FAQ
No, it uses newer cryptographic primitives and different file formats to address problems with both tools. However, Kryptor isn't perfect either.
Three words: security, privacy, and usability.
- 1.Kryptor uses strong, fast, and modern cryptographic algorithms, offering post-quantum security. It also addresses security limitations of tools like age and Minisign.
- 2.Unlike most tools, Kryptor limits metadata by using an indistinguishable from random encrypted file format. Encrypted files have no identifiable headers and are randomly padded. File names can also be encrypted.
- 3.Encrypt/sign multiple files and directories at once. No need to specify an output file path. No config options. Short public keys. Fewer command-line options than Minisign whilst also supporting encryption.
- If you want to frequently access lots of your encrypted files (e.g. multiple large directories), you should use Cryptomator or VeraCrypt.
- If you want to use SSH keys, you should use age. However, SSH keys aren't recommended by the author.
No, audits are extremely expensive (e.g. $5,000+). A very generous donation would be required to cover the cost.
However, some cryptographers were contacted for design feedback and advice, libsodium and Monocypher are used for the cryptography, and it should be possible to single-handedly audit the code.
A keyfile is a file that's combined with or used instead of a passphrase. If combined, it acts like 2FA. Used alone, it's weaker than a passphrase in that it's stored on disk and can't be memorised.
A random keyfile is equivalent to a random symmetric key stored on disk. Using a regular file as a keyfile is equivalent to hashing the file, so the file should be high in entropy (e.g. compressed).
Just let Kryptor generate a keyfile for you and back it up on external storage (e.g. memory sticks).
However, if you insist on choosing a regular file, make sure it's a compressed file type (e.g.
.zip
).Navigate to the following folder based on your operating system:
- Windows:
%USERPROFILE%/.kryptor
- Linux:
/home/.kryptor
- macOS:
/Users/USERNAME/.kryptor
Copy any
.private
files to external storage (e.g. memory sticks). Keeping private keys offline is good practice even though they're encrypted.It's fast, standardised, doesn't require hardware support, and ChaCha20 has a higher security margin than AES.
The latter 32 bytes of block 0 (after the Poly1305 key) are prepended to the ciphertext as a commitment. For decryption, this commitment is checked in constant time alongside the tag, eliminating a timing difference. Here's some code.
This is similar to the padding fix discussed in How to Abuse and Fix Authenticated Encryption Without Key Commitment. Credit goes to Loup Vaillant for the block 0 idea.
Argon2 won the Password Hashing Competition in 2015 and is now recommended over other password-based key derivation algorithms, such as PBKDF2 and scrypt.
PADMÉ padding, which is deterministic, was originally implemented. However, Covert Encryption convinced me that it seems wrong to have deterministic file sizes when trying to make files indistinguishable from random.
Because the .NET runtime is included so users don't have to install .NET themselves, and ReadyToRun compilation is enabled to improve startup performance.
Last modified 9mo ago