Suggesting a new feature

If you would like to suggest a new feature, then feel free to open a feature request on GitHub. However, please read the Goals section first to ensure that your feature is not out of scope.

Note that I will probably not implement your feature if it makes user input more complicated, if it makes the code significantly less readable, or if it is unnecessary/satisfies a rare use case. For example, very few people own YubiKeys and adding support for SSH keys would add a lot of complexity.


  • Fix zero byte file decryption bug.

  • Add 'Deriving encryption key' message.

  • Change the encryption/decryption messages to show that Kryptor is encrypting a large file rather than frozen.​

  • Review the code again to remove unnecessary methods, classes, and comments. This will help make the code more readable and reduce the line count.

  • Investigate specifying multiple recipients for hybrid file encryption.​ This is a lot easier said than done.

  • Consider not chunking files less than 16 KiB. This would reduce storage overhead but reveal the size of small files. This would require a breaking change.

  • Switch from libsodium-core to Geralt if I manage to finish the library.

  • Consider switching to ChaCha20-BLAKE2b with a counter nonce instead of XChaCha20-BLAKE2b. This would mean no nonces would need to be stored, reducing private key sizes and simplifying the file formats. This would require a breaking change.

  • Wait for user feedback.


  • Validation for file paths now happens before being asked to enter a password.

  • Added empty directory validation.

  • Added a validation check for a salt file when encrypting directories.

  • Added a validation check for a salt file when decrypting directories using a private key.

  • The total number of files count is no longer reduced when a file is invalid (e.g. already encrypted).​

  • Removed error logging. It is not needed, and the log file never got shared in bug reports.

  • Added a private key encryption example to -h|--help to clarify that you do not need to specify your public key when encrypting files for yourself.

  • Simplified the examples in -h|--help.

  • Reworded several error messages.


  • Fixed the UnauthorizedAccessException when overwriting read-only files.

  • Fixed the UnauthorizedAccessException when storing the file name if the file is read-only.

  • Restore the -o|--overwrite setting if an exception occurs during directory encryption.

  • Display the copied/backup directory name when encrypting a directory without the -o|--overwrite option.

  • Rename the copied/backup directory to the original directory name if possible (if -f|--obfuscate is specified and -o|--overwrite is not). The directory cannot be renamed otherwise because two directories cannot have the same path.


  • Fixed Visual C++ runtime issues on Windows.

  • Improved -a|--about.​


  • Chunked AEAD for encryption.

  • New KEK/DEK design.

  • Fixed Argon2 parameters.

  • Faster directory encryption.

  • Authenticated hybrid file encryption.

  • Masked password entry with support for random passphrase generation.

  • File signing.

  • Separate encryption and signing asymmetric keys.

  • Private key encryption.

  • Export asymmetric key pairs.

  • Code improvements due to a rewrite.

  • New GitBook documentation.

  • No longer working on a GUI version - not enough time to work on two different versions, tricky to implement in a GUI format, not cross-platform, and more confusing for the user downloading the software.