Encrypt and decrypt plain text, files, and folders using the LE desktop binary. No API key is needed — everything runs locally. No data leaves your machine.
| Resource | URL |
|---|---|
| --- | --- |
| Source code & documentation | |
| Cloud alternative | LESecureCl skill (uses the LESecure API) |
-z (force overwrite) and — when the target is a directory — -n (recursive). Never pass -c (clean/delete source) or -j (trio = -z -c -n) without explicit user confirmation, because both delete the original file after encrypting. See the "Destructive Flags" rules below.LE -7 and share the output. No other flags are needed. Note: LE -7 accesses device GPS — this is a privacy-sensitive operation. On first use in a session, inform the user: "This will query your device's GPS location via LE." Proceed only after acknowledgment.-c and -j (MANDATORY)-c (clean) deletes the source file after encryption or decryption. It is irreversible in-place data loss.-j is a trio that includes -c, so it is also destructive.-c or -j. Before using either, ask the user explicitly, e.g.: "This will delete the source after the operation. Confirm with 'yes, delete source' to proceed."-z (and -n for folders). The source stays on disk.-j or "clean/delete source after", use -j and state in the response that the source was removed.The skill looks for the LE binary in this order:
LE_BIN environment variable, if set (e.g., export LE_BIN=/opt/le/LE).LE on PATH (via command -v LE).In examples below, LE is used as a shorthand for whichever path resolves. When actually invoking, expand it to the full resolved path so the command is reproducible.
# Resolve once, then reuse
LE_BIN="${LE_BIN:-$(command -v LE)}"
"$LE_BIN" --help
All date/time handling for this skill follows these rules — no exceptions:
-l and -r in EST/EDT.-l) = current EST + 2 minutes by default. This buffer prevents the "date must be in future" error.-r) = start time + the user's requested duration.date flag syntax differs between BSD (macOS) and GNU (Linux). Python 3 is available on both. Input safety: The duration value is passed as sys.argv[1] and cast via int() inside the Python script — any non-integer input raises ValueError and the script exits without executing. Never concatenate or interpolate user input directly into the python3 -c string. Always pass values as positional arguments (sys.argv).
```bash
# Start time (now + 2 minutes, EDT/EST) — no user input needed
python3 -c "from datetime import datetime,timedelta; from zoneinfo import ZoneInfo; print((datetime.now(ZoneInfo('America/New_York'))+timedelta(minutes=2)).strftime('%Y/%m/%d %H:%M'))"
# End time (now + 2 min + N minutes) — N is passed as argv[1], cast to int()
python3 -c "import sys; from datetime import datetime,timedelta; from zoneinfo import ZoneInfo; N=int(sys.argv[1]); print((datetime.now(ZoneInfo('America/New_York'))+timedelta(minutes=2+N)).strftime('%Y/%m/%d %H:%M'))"
# End time (now + 2 min + N hours) — N is passed as argv[1], cast to int()
python3 -c "import sys; from datetime import datetime,timedelta; from zoneinfo import ZoneInfo; N=int(sys.argv[1]); print((datetime.now(ZoneInfo('America/New_York'))+timedelta(minutes=2,hours=N)).strftime('%Y/%m/%d %H:%M'))"
```
Fallback (date) — only if Python is unavailable:
TZ=America/New_York date -v+2M "+%Y/%m/%d %H:%M"TZ=America/New_York date -d '+2 minutes' "+%Y/%m/%d %H:%M"--PlainText / -p)Encrypt/decrypt inline strings. The LE binary expects the data wrapped in triple single quotes ('''...''').
Never interpolate raw user input directly into the shell command. The '''...''' quoting breaks if the data contains single quotes, enabling shell injection. Before building the command:
') in the user's plaintext. Replace each ' with '\'' (end quote, escaped literal quote, reopen quote).```bash
# Store user data in a variable — shell expansion is safe inside triple quotes
LEDATA='user provided text here'
LE -e "'''${LEDATA}'''"
```
eval or backtick interpolation with user-supplied text.# Encrypt (with sanitized data)
LE -e '''<SANITIZED_DATA>''' <LOCK_FLAGS> --PlainText
# Decrypt (encrypted output is safe — no special chars)
LE -d '''<ENCRYPTED_DATA>''' <LOCK_FLAGS> --PlainText
Default flags (safe):
-z-z -nDestructive extras (only with explicit user confirmation, see rules above): add -c to also delete the source, or use -j (= -z -c -n).
# Safe file encrypt / decrypt (source file preserved)
LE -e <FILE> <LOCK_FLAGS> -z
LE -d <FILE.letxt> <LOCK_FLAGS> -z
# Safe folder encrypt / decrypt (source folder preserved)
LE -e <FOLDER> <LOCK_FLAGS> -z -n
LE -d <FOLDER> <LOCK_FLAGS> -z -n
# Destructive — only after explicit user confirmation
LE -e <FILE_OR_FOLDER> <LOCK_FLAGS> -j
Naming notes:
.le prefix on the extension (e.g., example.txt becomes example.letxt); use the .letxt filename when decrypting..le prefix on their extensions. The folder name itself stays the same.| Flag | Lock Type | Value | Example |
|---|---|---|---|
| ------ | ----------- | ------- | --------- |
-1 | Pin/Code | Numeric string | "1122" |
-w | Password | Password file (.letxt) or passphrase | pass.letxt |
-2 | MFA | Phone number (E.164) | "+19199870623" |
-3 | OTP | OTP code for decryption | "123456" |
-l | Time lock start | YYYY/MM/DD HH:MM | "2026/04/12 17:41" |
-r | Time lock end | YYYY/MM/DD HH:MM | "2027/04/12 17:36" |
-b | Location lock — use existing .lecsv key file (encrypt only; omit on decrypt) | Path to .lecsv file | location.lecsv |
-v | Location lock — create a new .lecsv key file from a GPS CSV (switch, no value) | (no value) | -v |
| Flag | Purpose | Safety |
|---|---|---|
| ------ | --------- | -------- |
-z | Force — overwrite existing encrypted file | Safe |
-n | Recursive — process folders recursively | Safe |
-c | Clean — delete source after encrypt/decrypt | DESTRUCTIVE — opt-in with confirmation |
-j | Trio = -z -c -n — includes delete-source | DESTRUCTIVE — opt-in with confirmation |
-i | Get info on an encrypted file | Safe (read only) |
-o | Specify output file name | Safe |
-7 | Print the device's current GPS location (no other flags needed) | PRIVACY-SENSITIVE — requires user consent on first use |
-2 "+1XXXXXXXXXX" to register the phone number.-4 to trigger OTP delivery, then run again with -3 .LE -e '''hello world''' -1 "1234" --PlainText
LE -d '''<ENCRYPTED>''' -1 "1234" --PlainText
LE -e '''secret data''' -w pass.letxt -1 "1122" -2 "+19199870623" -l "2026/04/12 17:41" -r "2027/04/12 17:36" --PlainText
LE -e /path/to/myfile.txt -1 "1234" -z
LE -d /path/to/myfile.letxt -1 "1234" -z
LE -e /path/to/my_folder -w pass.letxt -1 "1234" -z -n
LE -d /path/to/my_folder -w pass.letxt -1 "1234" -z -n
# Only after explicit user confirmation
LE -e /path/to/myfile.txt -1 "1234" -j
LE -i /path/to/myfile.letxt
Requires user consent on first use in a session (privacy-sensitive — accesses device GPS).
LE -7
--PlainText) for inline strings, or File/Folder for files and directories.$LE_BIN, command -v LE, or ask the user.-z for files; -z -n for folders. Do not add -c or -j unless the user explicitly confirmed source deletion.-2) must be in E.164 format.YYYY/MM/DD HH:MM format. Follow the Date & Time Rules above.-l (start) and -r (end)..letxt) should be an encrypted password file created with LE -e pass.txt -q. Stage 1 — Create the .lecsv key file from a GPS CSV (-v):
location.csv).-v is a switch (no value); LE produces location.lecsv alongside the input.-1 (pin) or -2 (MFA) — otherwise LE errors with "Either Pin or MFA should be enabled for Password/Location file".```bash
LE -e location.csv -v -1 1122 -z
LE -e location.csv -v -2 "+1YourPhoneNumber" -z
```
Stage 2 — Use the .lecsv key file to lock files/folders (-b):
-b is used only on encryption.-b — LE reads the embedded location reference from the encrypted file itself. Just run LE -d -z .```bash
# Encrypt (pass -b with the key file)
LE -e example.txt -b location.lecsv -z
# Decrypt (do NOT pass -b)
LE -d example.letxt -z
```
共 1 个版本