Free Software Stuff

Adfgvx - ADFGVX ciphering tool

This is the homepage for adfgvx, an implementation of the ADFGVX cipher used by the German army in the last months of World War I.

Adfgvx is distributed under the terms of the GNU General Public License, version 3 or higher.


The original ADFGVX cipher encrypted a 36 letters plaintext alphabet (A-Z, 0-9) into a 6 letters (A, D, F, G, V, and X, hence the name) ciphertext alphabet.

This implementation can do the same, but it can also encrypt a 64 letters plaintext alphabet (A-Z, a-z, 0-9, /, and +) into a 8 letters ciphertext alphabet. The output alphabet is not hardcoded and can be freely selected by the user.

The plaintext can be encoded to Base32 or base64 before being ciphered, thus allowing to encrypt any kind of contents, including binary files.

This program is not suitable to protect sensitive informations. The original ADFGVX cipher was broken only a few months after its introduction in the German Army, and this implementation does not provide any significative improvement (the use of a 8×8 substitution matrix instead of a 6×6 matrix has negligible effects). In Bruce Schneier’s terms, adfgvx may “prevent your kid sister from reading your files”, but nothing more.


Key generation

Use the -g, --genkey option to generate a new random key; enter the desired output alphabet when asked:

$ adfgvx -g > new.key
Output alphabet (6 or 8 characters in A-Z): AZERTY

The generated key is a plain text file like this:

Version: 0.1


The key comprises three elements: ① the selected output alphabet, ② the substitution matrix, and ③ the transposition keyword.


Use the -e, --encrypt option to encrypt either the file specified as the first positional argument, or standard input if no positional argument is specified.

$ adfgvx -k new.key -e <<< "LOREM IPSUM DOLOR SIR AMET"


The -k option, followed by the key file to use, may be omitted. In that case, adfgvx will use the default key file it expects to find in $XDG_CONFIG_HOME/adfgvx/default.key.


Use the -d, --decrypt (or, since decrypting is the default, do not specify the -e option) to decrypt either the file specified as the first positional argument, or standard input is no positional argument is specified.

$ adfgvx -k new.key -d message.txt

Note that whitespaces, and more generally all characters outside the input alphabet, have been lost during the crypting / decrypting cycle. To preserve all characters, use the -b, --binary option: when encrypting, this will encode the plaintext in Base32 (if using a 6-letters output alphabet) or Base64 (if using a 8-letters alphabet) before encrypting it, and when decrypting, it will decode the plaintext back to its original form.


Browse or download the source code from the repository.

Download the last release tarball:

adfgvx-0.2.2.tar.gz (application/x-gzip, 170K)