Kryptor
Search…
πŸ““
Changelog
This page attempts to follow the Keep a Changelog guidelines to make it easy to see what has changed in each version of Kryptor. Here are the types of changes:
  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in the case of vulnerabilities.

v3.1.1

This was a very quick, unpolished hotfix release due to the severity of issue #40 (explained below), which was reported via email.

Fixed

  • Files with a certain length would accidentally have the last 16,384 byte chunk removed during decryption due to a mathematical mistake that wasn't detected during any of my testing because of the file sizes of my test files. I'm extremely sorry for any trouble this causes. It's rather crushing as a maintainer when something like this happens, but I would like to again thank the person who reported this issue.
  • Chocolatey installs hopefully won't have a vcruntime140.dll extraction error anymore. I'm also working on adding the package equivalent of this file as a dependency.

Changed

  • Encrypted files are no longer deleted by default when decrypting. The -o|--overwrite option now needs to be specified to do this.
  • Illegal characters from file/directory names are now rejected with an error rather than being silently removed. As this was taken from a v4 commit, with v4 encrypting directories differently, this change won't work with subdirectories.
  • 'Decrypting private key...' is displayed instead of 'Deriving encryption key from password...' for private key decryption to avoid confusion.
  • The dependencies and vcruntime140.dll files have been updated.

Added

  • A message saying to back up the private key file when generating a new key pair.
  • A message saying to back up the keyfile when generating a random keyfile.
  • Publish profiles for Linux ARM64 and macOS ARM64 to build from source more easily. Builds for these platforms may be included in releases for v4 onwards.

v3.1.0

Security

  • Patched a potential directory traversal attack vulnerability when decrypting a file/folder someone sent you that contained a malicious file name. I say potential because I have not attempted to exploit the attack, and this type of vulnerability primarily affects web applications. However, it has also affected ZIP libraries and encryption libraries.

Added

  • Non-interactive password support, meaning you can now do -p:"[password]" instead of entering the password interactively. To randomly generate a password, you can type a space: -p:" ". However, entering a password interactively is still more secure as it hides your password and avoids using a string variable.
  • Exporting the recovered public key from -r|--recover to a .public file if one does not exist in the same directory as the .private key file.
  • Automatic vcruntime140.dll extraction on Windows to always ensure that the libsodium cryptographic library is portable.
  • -u|--update can now install updates for you. This checks the download signatures automatically, ensuring authenticity and integrity, and replaces the kryptor executable in place.
  • Coloured error messages (red) and successful messages (green). Blue and orange are also used but rarely.
  • A note in -h|--help about having to surround file names/paths with "speech marks".

Changed

  • Switched to .NET 6.
  • The -f|--obfuscate option has been renamed to -n|--names. I will now be calling it file name encryption rather than file name obfuscation.
  • ​Path.GetRandomFileName() is no longer being used because the documentation was updated to remove the claim that it is cryptographically secure.
  • It is now possible to sign .signature files.
  • The spacing in the output text has been changed to try and make things more readable.
  • File names in the output text are now surrounded by "speech marks" to help distinguish them from other text.
  • Lots of code improvements to reduce the line count.
  • Various error messages have been improved.

Fixed

  • The authenticated comment is no longer shown if it is empty when verifying a signature.
  • Folders containing only empty subdirectories are now detected as containing no files, leading to an error.
  • ​String.Replace() is no longer used for file paths since it may cause problems by removing multiple parts of a string.
  • Illegal file name characters are now removed from the file name before it is stored during file name encryption because this could cause issues decrypting the file on another operating system. This may be switched to an error in the future.
  • The total count should now be correct when decrypting a directory with an incorrect salt length.

v3.0.4

Added

  • A 'Deriving encryption key from the password...' message to explain the key derivation delay.
  • 'Encrypting [file] => [file.kryptor]...' and 'Decrypting [file.kryptor] => [file]...' messages to indicate that Kryptor is doing something rather than frozen when encrypting/decrypting large files.
  • 'Commencing encryption of [directory] directory...' and 'Commencing decryption of [directory] directory...' messages to help separate the folder encryption output from the file encryption output.

Changed

  • Now displaying the name of randomly generated keyfiles.
  • Various code improvements, although there is still lots to go through. More code improvements will be coming in the next release.

Fixed

  • A bug when encrypting/decrypting 0-byte files (please see #27).
  • A bug related to renaming duplicated files (please see #28).
  • The -s|--sign and -v|--verify validation has been improved.
  • An UnauthorizedAccessException when trying to randomly generate a keyfile to a path where a keyfile by that name already exists.

v3.0.3

Added

  • Empty directory validation.
  • A validation check for a salt file when encrypting directories.
  • A validation check for a salt file when decrypting directories using a private key.
  • Added a private key encryption example to -h|--help to clarify that you do not need to specify your public key when encrypting files for yourself.

Removed

  • Error logging. It is not needed, and the log file never got shared in bug reports.

Changed

  • Validation for file paths now happens before being asked to enter a password.
  • Simplified the examples in -h|--help.
  • Reworded several error messages.

Fixed

  • The total number of files count is no longer reduced when a file is invalid (e.g. already encrypted).​

v3.0.2-beta

Changed

  • Now displaying the copied/backup directory name when encrypting a directory without the -o|--overwrite option.
  • Now renaming the copied/backup directory to the original directory name if possible (if -f|--obfuscate is specified and -o|--overwrite is not). The directory cannot be renamed otherwise because two directories cannot have the same path.

Fixed

  • The UnauthorizedAccessException when overwriting read-only files.
  • The UnauthorizedAccessException when storing the file name if the file is read-only.
  • Now restoring the -o|--overwrite setting if an exception occurs during directory encryption.

v3.0.1-beta

Changed

  • Improved -a|--about.​

Fixed

  • Visual C++ runtime issues on Windows by including a vcruntime140.dll file in the ZIP file.

v3.0.0-beta

Added

  • Authenticated hybrid file encryption.
  • Masked password entry with support for random passphrase generation.
  • File signing functionality.
  • Implemented separate encryption and signing asymmetric keys.
  • Implemented export functionality for asymmetric key pairs.
  • Private keys are encrypted for protection at rest.

Changed

  • Switched to chunked AEAD encryption.
  • New KEK/DEK design.
  • Now using fixed Argon2 parameters.
  • Faster directory encryption.
  • No longer working on a GUI version - not enough time to work on two different versions, tricky to implement in a GUI format, not cross-platform, and more confusing for the user downloading the software.
Last modified 1mo ago