EntropyX: Core Advanced Compression

EntropyX: Core

EntropyX: Core is a private, enterprise-only file compression suite designed for security, efficiency, and reliability. Built with a modern Python backend, it delivers advanced compression, robust encryption, and audit logging for professional environments.

Key Features

Utilizes multiple compression algorithms (zlib, bz2, lzma), with intelligent method selection for each file type. Efficiently processes documents, images, audio, and video files for significant size reduction.

Support for 20+ file formats including TIFF, RAW camera formats (CR2, NEF, ARW, DNG), DICOM medical imaging (.dcm), FITS astronomy files, DPX cinema files, and SQL databases

Implements strong encryption (Fernet-based, when available) for compressed files, with secure key generation and a fallback encryption method if cryptography libraries are unavailable. Strict input validation and path sanitization help prevent unauthorized access and data leaks.

Implements strong encryption (Fernet-based, when available) for compressed files, with secure key generation and a fallback encryption method if cryptography libraries are unavailable. Enforces 500MB file size limit per file, dangerous character filtering, reserved Windows filename checking, and secure session tracking with UUID-based session IDs and integrity hashing to prevent unauthorized access and data leaks.

Supports batch operations for high-volume data management, though batch compression currently only processes the first selected file rather than creating a single ZIP archive from multiple files.

Integrates FFmpeg and Ghostscript for advanced compression and conversion of audio, video, image, and PDF files—maintaining high output quality.

DOCX to PDF conversion with ultra-aggressive Ghostscript optimization (36 DPI, grayscale conversion, font removal)

Media compression supports MP4, AVI, MKV, MOV, MP3, WAV, FLAC, and more with quality presets (best/medium/fast)

Every major file operation is recorded in detailed audit logs (including timestamp, filename, operation, and user/session info). Internal watermarks and unique identifiers support traceability and compliance.

Dual logging system: Full debug logs (entropyx_full.log) with 10MB rotation and audit logs (entropyx_audit.log) with 30-day retention

Every major file operation is recorded in detailed audit logs (including timestamp, filename, operation, and user/session info). Features SHA256 integrity hashing on every log entry for tamper detection and comprehensive metadata tracking including file hashes, compression ratios, and operation duration. Internal watermarks and unique identifiers support traceability and compliance.

The cross-platform Python GUI (Tkinter) features a card-based interface with hover effects and visual feedback, along with real-time progress indicators for long-running operations, making batch compression, media processing, and settings management straightforward for authorized users.

EntropyX: Core Security implements comprehensive security controls designed to protect data integrity and ensure safe file processing. The following technical features are built into the application:

File Processing Security:

File Type Validation: Strict whitelist of 20+ supported extensions with magic number verification
Size Limits: 500MB maximum per file with 2GB absolute security threshold
Path Sanitization: Automatic removal of dangerous characters and path traversal prevention
Extension Verification: Magic number validation against declared file extensions
Reserved Name Protection: Windows system name blocking (CON, PRN, AUX, etc.)
ZIP Bomb Protection: Compression ratio limits (50:1 max) and file count restrictions
Input Validation: Real-time filename sanitization and Unicode normalization
Symlink Detection: Active blocking of symbolic links to prevent directory traversal attacks
Enhanced Path Validation: Real-path verification comparing normalized paths against actual filesystem locations
Secure Archive Creation: ZIP member name validation preventing path traversal via archive contents
Drive Letter Protection: Windows drive letter detection and blocking in archive operations

Encryption & Data Protection:

Algorithm: Fernet (AES-128-CBC + HMAC-SHA256) with cryptographic library support
Key Derivation: PBKDF2 with 100,000 iterations using SHA-256
Fallback Encryption: AES-256-CBC with HMAC-SHA256 authentication replacing weak XOR
Secure Key Storage: Hidden key files with restricted file system permissions
Database Encryption: Support for encrypted SQLite databases with unique keys
Integrity Verification: SHA-256 checksums for files under 10MB
Enhanced Fallback: Pure Python AES implementation when cryptography library unavailable
Key Storage Hierarchy: OS keyring primary storage with encrypted file fallback
Permission Enforcement: Active file permission verification (0600 Unix, hidden+system Windows) before key access
PKCS7 Padding: Proper cryptographic padding for AES block cipher operations
Random IV Generation: Unique initialization vectors for each encryption operation

Command Execution Security:

Injection Protection: Parameterized command execution for all subprocess calls (FFmpeg, Ghostscript, PowerShell)
Timeout Enforcement: Mandatory 60-second default timeout on all subprocess operations with configurable limits
PowerShell Sandboxing: Temporary script file creation replacing direct command injection
Subprocess Wrapper: Centralized security wrapper (safe_subprocess_run) with comprehensive logging and timeout protection
Recursion Protection: Anti-recursion guards preventing logging loops in subprocess handlers
Command Logging: Sanitized command logging with sensitive parameter masking
Error Isolation: Exception handling preventing subprocess errors from exposing system information

Comprehensive Audit System:

Structured Logging: JSON-formatted logs with session tracking and build fingerprinting
Event Categories: AUDIT, SECURITY, FILE_OP, COMPRESS, and ERROR classifications
Integrity Protection: SHA-256 hash verification for tamper detection on all log entries
Retention Policy: 30-day audit trails with daily rotation at midnight
Security Monitoring: Real-time detection of file access violations and processing errors
Traceability: Complete operation tracking from input validation to compression completion
Subprocess Tracking: Security event logging for all subprocess timeout occurrences
Enhanced Events: PATH_TRAVERSAL_ATTEMPT, SYMLINK_DETECTED, SUBPROCESS_TIMEOUT event types

Application Security:

Build Verification: Mathematical signature validation (Build AngeloF799617)
Integrity Checks: Six-point application component validation on startup
Secure Subprocess: Controlled FFmpeg and Ghostscript execution with timeout limits
Error Handling: Sanitized error messages preventing information disclosure
Resource Management: Automatic cleanup of temporary files and memory resources
Session Security: Unique session IDs for operation correlation and tracking
Defense in Depth: Multiple validation layers for all user-supplied input
Zero Trust Architecture: No assumptions about input safety, all data validated

Please note: These technical security features provide the foundation for compliance frameworks. Full regulatory compliance may require additional organizational controls beyond the application's technical capabilities.

EntropyX: Core Compliance is engineered to align with leading industry security and privacy frameworks. The following controls are implemented to support compliance across major standards:

OWASP Top Ten:

Input Validation: Strict file type validation using extension whitelist and magic number verification
Path Traversal Prevention: Enhanced pattern detection for ../, ..\\, and URL-encoded variants
File Size Controls: 500MB maximum file size with 2GB absolute limit protection
Filename Sanitization: Removal of dangerous characters and Windows reserved names
Secure File Handling: Absolute path resolution and symlink traversal prevention
Encryption Protection: AES-128-CBC with HMAC-SHA256 authentication via Fernet
Security Logging: Built-in security event monitoring and comprehensive audit trails
Error Handling: Secure error messages without information disclosure

NIST Cybersecurity Framework:

Identify: Application integrity validation with build verification and component checks
Protect: File processing security with encryption, validation, and access controls
Detect: Real-time security event monitoring with comprehensive logging capabilities
Respond: Automated error handling with security event correlation and tracking
Recover: Secure cleanup procedures with temporary file management and resource protection

ISO 27001 Controls:

A.12 Operations Security: Comprehensive logging, monitoring, and secure file processing
A.10 Cryptography: AES encryption implementation with secure key lifecycle management
A.14 System Acquisition: Secure development practices with integrity verification
A.16 Incident Management: Security event detection, logging, and error tracking
A.18 Compliance: Audit trail maintenance and operational transparency

HIPAA and PCI DSS:

Technical Safeguards: File encryption, access validation, and comprehensive audit logging
Data Protection: Strong encryption for sensitive files with integrity verification
Audit Requirements: Detailed logging of all file operations and security events
Access Controls: File type restrictions and validation checks for authorized processing

SOC 2 and SOX:

Operational Controls: Detailed audit trails of all file processing and compression operations
Internal Controls: Application integrity checks and secure configuration management
Transparency: Comprehensive logging supporting operational review and compliance auditing
Review Support: Structured audit trails with integrity protection and event correlation

Data Protection Regulations:

GDPR Article 32: Security of processing through local file handling and encryption protection
CCPA Technical Safeguards: Privacy-by-design with no telemetry collection or data transmission
Privacy by Design: Local processing ensuring user-controlled files and data minimization
Data Minimization: Only necessary file metadata collected with automatic cleanup procedures

Please note: While EntropyX Core includes foundational security and privacy features required by these frameworks, full compliance may require additional organizational, deployment, or administrative controls, such as user authentication, log retention policies, and protected audit log storage.

Verified by Automated Security Testing

All major versions of EntropyX: Core are scanned with Bandit and Semgrep static analysis tools.

Latest results: 7/22/25

Zero high or medium severity issues
All subprocess and input handling reviewed and documented for safety
No code paths that allow for command injection or unsafe deserialization

Full scan logs are available on request.

Developed with Industry Best Practices

EntropyX: Core follows secure coding standards inspired by the OWASP Top Ten and privacy-by-design principles, ensuring no hidden data collection or remote processing.

All major versions of EntropyX: Core are continuously scanned with Bandit and Semgrep security tools to ensure zero critical code vulnerabilities, robust subprocess handling, and strong protection against unsafe deserialization or command injection.

EntropyX: Core Advanced Compression

EntropyX: Core

Key Features

Verified by Automated Security Testing

This website uses cookies.