusion
Overview

UNIGEN is a single-file Python 3 desktop application that combines a high-entropy Unicode password generator with a file encryption/decryption toolkit. No install step beyond pip install cryptography — runs identically on Windows, Linux, and macOS.

Everything happens in two tabs: Password Generator for creating up to 10,000 cryptographically secure passwords from a 400+ character Unicode pool, and File Protector for AES-256-GCM authenticated encryption with PBKDF2-HMAC-SHA256 key derivation at 600,000 iterations. Includes platform-native clipboard exclusion, auto-clear timers, and multi-pass secure file shredding with no external tool dependencies.

Password Generator
400+ Unicode character pool
Seven distinct sets: Latin Standard & Extended, Cyrillic, CJK & Kana, Greek, Math/Symbols & Currency, Dingbats & Misc — plus a live "Source Code" set built from every unique character in the script itself.
1–10k
Batch generation
Generate 1 to 10,000 passwords at once, 8–128 characters each. Uses Python's secrets module for cryptographically secure random selection.
📊
Live entropy feedback
Pool size, Shannon entropy (bits), and strength rating update in real time as you toggle character sets and adjust length.
🔐
Encrypt & Shred
Save your password list, encrypt it with a passphrase, verify the round-trip, then securely shred the plaintext — all in one click.
📋
Clipboard security
Platform-native clipboard exclusion prevents password-history tools from capturing copied passwords. Auto-clear timer with 5–300s delay.
File Protector
🔒
AES-256-GCM authenticated encryption
Confidentiality + integrity via the cryptography library's AEAD primitive. Tampered ciphertext fails decryption rather than returning corrupted data.
🔑
PBKDF2-HMAC-SHA256 @ 600K iterations
Unique 16-byte salt and 12-byte nonce per file. Same passphrase never produces the same key twice. Output is portable Base64-encoded .enc.
🧹
Pure Python secure shredding
3 random-data passes + 1 zero pass, fsync'd between each, followed by deletion. No dependency on Unix shred binary. Reports secure vs fallback status.
📁
General file encryption
Encrypt or decrypt any file — not just password lists. Optional "verify then shred" checkbox for one-click secure archival.
🌗
Dark / Light theme
Instant theme toggle in the header. Full UI re-theming including scrollbars and progress bars.
Clipboard Security Matrix

UNIGEN implements platform-native clipboard exclusion to prevent passwords from being stored by clipboard-history tools. Coverage degrades gracefully where native APIs are unavailable.

PlatformMechanismCoverage
WindowsRegisters ExcludeClipboardContentFromMonitorProcessing, CanIncludeInClipboardHistory, and CanUploadToCloudClipboard via Win32 API (ctypes)Windows Clipboard History, Cloud Clipboard, and managers following the 1Password/Bitwarden/KeePass convention
macOSTags pasteboard with org.nspasteboard.ConcealedType, org.nspasteboard.TransientType, and org.nspasteboard.AutoGeneratedType via JXA/osascriptPaste, Maccy, Copied, Flycut, and other nspasteboard.org-compliant managers
Linux opt-inOffers x-kde-passwordManagerHint MIME type alongside UTF8_STRING via xclipKDE Klipper and tools mirroring its convention (e.g., KeePassXC, Bitwarden on Linux)

Note: This is best-effort protection. GNOME clipboard extensions, generic Wayland history tools, and non-compliant managers may still capture copied content. The status bar indicates whether exclusion succeeded or fell back to a normal copy.

Installation

Python 3.8+ with Tkinter. Single script — no complex setup.

# Debian / Ubuntu sudo apt install python3-tk pip install cryptography # Fedora sudo dnf install python3-tkinter pip install cryptography # macOS / Windows — Tkinter bundled with Python installer pip install cryptography # Download and run wget https://github.com/A113L/unigen/raw/refs/heads/main/unigen chmod +x unigen ./unigen
Optional (Linux only):
xclip — full clipboard-manager exclusion when copying passwords. xsel or wl-copy work as plain-copy fallbacks but don't support the exclusion hint.
Character Sets
Latin (Standard) — a-z A-Z 0-9 !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ Latin (Extended) — ąćęłńóśźż äöüß èéêë īįì ôöòó œøãåáàâæçñ Cyrillic — абвгдеёжзийклмнопрстуфхцчшщъыьэюя Asian (CJK + Kana) — 漢字日本語中文 あいうえお アイウエオ Greek — ΑΒΓΔΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΩ αβγδελμνξοπρςστυφχψω Math/Symbols — ∞±≠∑∏√∫∂∆πµΩ≈≡≤≥∇ ¢£¥€₩₪₹₽฿₫₴₦₲ Dingbats & Misc — ★☆☀☁☂☃☄☠☢☣♠♣♥♦♪♫✔✖✳❄‼

All sets are combined into one deduplicated pool. Toggle individual sets to control entropy and character composition. The "Source Code" set is built live from every unique character in the script itself.

Security Architecture
Encryption
A
AES-256-GCM
Authenticated encryption — confidentiality plus integrity verification. Tampered ciphertext is rejected.
K
PBKDF2-HMAC-SHA256
600,000 iterations with a random 16-byte salt per file. Keys are never reused across encryptions.
N
12-byte nonce
Fresh nonce per encryption operation prevents IV reuse attacks.
Shredding
1
Pass 1–3: Random data
Three passes of cryptographically secure random bytes overwrite the file contents.
2
Pass 4: Zero fill
Final pass overwrites with zeros. fsync called between every pass to flush to disk.
3
Delete & report
File is unlinked. Status indicates "secure" if overwrite was verified, "fallback" if only deletion could be confirmed.

SSD / CoW caveat: On SSDs, copy-on-write filesystems (Btrfs, ZFS, APFS), or filesystems with snapshots/journaling, overwritten data can persist elsewhere on the device. Treat shredding as strong best-effort — use full-disk encryption (BitLocker, FileVault, LUKS) as your baseline.

Password Generator Workflow
Step 1
Configure parameters
Set length (8–128) and count (1–10,000) with sliders or spinboxes. Toggle character sets — entropy updates live.
Step 2
Generate passwords
Click Generate Passwords. Review the list. For batches >25, a summary view appears with download option.
Step 3
Copy, save, or encrypt
Copy All with clipboard-manager exclusion. Save to File as plaintext. Encrypt & Shred for one-click secure archival.
Step 4
Clear clipboard
Click Clear Clipboard or enable Auto-clear (5–300s) to wipe the system clipboard when done.
File Protector Workflow
Encrypt
Browse to any file, enter passphrase (min 8 chars)
Optionally check "verify, then securely shred the original after encryption". Output is Base64 .enc.
Decrypt
Browse to .enc file, enter passphrase
Click Decrypt & Save to restore original bytes to a location you choose.
Shred
Manual secure destruction
Browse to any file and permanently destroy it with the same multi-pass overwrite, independent of encryption.
Get the Source

UNIGEN is open source and hosted on GitHub. MIT licensed.

View UNIGEN on GitHub