Kryptor
  • Introduction
  • Features
  • FAQ
  • Installation
  • Usage
  • Tutorial
    • Running Kryptor
    • Specifying files
    • Entering a passphrase
    • Encrypting files for yourself
    • Encrypting files for others
    • Encryption options
    • Decrypting your files
    • Decrypting received files
    • Decryption options
    • Signing files
    • Signing options
    • Verifying signatures
    • Generating a new key pair
    • Key pair options
  • Specification
  • Known limitations
  • Changelog
  • Roadmap
Powered by GitBook
On this page
  • Download Kryptor
  • Pre-built binaries
  • Package managers
  • Source code
  • License
  • Contact
  • Donate
  • Goals
  • Simple
  • Secure
  • Documented
  • Out of scope
  • Acknowledgements
  • Contributors
  • Dependencies
  • Cryptographers
  • Organisations

Introduction

Last updated 1 month ago

Kryptor is a simple, modern, and secure file encryption and signing tool for Windows, Linux, and macOS.

It aims to be a better version of and to provide a leaner, user friendly alternative to .

Download Kryptor

Pre-built binaries

Package managers

choco install kryptor

scoop bucket add extras; scoop install kryptor

Help wanted!

yay -S kryptor (from source) or yay -S kryptor-bin (published binary)

nix-shell -p kryptor

Source code

License

Contact

For other enquiries, please email me at samuel at samuellucas dot com.

Donate

If you've found the software useful or just approve of the design and goals, please consider donating. As a student, every little helps, and I will be eternally grateful.

  • Monero: 46hQy5JebdE5L3XsCAwh9tQ6zVA4631JQQb5f9mFJWQ99XaH1SUs7CDPq5QPnKq74rbzGZPxFQD9K45UYxq211V8C2F5iVD

Goals

It's not attempting to be a complete replacement of GPG. That would lead to similar problems, such as considerable complexity and too much code to single-handedly audit.

Simple

  • Allow some options to be skipped to shorten commands.

  • Encryption and signing support to avoid having to use different tools.

  • Support for passphrases, symmetric keys, and asymmetric keys.

  • Encryption of multiple files and directories to avoid having to use different tools.

  • Optional file name encryption and overwriting of input files.

  • Short public keys that can be copied and pasted or shared as files.

  • Generate key pairs without having to use a separate keygen program.

Secure

Documented

Out of scope

  • Anything related to email: although you can, of course, attach encrypted files and signature files to emails.

  • A GUI and mobile apps: a lot easier said than done. I simply don't have the time.

Acknowledgements

Huge thanks to everyone in this section!

Contributors

  • Everyone who has reported bugs and provided feedback on the design, code quality, UX, and documentation.

Dependencies

Cryptographers

Organisations

() ()

() ()

() ()

() ()

() ()

For instructions on verifying the signatures and digests, please see the page.

Please follow the project on to stay up to date.

(Windows)

(Windows)

(macOS)

(Arch Linux)

Up for maintaining a package? !

You can find the source code on .

Kryptor is licensed under .

If you'd like to report a bug, provide feedback, ask a question, or need technical support, is the place to go.

To report a vulnerability, please see the file.

PayPal:

Kryptor aims to be better than a combination of and in terms of security and usability. The use case is to protect files for backups and sharing, with a focus on limiting metadata.

No /config options.

A number of command-line options.

The cryptographic algorithms.

Rely on a , , and cryptographic library.

symmetric cryptography.

support for key exchange, unlike .

AEAD with , unlike .

key exchange for hybrid file encryption, unlike .

Private key encryption for protection at rest, unlike .

Sign the whole signature file and support signatures, unlike .

Make encrypted files completely to limit metadata, unlike .

The is explained in sufficient detail to not have to read much code.

Readable .

It's how to report security vulnerabilities.

A thorough to help newcomers.

There's a and .

have decent naming to track individual changes.

Backwards compatibility (for ): Kryptor uses an indistinguishable from random file format for encryption, meaning there's no way to tell if a file was encrypted by Kryptor or which version was used from looking at the contents. Furthermore, almost every protocol has flaws/limitations that cannot be corrected without breaking changes. A good example is adding support for post-quantum algorithms, which are still being researched/standardised.

Compatibility with other tools and protocols: you cannot be better by being the same, and compatibility on top of something new just increases complexity. There are limitations with other programs that need to be addressed, which requires breaking changes, such as the lack of and in .

Key distribution: just share your public keys on a personal website or social media account. If you only use them to communicate with friends or family members, you can share them via a messaging app like .

Disk encryption: this is completely different to file encryption. It's best left to tool.

A : there are with this approach. Just use a GUI password manager like or .

Things few people currently use: for example, . It might be a 'cool' feature to have, but it's useless for the majority of people.

for making and maintaining packages.

for making and maintaining a package.

Frank Denis for writing the library.

Loup Vaillant for writing the library.

Nate McMaster for working on the library.

Alexandre Mutel for creating the library.

​Klaus Hartke, Trond Arne Bråthen, Adam Caudill, and everyone who contributed to the libsodium-net and libraries.

Daniel J. Bernstein for designing , , and .

Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang for designing .

Daniel J. Bernstein, Mike Hamburg, Anna Krasnova, and Tanja Lange for designing .

Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich for designing .

Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn, and Christian Winnerlein for designing .

for donating a free Pro account.

for donating their private email service.

The for making their .

Windows (x64)
Kryptor signature
SHA-256
Linux (x64)
Kryptor signature
SHA-256
macOS (x64)
Kryptor signature
SHA-256
Linux (ARM64)
Kryptor signature
SHA-256
macOS (ARM64)
Kryptor signature
SHA-256
GitHub
GitHub
GPLv3
GitHub
SECURITY.md
samuellucas6
age
Minisign
cryptographic agility
limited
widely used
fast
audited
Post-quantum secure
Pre-shared key
post-quantum secure
age
stream encryption
key commitment
age
Sender authenticated
age
age
non-prehashed
Minisign
indistinguishable from random
age
protocol
code
clear
tutorial
roadmap
changelog
Commits
major versions
authenticated key exchange
key commitment
age
Signal
another
password store
numerous problems
Bitwarden
KeePassXC
YubiKeys
replydev
AUR
arthsmn
NixOS
libsodium
Monocypher
CommandLineUtils
Monocypher.NET
libsodium-core
ChaCha20
Poly1305
Curve25519
Ed25519
Elligator
Argon2
BLAKE2
GitBook
Tuta
EFF
wordlists for random passphrases
Let's talk
Chocolatey
Scoop
Homebrew
AUR
NixOS
age
Minisign
GPG
Installation
latest and greatest