Suggesting a new feature

If you would like to suggest a new feature, then feel free to open a feature request on GitHub. However, please read the Goals section first to ensure that your feature is not out of scope.
Note that I will probably not implement your feature if it would make user input more complicated, the code significantly less readable, or if it is unnecessary/satisfies a rare use case. For example, very few people currently own YubiKeys and adding support for SSH keys would add a lot of complexity.​


The main aim of this release is to improve on design decisions from v3 that I am not happy with. As you can see below, there are quite a few things to work on, and I am going to be busy academically this year, meaning it will take a long time for this release to happen.
    Modify the ChaCha20-BLAKE2b implementation to reuse the same encryption key for each chunk. This will be a breaking change.
    Use ChaCha20-BLAKE2b with a counter nonce starting at 0. There is no need for a random nonce for file encryption or private key encryption. File encryption needs a counter nonce, and private key encryption can use a fixed nonce. This will save me from storing nonces, simplifying the file formats. This will be a breaking change.
    Store the original file name in an encrypted file header rather than appending it to the end of the input file. Pad it to 256 bytes to avoid giving away the length. This will be a breaking change.
    Store the amount of padding as a header rather than the last chunk length. This will be a breaking change.
    Do not use the last authentication tag as additional data. This is unnecessary when a counter nonce is used and just worsens performance. This will be a breaking change.
    Use some domain separation context information when prehashing before Ed25519 signing. This will be a breaking change.
    Switch from libsodium-core to Geralt once I manage to finish the library. This will allow for much better naming, performance improvements, the correct use of certain functions, less clutter in terms of algorithm support, and publicly accessible constants that can be referenced.
    Use sodium_mlock() to ensure that sensitive arrays can always be zeroed out properly. This is not available in libsodium-core.
    Switch to sodium_memcmp() for constant time comparison. This is not available in libsodium-core.
    Switch to sodium_memzero() for zeroeing sensitive arrays. This is not available in libsodium-core.
    Consider compressing directories and encrypting the ZIP file. This would probably require an encrypted header indicating whether the file needs to be extracted after decryption. This would make directory encryption indistinguishable from file encryption, but it would prevent people from decrypting individual files. This would be a breaking change.
    Consider feeding context information through the message parameter when deriving keys and keyfile bytes using BLAKE2b. This would be a breaking change.
    Investigate supporting a preshared key to provide post-quantum security for file sharing. This might not be worth the complexity.
    Consider not chunking files less than 16 KiB. This would reduce storage overhead but reveal the size of small files unless some other padding was implemented. This would be a breaking change.​
    Consider concatenating the long-term shared secret and ephemeral shared secret the other way around to comply with the Noise Protocol Framework specification. This would be a breaking change.
    Consider implementing fault attack countermeasures for Ed25519. Please see the Known limitations section for details.
    Consider always prehashing for file signatures, as done by the latest version of Minisign. This makes sense from an efficiency, fault attack countermeasure, and consistency perspective. However, Kryptor signs the Ed25519 variant, meaning it is not susceptible to this issue that affected previous versions of Minisign.
    Investigate specifying multiple recipients for hybrid file encryption.​ This is a lot easier said than done, especially to do it properly. This may never get implemented.

Website improvements

Last modified 7d ago