'-'
symbol in-between each word.kryptor.salt
file inside the parent directory as well as being a header in each encrypted file so that files can be decrypted individually."Kryptor.Personal"
converted to a byte array using UTF8 encoding as the personalisation."Kryptor.Personal"
converted to a byte array using UTF8 encoding as the personalisation.-n|--names
option, random output file names are generated by converting 16 bytes of random data to Base64URL.magicBytes || encryptionVersion || ephemeralPublicKey || salt || nonce || encryptedHeaderβ
encryptionVersion
: the file format version converted to bytes in little-endian (2 bytes). This will only be incremented after breaking changes.encryptedHeader
: contains the last chunk length, file name length, and DEK (72 bytes). XChaCha20-BLAKE2b(lastChunkLength || fileNameLength || dataEncryptionKey)
.lastChunkLength
: the length of the last chunk converted to bytes in little-endian (4 bytes). This allows the padding to be removed.fileNameLength
: the length of the input file name converted to bytes in little-endian (4 bytes). This allows the original file name to be read from the end of the file. The length is 0 if the user did not specify -n|--names
.dataEncryptionKey
: a random encryption key per file (32 bytes). This is used to encrypt the file data.ciphertext || authenticationTag
.public
and .private
files. The default key directory is %USERPROFILE%/.kryptor
on Windows, /home/.kryptor
on Linux, and /Users/USERNAME/.kryptor
on macOS.Base64(keyAlgorithm || publicKey)
keyAlgorithm
: the public key algorithm (2 bytes). Either Encoding.UTF8.GetBytes("Cu")
(for Curve25519) or Encoding.UTF8.GetBytes("Ed")
(for Ed25519).publicKey
: the randomly generated public key (32 bytes).Base64(keyAlgorithm || privateKeyVersion || salt || nonce || encryptedPrivateKey)
privateKeyVersion
: the private key version converted to bytes in little-endian (2 bytes). This will only be incremented after breaking changes.encryptedPrivateKey
: XChaCha20-BLAKE2b(privateKey)
(96 bytes). The key algorithm and private key version are concatenated and used as additional data.magicBytes || signatureVersion || prehashed || fileSignature || comment || globalSignature
signatureVersion
: the file format version converted to bytes in little-endian (2 bytes). This is only incremented after breaking changes.-l|--prehash
was specified. By default, files are read into memory (PureEdDSA) unless they are equal to or greater than 1 GiB in size (HashedEdDSA)."Bad signature"
is displayed."Bad signature"
is displayed."Good signature"
is displayed to the user, followed by the authenticated comment.