Well, I've got some feedback if you'd care for any...
1. It's not obvious that "encryption" automatically deletes the just-encrypted file.
2. The deletion of the original file is not a secure delete. Because there's no way to inhibit the deletion, the just-encrypted data is guaranteed to still be present on the hard drive.
3. The deletion of the original file fails on Windows (because you don't close the file first).
4. If the "out" file already exists, "encryption" mode is assumed, and file.x and file.y are silently overwritten if they exist.
5. The "key", which additionally "encrypts" the file, is naively implemented and does not add any additional protection. Your statement that the two files can be "stored in separate secure locations--which is unnecessary" is inaccurate; the key feature leads to a false sense of security and should be removed entirely or re-implemented.
Finally, I'm not entirely clear what advantage this scheme has over creating two files using well-established cryptography, one with the ciphertext and one with a passphrase, and storing them apart from each other.
I'm sorry for being harsh, it's not my intention to be mean or discouraging. The fact that you're releasing this open source indicates a willingness for peer review, and that mentality should be applauded. However, it's almost always a bad idea to try to implement cryptography yourself unless you're a cryptographer (I'm not one, and I'd certainly hesitate to do so myself). Even just using existing well-written crypto libraries can be very hard to get right....
Best of luck!
Thanks for the feedback! I didn't necessarily intend to give off the message that this
should be used, however I do understand how what I wrote can be interpreted that way. Could you possibly explain how the implementation of the passphrase is naive and doesn't add any additional security?
I created this simply because I could and I don't try to claim that it is better than any other form of cryptography with similar results. However I don't see how the bitwise operation XOR isn't considered "well-established cryptography" considering it's use in large scale projects(to be fair, it is used along with AES in the applications I'm familiar with).
I apologize if any of this comes of as ignorant or "harsh", as you also stated.