Introduction

Kryptor is a simple, modern, and secure file encryption and signing tool for Windows, Linux, and macOS.

It aims to be a better version of age and Minisign to provide a leaner, user friendly alternative to GPG.

Download Kryptor

Pre-built binaries

For instructions on verifying the signatures and digests, please see the Installation page.

Please follow the project on GitHub to stay up to date.

Package managers

Chocolatey (Windows)

choco install kryptor

Scoop (Windows)

scoop bucket add extras; scoop install kryptor

Homebrew (macOS)

Help wanted!

AUR (Arch Linux)

yay -S kryptor (from source) or yay -S kryptor-bin (published binary)

Up for maintaining a package? Let's talk!

Source code

You can find the source code on GitHub.

License

Kryptor is licensed under GPLv3.

Contact

If you'd like to report a bug, provide feedback, ask a question, or need technical support, GitHub is the place to go.

To report a vulnerability, please see the SECURITY.md file.

For other enquiries, please email me at samuel at samuellucas dot com.

If you've found the software useful or just approve of the design and goals, please consider donating. As a student, every little helps, and I will be eternally grateful.

  • PayPal: samuellucas6

  • GitHub Sponsors: samuel-lucas6

  • Monero: 46hQy5JebdE5L3XsCAwh9tQ6zVA4631JQQb5f9mFJWQ99XaH1SUs7CDPq5QPnKq74rbzGZPxFQD9K45UYxq211V8C2F5iVD

  • Ethereum: 0x1d140cdce6c83de556638acab209ea3f119da02d

Goals

Kryptor aims to be better than a combination of age and Minisign in terms of security and usability. The use case is to protect files for backups and sharing, with a focus on limiting metadata.

It's not attempting to be a complete replacement of GPG. That would lead to similar problems, such as considerable complexity and too much code to single-handedly audit.

Simple

  • No cryptographic agility/config options.

  • A limited number of command-line options.

  • Allow some options to be skipped to shorten commands.

  • Encryption and signing support to avoid having to use different tools.

  • Support for passphrases, symmetric keys, and asymmetric keys.

  • Encryption of multiple files and directories to avoid having to use different tools.

  • Optional file name encryption and overwriting of input files.

  • Short public keys that can be copied and pasted or shared as files.

  • Generate key pairs without having to use a separate keygen program.

Secure

Documented

  • The protocol is explained in sufficient detail to not have to read much code.

  • Readable code.

  • It's clear how to report security vulnerabilities.

  • A thorough tutorial to help newcomers.

  • There's a roadmap and changelog.

  • Commits have decent naming to track individual changes.

Out of scope

  • Compatibility with other tools and protocols: you cannot be better by being the same, and compatibility on top of something new just increases complexity. There are limitations with other programs that need to be addressed, which requires breaking changes, such as the lack of authenticated key exchange and key commitment in age.

  • Key distribution: just share your public keys on a personal website or social media account. If you only use them to communicate with friends or family members, you can share them via a messaging app like Signal.

  • Disk encryption: this is completely different to file encryption. It's best left to another tool.

  • Anything related to email: although you can, of course, attach encrypted files and signature files to emails.

  • A GUI and mobile apps: a lot easier said than done. I simply don't have the time.

  • A password store: there are numerous problems with this approach. Just use a GUI password manager like Bitwarden or KeePassXC.

  • Things few people currently use: for example, YubiKeys. It might be a 'cool' feature to have, but it's useless for the majority of people.

Acknowledgements

Huge thanks to everyone in this section!

Contributors

  • Everyone who has reported bugs and provided feedback on the design, code quality, UX, and documentation.

  • replydev for making and maintaining AUR packages for Kryptor.

Dependencies

  • Frank Denis for writing the libsodium library.

  • Loup Vaillant for writing the Monocypher library.

  • Nate McMaster for working on the CommandLineUtils library.

  • Alexandre Mutel for creating the Monocypher.NET library.

  • ​Klaus Hartke, Trond Arne Bråthen, Adam Caudill, and everyone who contributed to the libsodium-net and libsodium-core libraries.

Cryptographers

  • Daniel J. Bernstein for designing ChaCha20, Poly1305, and Curve25519.

  • Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang for designing Ed25519.

  • Daniel J. Bernstein, Mike Hamburg, Anna Krasnova, and Tanja Lange for designing Elligator.

  • Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich for designing Argon2.

  • Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn, and Christian Winnerlein for designing BLAKE2.

Organisations

Last updated