Three words: security, privacy, and usability.
- 2.Unlike most tools, Kryptor limits metadata by using an indistinguishable from random encrypted file format. Encrypted files have no identifiable headers and are randomly padded. File names can also be encrypted.
- 3.Encrypt/sign multiple files and directories at once. No need to specify an output file path. No config options. Short public keys. Fewer command-line options than Minisign whilst also supporting encryption.
No, audits are extremely expensive (e.g. $5,000+). A very generous donation would be required to cover the cost.
A keyfile is a file that's combined with or used instead of a passphrase. If combined, it acts like 2FA. Used alone, it's weaker than a passphrase in that it's stored on disk and can't be memorised.
However, if you insist on choosing a regular file, make sure it's a compressed file type (e.g.
Navigate to the following folder based on your operating system:
.privatefiles to external storage (e.g. memory sticks). Keeping private keys offline is good practice even though they're encrypted.
The latter 32 bytes of block 0 (after the Poly1305 key) are prepended to the ciphertext as a commitment. For decryption, this commitment is checked in constant time alongside the tag, eliminating a timing difference. Here's some code.