# FAQ
## General
Is Kryptor compatible with age and Minisign?
No, it uses newer cryptographic primitives and different file formats to address [problems](/master.md#goals) with both tools. However, Kryptor isn't perfect either.
Why should I use Kryptor over the alternatives?
Three words: security, privacy, and usability.
1. Kryptor uses [strong, fast, and modern](/features.md#security) cryptographic algorithms, offering [post-quantum security](https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Brochure/quantum-safe-cryptography.html?nn=433196). It also addresses security [limitations](/master.md#goals) of tools like [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/).
2. Unlike most tools, Kryptor limits metadata by using an indistinguishable from random encrypted file format. Encrypted files have no identifiable headers and are randomly padded. File names can also be encrypted.
3. Encrypt/sign multiple files and directories at once. No need to specify an output file path. No config options. Short public keys. Fewer command-line options than [Minisign](https://jedisct1.github.io/minisign/) whilst also supporting encryption.
When should I not use Kryptor?
* If you want to frequently access lots of your encrypted files (e.g. multiple large directories), you should use [Cryptomator](https://cryptomator.org/) or [VeraCrypt](https://www.veracrypt.fr/).
* If you want to encrypt a disk, you should use [VeraCrypt](https://www.veracrypt.fr/) on Windows, [LUKS](https://gitlab.com/cryptsetup/cryptsetup/) on Linux, and [FileVault](https://support.apple.com/en-gb/guide/mac-help/mh11785/mac) on macOS.
* If you want to use SSH keys, you should use [age](https://github.com/FiloSottile/age). However, SSH keys aren't recommended by the author.
* If you want something based on an industry standard, you're [stuck](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) with [GPG](https://gnupg.org/).
Has Kryptor been audited?
No, audits are extremely expensive (e.g. **$5,000+**). A very generous donation would be required to cover the cost.
However, some cryptographers were contacted for design feedback and advice, [libsodium](https://doc.libsodium.org/) and [Monocypher](https://monocypher.org/) are used for the cryptography, and it should be possible to single-handedly audit the code.
I forgot my passphrase/lost a key, can I recover encrypted files?
No, it would take an impractical amount of time to bruteforce the encryption keys unless you used a very weak passphrase/low entropy key.
Is it safe to use Kryptor for long-term backups?
Sort of. Backwards compatibility for major versions is not a goal for Kryptor, as explained [here](/master.md#out-of-scope). However, Kryptor doesn't get updated that frequently. Breaking changes will get grouped together and require significant planning and sometimes waiting for dependencies to get updated.
To ensure you can decrypt files in the future, you can either:
1. Keep a copy of the executable and source code of the version used to encrypt files. The .NET version will eventually go out of support, but you can edit the version in the source code and rebuild. The main risk is that further changes may be needed to get things working due to .NET/dependency changes, which would require some familiarity with C#.
2. Re-encrypt files when a new major version is released.
The second approach is recommended if possible.
Does Kryptor connect to the internet?
No, unless you use the `-u|--update` option to check for updates via [GitHub](https://github.com/samuel-lucas6/Kryptor/blob/master/version.txt), as explained [here](/features.md#privacy).
## Best practices
Which method of encryption should I use?
* For yourself: passphrases or random pre-shared keys. Keep them in a password manager.
* For others: your private key and their public key. Keep your private key backed up on external storage (e.g. memory sticks).
How do I choose a strong passphrase?
Just let Kryptor [generate a passphrase](/tutorial/entering-a-passphrase.md) for you and store it in a password manager like [KeePassXC](https://keepassxc.org/) or [Bitwarden](https://bitwarden.com/).
What's a keyfile?
A keyfile is a file that's combined with or used instead of a passphrase. If combined, it acts like 2FA. Used alone, it's weaker than a passphrase in that it's stored on disk and can't be memorised. In both cases, it needs to be kept secret.
A [random keyfile](/tutorial.md#using-a-keyfile) is equivalent to a random symmetric key stored on disk. Using a regular file as a keyfile is equivalent to hashing the file, so the file should be high in entropy (e.g. compressed).
How do I choose a keyfile?
Just let Kryptor [generate a keyfile](/tutorial/encrypting-files-for-yourself.md#using-a-keyfile) for you and back it up on external storage (e.g. memory sticks).
However, if you insist on choosing a regular file, make sure it's a compressed file type (e.g. `.zip`).
Should I store keyfiles in the cloud?
No, they're not encrypted. It would be like uploading a text file containing your passphrase.
How do I share my public key?
Send people your public key string or `.public` file. Either could also be put on a personal website.
How do I back up my private key?
Navigate to the `~/.kryptor` directory and copy any `.private` files to external storage (e.g. memory sticks). Keeping private keys offline is good practice even though they're encrypted.
How do I share a pre-shared key?
Using an [end-to-end encrypted messenger](https://signal.org/) with [disappearing messages](https://support.signal.org/hc/en-us/articles/360007320771-Set-and-manage-disappearing-messages) enabled.
When should I rotate my key pair?
When you think the private key has been compromised, which shouldn't happen if you keep it offline and use a strong passphrase.
## Contributing
How do I report bugs?
Please use the `Bug report` issue template on [GitHub](https://github.com/samuel-lucas6/Kryptor/issues/new/choose).
How do I report vulnerabilities?
Please read the [SECURITY.md](https://github.com/samuel-lucas6/Kryptor/blob/master/SECURITY.md) file on GitHub.
Can I help package Kryptor?
Yes, please [get in touch](/master.md#contact).
## Crypto
Why ChaCha20-Poly1305?
It's fast, [standardised](https://www.rfc-editor.org/rfc/rfc8439), doesn't require hardware support, and ChaCha20 has a [higher security margin](https://eprint.iacr.org/2019/1492) than AES.
How does the key-committing ChaCha20-Poly1305 padding fix work?
The latter 32 bytes of block 0 (after the Poly1305 key) are prepended to the ciphertext as a commitment. For decryption, this commitment is checked in constant time alongside the tag, eliminating a timing difference. [Here's](https://github.com/samuel-lucas6/kcChaCha20-Poly1305) some code.
This is similar to the padding fix discussed in [*How to Abuse and Fix Authenticated Encryption Without Key Commitment*](https://eprint.iacr.org/2020/1456). Credit goes to Loup Vaillant for the block 0 [idea](https://old.reddit.com/r/crypto/comments/opm10n/do_i_need_a_key_committing_aead_to_be_random_key/).
Why BLAKE2b?
It's [faster](https://www.blake2.net/) than SHA-2 and SHA-3 whilst having a larger security margin than [BLAKE3](https://github.com/BLAKE3-team/BLAKE3) and being as real-world [secure](https://eprint.iacr.org/2019/1492) as SHA-3.
Why Argon2id?
Argon2 won the [Password Hashing Competition](https://www.password-hashing.net/) in 2015 and is now recommended over other password-based key derivation algorithms, such as PBKDF2 and scrypt.
Argon2id is used because it's the recommended mode in the [RFC](https://www.rfc-editor.org/rfc/rfc9106.html#name-recommendations) and Argon2i is vulnerable to [attacks](https://eprint.iacr.org/2016/759) plus weaker in terms of GPU/ASIC resistance.
Why randomised padding?
[PADMÉ](https://petsymposium.org/2019/files/papers/issue4/popets-2019-0056.pdf) padding, which is deterministic, was originally implemented. However, [Covert Encryption](https://github.com/covert-encryption/covert) convinced me that it [seems wrong](https://github.com/covert-encryption/covert/blob/main/docs/Rationale.md#random-padding) to have deterministic file sizes when trying to make files indistinguishable from random.
## Coding
How do I build from source?
Instructions can be found [here](/installation.md#building-kryptor-from-source).
Why are Kryptor executables ~30 MiB?
Because the .NET runtime is [included](https://learn.microsoft.com/en-us/dotnet/core/deploying/#publish-self-contained) so users don't have to install .NET themselves, and [ReadyToRun](https://learn.microsoft.com/en-us/dotnet/core/deploying/ready-to-run) compilation is enabled to improve startup performance.
What programming language is Kryptor written in?
[C#](https://learn.microsoft.com/en-us/dotnet/csharp/) using [.NET 8](https://dotnet.microsoft.com/en-us/download/dotnet/8.0).
What versioning do you use?
[Semantic versioning](https://semver.org/).
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://www.kryptor.co.uk/faq.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.