FAQ

Why should I use Kryptor over the alternatives?

  1. Kryptor uses strong, fast, and modern cryptographic algorithms.

  2. Kryptor provides both encryption and signing, meaning you do not need to use multiple tools.

  3. Kryptor is a lot easier to use than GPG.

  4. You can use passwords, keyfiles, or asymmetric keys to encrypt files.

  5. You can encrypt multiple files and directories at once.

  6. You can encrypt files for another person that only they can decrypt.

  7. Kryptor is free and open source.

When should I not use Kryptor?

  • If you want to frequently access lots of your encrypted files (e.g. multiple directories), then you should use Cryptomator or VeraCrypt.​​

  • If you intend to encrypt a file for lots of recipients using asymmetric keys, then you should consider using age. However, the key exchange is not authenticated, meaning an attacker could replace the entire file undetected.

  • If you want to use SSH keys for encryption, then you should use age. However, this is not recommended because it allows someone to track files encrypted to a specific public key.

  • If you want to encrypt a disk, then you should use LUKS (on Linux) or VeraCrypt (on Windows).

  • If you want something based on an industry standard, then you should use GPG. However, GPG uses some dated cryptographic algorithms and is about as far from user friendly as you can get. It should only really be used to verify digital signatures.

Has Kryptor been audited?

Kryptor has not been officially audited by a third-party, but the source code has likely been reviewed by some security researchers as a result of the HackerOne bug bounty program, and the libsodium library is used for all of the cryptography, which was audited in 2017.

I would love for Kryptor to be audited by a company like Cure53, but security audits are extremely expensive (thousands of dollars) and require open source funding, which is difficult for even very popular projects to get hold of. For example, KeePassXC and age have not been audited.

Is Kryptor compatible with age and Minisign?

Kryptor is not compatible with either because it uses different cryptographic algorithms and file formats. To find out why, please read the 'How is Kryptor different from age?', 'How is Kryptor different from Minisign?', and 'Why are you using...' sections.

Is there a tutorial for new users?

Yes, click here to view an explanation of each option with examples.

I forgot my password/lost a keyfile, is there any way to recover encrypted files?

Unfortunately not. Assuming you used a secure password/keyfile, it will take an impractical amount of time to bruteforce the encryption keys used. There is no backdoor in Kryptor.

Always remember to store your passwords in a password manager and back up keyfiles to external storage.

Is is safe to use Kryptor for long-term storage?

In theory, yes. If you keep a backup of the source code, program version, and executable, then you should still be able to decrypt old files after several years. The file format is documented here and can be determined from the source code.

However, I recommend re-encrypting your files after breaking changes since that ensures that your files are always encrypted using the latest file format. This is best for security since cryptographic algorithms may get replaced over time.

Which method of encryption should I use?

If you are bad with passwords or just want to remember a single password, then you should use an encryption private key for file encryption.

If you can generate and remember/store strong passwords, then there is nothing wrong with using a password. For extra security, you could also use a keyfile as well as a password.

If you want to share an encrypted file with someone else so that only they can decrypt it, then you should use your encryption private key and their encryption public key.

How do I choose a strong password?

Guidance on choosing strong passwords can be found here. If you are stuck, you can always generate a random passphrase by pressing Enter (typing no password) when asked to enter a password.

What is a keyfile?

A keyfile is a file that is combined with or used as your password. Keyfiles can be randomly generated, or any type of file can be selected to act as a keyfile.

For the best security, I recommend randomly generating keyfiles and using them alongside a strong password. See Generating a Keyfile for instructions.

Although ordinary files can be used as keyfiles (e.g. mp3, zip, jpg), these files are more likely to be accidentally modified. Therefore, I advise against using ordinary files unless you know what you are doing and take adequate precautions (e.g. multiple backups).​

How secure are keyfiles?

If you use a keyfile and a password, you are improving your security since the keyfile is an additional secret required to generate the key encryption key. However, you should randomly generate keyfiles and store them appropriately to gain the most benefit (e.g. on an encrypted memory stick).

By contrast, using a keyfile instead of a password is less secure than using a password since keyfiles have to be stored on disk, whereas passwords can be memorised.

Does Kryptor connect to the internet?

Kryptor runs offline by default but does connect to the internet when you use the -u|--update option to check for updates via GitHub.

How do I report bugs?

Please report bugs via GitHub using the Bug report issue template.

How do I report security vulnerabilities?

Please report vulnerabilities via HackerOne. I will respond as soon as possible.

If you identify a valid security issue, then your name and HackerOne account will be credited in the GitHub release that resolves the vulnerability you reported and in the Acknowledgements section of the website.​

Can I help package Kryptor?

Help from packagers is much appreciated as I have no experience distributing software. If you would be willing to maintain a package (e.g. on Homebrew, Chocolatey, etc), please get in touch.

How is Kryptor different from age?

Kryptor and age have similar goals, but the design decisions were completely different. Age is maintained by Filippo Valsorda, who has considerably more experience and knowledge than me. However, a few aspects of the design are questionable (e.g. the lack of authenticated key exchange), which contributed to me doing things differently in Kryptor. Neither tool is perfect.

Here is a summary of the differences:

  • Kryptor supports authenticated key exchange, whereas age does not. This authentication ensures that the file comes from who you expect. The lack of sender authentication in age means an attacker could replace the ciphertext unnoticed.

  • Kryptor supports file signing using Ed25519, whereas age has classed signing as out of scope (it will never be implemented).​

  • Kryptor encrypts your private key using a password before it gets written to disk, whereas age stores your private key in plaintext.​

  • Age provides better support for multiple recipients (but this is unauthenticated). Kryptor currently requires you to either share a password or encrypt the same file multiple times for multiple recipients (but this is authenticated). However, Kryptor does have additional benefits over age such as hiding whether the file was encrypted using an asymmetric key, keyfile, or password, with the exception of directory encryption.

  • Kryptor uses XChaCha20-BLAKE2b with 16 KiB chunks. This means a longer tag (256-bit) is used, each chunk uses unique keys, and there are no key commitment/multi-key attack issues. In contrast, age uses ChaCha20-Poly1305 with 64 KiB chunks and limits message size to mitigate multi-key attacks. BLAKE2b is more suitable for long-term storage than Poly1305, but it is important to note that such multi-key attacks are unlikely.

  • Kryptor always encrypts files in chunks of 16 KiB, whereas age will not chunk the file if it is less than 64 KiB in size, which leaks the file size.

  • Age uses scrypt, HKDF, and SHA512, whereas Kryptor uses Argon2id and BLAKE2b.

  • Age uses a stanza file format (the headers are not fixed), which means multiple recipients can be specified in one file. By contrast, Kryptor uses a fixed file format. Both approaches have advantages and disadvantages.

  • Kryptor supports keyfiles with/instead of passwords, whereas age does not. Keyfile support was inspired by KeePass and VeraCrypt.

  • Age supports SSH keys, ASCII armor, and various other features for more advanced users. However, age keys are still recommended over SSH keys because using SSH keys allows someone to track files that are encrypted to a specific public key.

  • Kryptor is written in C#, whereas age is written in Go, although they are both garbage-collected languages.

  • Kryptor is just an encryption program, whereas age is also a Go library.

For a more detailed comparison, take a look at the technical details of Kryptor and age.

How is Kryptor different from Minisign?

Kryptor essentially offers the same features as Minisign for signing files, with a few exceptions. Minisign is maintained by Frank Denis, the author of the libsodium library. He has vastly superior knowledge and experience. However, some parts of the Minisign design can arguably be simplified, which is why I decided against using the Minisign format.

Here is a summary of the differences:

  • Minisign is just a signing tool, whereas Kryptor is also an encryption program.

  • Kryptor only supports authenticated (trusted) comments, whereas Minisign also supports unauthenticated (untrusted) comments that can be tampered with.

  • Minisign uses more complicated file/key formats. This makes keys slightly longer.

  • Kryptor uses a binary file format for signature files, whereas Minisign uses text files.

  • Kryptor protects the private key using XChaCha20-BLAKE2b, whereas Minisign uses scrypt as a stream cipher and BLAKE2b as a MAC.

  • Minisign uses scrypt for key derivation, whereas Kryptor uses Argon2id.​

  • Minisign supports unauthenticated (untrusted) comments for the public and private key files. Kryptor does not offer any comment functionality for the key files. This information is too long to be part of the key string, and renaming the key file achieves the same result.

For a more detailed comparison, take a look at the technical details of Kryptor and Minisign.

Why are you using XChaCha20-BLAKE2b?

ChaCha20 has become increasingly popular for several reasons - for example, it has a higher security margin than AES due to a greater number of rounds, it is not vulnerable to timing attacks, and it is consistently fast in software.

XChaCha20 was chosen instead of ChaCha20 due to the longer nonce (192-bits), meaning random nonces can be used safely.

Kryptor v3.0.0 Beta was originally going to use XChaCha20-Poly1305, but I decided to switch to my XChaCha20-BLAKE2b AEAD implementation because Poly1305 is not designed for long-term storage, and the lack of key commitment in popular AEAD schemes allows a ciphertext message to be decrypted using multiple keys. This can theoretically lead to data loss and partitioning oracle attacks.

Although my implementation has not been standardised, neither has XChaCha20, XChaCha20-Poly1305, or Encrypt-then-HMAC. They are all still used in production. XChaCha20-BLAKE2b is just Encrypt-then-MAC with BLAKE2b, support for additional data in the authentication tag calculation, and key derivation baked in. More information is available here.

The main disadvantage of this approach is that XChaCha20-BLAKE2b is slightly slower than XChaCha20-Poly1305. However, the additional security makes the decrease in speed worthwhile.

Why are you using Argon2id?

Argon2 won the Password Hashing Competition in 2015 and is now recommended over other password-based key derivation algorithms such as PBKDF2 and scrypt.

Argon2id is being used because it is the recommended mode according to the RFC draft and Argon2i (the other mode available in libsodium) is vulnerable to attacks.

Why are you using BLAKE2b?

BLAKE2b is used because it is faster than SHA2/SHA3 whilst being at least as secure as SHA3. BLAKE (the algorithm BLAKE2 was based on) was subject to thorough cryptanalysis during the SHA3 competition and found to have a large security margin.

Are the algorithms post-quantum secure?

The asymmetric algorithms are not quantum-safe. Note that most asymmetric algorithms will be broken. With that said, they are currently secure and widely used.​

Once post-quantum cryptographic algorithms become available in libsodium and common in online protocols, I will investigate making the switch to future-proof Kryptor.​

What programming language is Kryptor written in?

Kryptor is written in C# using .NET 5. All development is done in Visual Studio 2019 Community.

What does the version number mean?

Kryptor uses semantic versioning:

  1. The major version. This changes when there are breaking changes.

  2. The minor version. This changes when new functionality is added.

  3. The patch version. This changes when bugs are fixed or code improvements are made.

How do I build Kryptor from source?

Step by step instructions can be found here.