Kryptor
Kryptor
Kryptor
Kryptor
Introduction
Features
Installation
Tutorial
Usage
FAQ
Best practices
Known limitations
Technical details
Changelog
Powered by GitBook

Best practices

Choosing strong passwords

  1. Download a free and open source password manager. I recommend Bitwarden or KeePassXC.

  2. Randomly generate passwords of 20+ characters using your password manager. Alternatively, use the built-in passphrase generator, and store these passwords using your password manager.

  3. If you want to memorise a password, then I recommend generating a random passphrase containing 6+ words.

Sharing encrypted files

If you want to send someone an encrypted file, then I recommend encrypting the file using your private key and their public key. When decrypting the file, if you know that the sender's public key belongs to the sender, then you can be sure that the encrypted file was sent from them.

Alternatively, you can encrypt files with a password and share that password using an end-to-end encrypted messaging app like Signal or Element. This is easier for sharing files with multiple recipients. However, be sure to regularly change passwords.

If you intend to share a password, I recommend using disappearing messages or deleting the password message manually after the recipient has decrypted the file.

Sharing your public key

Only ever share your public key. You can send someone your public key as a string or as a .public file. You can safely share your public key via an insecure channel (e.g. via a messaging app).

Never share your private key! Your private key must be kept secret.

Storing your public and private keys

Always back up your .public and .private key files to external storage. You can recover your public key from the private key, but if you lose your private key, you will be forced to generate a new key pair.

I strongly advise against storing your .private key files in the cloud. Private keys are encrypted, but it is still safest to keep them offline and under your control.

Rotating key pairs

If you believe your private key may have been compromised (e.g. you accidentally shared it), then you should decrypt any files encrypted using that private key and generate a new key pair. You can then use the new private key to re-encrypt your files.

Choosing keyfiles

I recommend randomly generating keyfiles using Kryptor. Randomly generated keyfiles are made read-only and unlikely to be accidentally modified since you have no reason to open these types of files.

However, any type of file (e.g. jpg, mp3, zip) can be used as a keyfile but using an ordinary file type is riskier since it is more likely to be accidentally modified.

If the keyfile is modified, then files encrypted using that keyfile will become unrecoverable.

Storing keyfiles

Always back up your keyfiles in case they are accidentally modified. I recommend keeping your keyfiles offline on memory sticks or external hard drives.

If you lose a keyfile, then files encrypted using that keyfile will become unrecoverable.

Previous
FAQ
Next
Known limitations
Last updated 1 month ago
Contents
Choosing strong passwords
Sharing encrypted files
Sharing your public key
Storing your public and private keys
Rotating key pairs
Choosing keyfiles
Storing keyfiles