Introduction

Kryptor is free and open source file encryption and signing software for Windows, Linux, and macOS.
It is a portable, cross-platform command line tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of age and Minisign to provide a simple, user friendly alternative to GPG.
Download Kryptor
Pre-built binaries
​Windows (x64)  (Kryptor signature) (SHA256)
​Linux (x64)  (Kryptor signature) (SHA256)
​macOS (x64 & ARM64)  (Kryptor signature) (SHA256)
For instructions on verifying the signatures and digests, please see the Installation page.
Please follow the project on GitHub and regularly use the -u|--update option to check for updates. It is important to stay up-to-date for security and compatibility reasons.​
Package managers
​Chocolatey (Windows)
choco install kryptor
​Scoop (Windows)
scoop bucket add extras; scoop install kryptor
​Homebrew (macOS and Linux)
Coming soon
Help from new packagers is very much appreciated! Contact me to get your name listed in the Acknowledgements section.
Source code
You can find the source code on GitHub.
License
Kryptor is licensed under GPLv3.
Contact
If you would like to report a bug, offer feedback, ask a question, or need technical support, then GitHub is the place to go.
Please see the SECURITY.md file for information on reporting security vulnerabilities.
For other enquiries, please email me at samuel[at]samuellucas[dot]com using an informative subject line.
Donate
As a student, I currently have no income. Any fees related to the project are paid from my student loan, and time spent coding and writing the documentation has been unpaid when I could be working on something that would earn me money.
If you have found the software to be useful or just approve of the design and goals, then please consider donating. Every little helps. Seriously. I am eternally grateful for all donations!
PayPal: samuellucas6​
GitHub Sponsors: samuel-lucas6​
Monero: 46hQy5JebdE5L3XsCAwh9tQ6zVA4631JQQb5f9mFJWQ99XaH1SUs7CDPq5QPnKq74rbzGZPxFQD9K45UYxq211V8C2F5iVD
Ethereum: 0x1d140cdce6c83de556638acab209ea3f119da02d
Goals
The overall goal is for Kryptor to be better than a combination of age and Minisign in terms of security and usability.
Kryptor is primarily designed to protect files for cloud backups, external storage backups, and file sharing. It is not trying to be a complete replacement for GPG, but that is a good thing considering the sheer number of features is what makes GPG intimidating, often difficult to use, and impossible to single-handedly audit.
Simple
No cryptographic agility.
A limited number of command line options.
Allow some options to be skipped to shorten commands.
Encryption and signing support to avoid having to use different tools.
Support for passwords, keyfiles, and asymmetric keys.
Encryption of multiple files and folders to avoid having to use different tools.
Optional file/directory name obfuscation and overwriting of input files.
Short public keys that can be copied and pasted or shared as files.
Generate key pairs without having to use a separate keygen program.
Secure
The latest and greatest cryptographic algorithms.
Rely on a widely used, fast, and audited cryptographic library.
​Chunked AEAD encryption using an Encrypt-then-MAC implementation, unlike age.
​Authenticated key exchange for hybrid file encryption, unlike age.
Private key encryption for protection at rest, unlike age.
​Eventually, pre-shared key support for post-quantum secure key exchange, unlike age.
Sign the whole signature file and support non-prehashed signatures, unlike Minisign.
Documented
A thorough tutorial to help newcomers.
Readable and concise code.
It is clear how to report security vulnerabilities, unlike age and Minisign.
The goals, scope, best practices, and limitations are documented and justified, unlike age and Minisign.
The protocol/design is explained in sufficient detail to not have to read much code, unlike age.
There is a roadmap and changelog.
​Commits have decent naming to track individual changes.
Out of scope
Compatibility with other tools and protocols: you cannot be better by being the same, and compatibility just increases complexity. There are limitations with other programs that need to be addressed, such as the lack of authenticated key exchange and file signing support in age.
Disk encryption: this is a whole other beast to file encryption. It is best left to another tool.
Key distribution: just share your public keys on a personal website or social media account. If you only use them to communicate with friends or family members, then you can share them via a messaging app, like Signal.
Anything related to email: although you can, of course, attach encrypted files and signatures to emails.
Mobile apps: who encrypts files on their phone? Very few people, I would imagine, and I do not have the time.
A password store: just use a GUI password manager, like Bitwarden or KeePassXC.
Things few people currently use: for example, YubiKeys.
Acknowledgements
Thank you to the following people:
Everyone who has provided feedback on the design, code quality, UX, and documentation.
​GitBook for providing a free community account.
​Tutanota for providing a free premium account.
Frank Denis for writing the libsodium library.
Adam Caudill and everyone who contributed to the libsodium-net library.
Trond Arne Bråthen for creating the libsodium-core library.
Nate McMaster for maintaining the CommandLineUtils library.
The EFF for making their wordlists for random passphrases.
All the people working on .NET and C#.
Daniel J. Bernstein for designing ChaCha20 and Curve25519.
Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang for designing Ed25519.
Scott Arciszewski for creating XChaCha20 and Frank Denis for making the internal counter larger.
Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich for designing Argon2.
Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn, and Christian Winnerlein for designing BLAKE2.
Features
Last modified 1mo ago
Copy link
Contents