Kryptor
Search…
πŸŽ“
Tutorial

Running Kryptor

Please refer to the Installation page for instructions on how to execute Kryptor on your operating system.

Use cases

Encryption

Encrypting a file ensures that the contents cannot be read or modified without the secret key. You can either:
  1. 1.
    Encrypt files for yourself to store on your computer, external storage (e.g. memory sticks), or in the cloud.
  2. 2.
    Encrypt files for someone else that you can send via an insecure channel (e.g. email, an unencrypted messenger like Discord, or the cloud).
These use cases can be accomplished in the following ways:
  1. 1.
    The easiest way to encrypt files for yourself is by using a password. However, using a private key or password and keyfile can be more secure.
  2. 2.
    The more secure way of encrypting files for someone else is by using a private and public key. However, using a password is easier.

Signing

Signing a file can show that it came from you and was not modified.
This is primarily used for distributing software downloads securely. By signing an installer or ZIP file for your program and publishing your public key, you enable your users to verify that it is an official release and was not tampered with.

Specifying files

When referencing file names/paths that contain spaces, you must surround them with "speech marks":
1
$ kryptor -e "GitHub Logo.png"
2
$ kryptor -e "C:\Users\samuel-lucas6\Downloads\GitHub Logo.png"​
Copied!
Files in the same directory as the kryptor executable can be specified using a file name:
1
$ kryptor -e file.txt​
Copied!
However, files that are in a different directory to the kryptor executable (e.g. in your Documents folder) must be specified using a file path:
1
$ kryptor -e "C:\Users\samuel-lucas6\Documents\file.txt​"
Copied!
Multiple files and/or directories can be specified at once:
1
$ kryptor -e file1.txt file2.jpg file3.mp4 Photos Videos
Copied!

Entering a password

Interactively

There are three ways of entering a password interactively:
  1. 1.
    Press Enter on your keyboard (instead of typing anything) to randomly generate a secure passphrase, which will be displayed in the terminal. Make sure you copy this passphrase into a password manager.
  2. 2.
    Type in your password, press Enter on your keyboard, and retype the password.
  3. 3.
    Paste your password by right-clicking, press Enter on your keyboard, and paste the password again.
Kryptor uses UNIX style password entry, meaning nothing is displayed in the terminal when you type. This prevents someone from seeing the password characters and the length of the password.
Here is what randomly generating a passphrase looks like:
1
$ kryptor -e -p file.txt
2
​
3
Enter a password (leave empty for a random passphrase):
4
​
5
Randomly generated passphrase: Sesame-Immunity-Geometry-Uptown-Divisive-Ibuprofen-Gleaming-Celtic
Copied!
Here is what typing a password looks like:
1
$ kryptor -e -p file.txt
2
​
3
Enter a password (leave empty for a random passphrase):
4
​
5
Retype password:
6
​
Copied!

Non-interactively

Instead of typing in the password interactively as explained above, you can specify -p|--password:"[password]" like so:
1
$ kryptor -e -p:"YeV$Ra7{_IJ]nN2v1m,ei9d+T" file.txt
Copied!
To randomly generate a passphrase this way, you can specify -p|--password:" " as follows:
1
$ kryptor -e -p:" " file.txt
2
​
3
Randomly generated passphrase: Aggregate-Kinsman-Chain-Numerous-Kennel-Breeder-Pessimism-Bucked
Copied!
This method of password entry can also be used for encrypting and decrypting a private key (e.g. for generating a key pair, encrypting files with a private key, or signing files). However, you must specify -x|--private alongside non-interactive password entry for file encryption/decryption.
Here are some examples:
1
$ kryptor -g -p:"w*%Ul=j.F>1e{6H,+#ZWhXYUl"
2
$ kryptor -e -x -p:"1yF+k5l9zezPB}R]Pe+|*;sra" file.txt
3
$ kryptor -d -x -p:"1yF+k5l9zezPB}R]Pe+|*;sra" file.txt.kryptor
4
$ kryptor -s -p:"qJ/k!Fd]Ci0X7xz9;Ay<^1|v<" file.txt
Copied!
This is less secure than interactive password entry because the password is visible and cannot be erased from memory.

Encrypt files for yourself

Using a password

Kryptor will convert your password into a unique encryption key per file/directory. For security reasons, this involves a slight delay.
  • To prevent the file from being decrypted by someone else, always use a strong password! Guidance on generating strong passwords can be found here.
  • If you forget your password, then any files encrypted using that password will be unrecoverable. Therefore, using a password manager is strongly recommended.
You can either type your password:
  1. 1.
    Interactively (recommended): you will be asked to enter a new password and then retype the password for confirmation. You can type nothing initially to randomly generate a passphrase. The characters you type are hidden to prevent someone from seeing your password and the length of the password.
  2. 2.
    Non-interactively (less secure): this involves specifying the password on the command line.
Here is an example using interactive password entry:
1
$ kryptor -e -p file.txt
2
​
3
Enter a password (leave empty for a random passphrase):
4
​
5
Retype password:
6
​
Copied!
Here is an example using non-interactive password entry:
1
$ kryptor -e -p:"CED<7q*[email protected][email protected](" file.txt
Copied!

Using a private key

Kryptor will convert your encryption private key into a unique encryption key per file/directory.
This requires an encryption key pair, which can be generated as follows:
1
$ kryptor -g
2
​
3
Please select a key pair type (type 1 or 2):
4
1) Encryption
5
2) Signing
6
1
7
​
8
Enter a password (leave empty for a random passphrase):
9
​
10
Public key: Q3WgFmQxczaXNmzONsARQVfFejlJuznMbEHU6BSHDBj0Tw==
11
Public key file: "C:\Users\samuel-lucas6\.kryptor\encryption.public"
12
​
13
Private key file: "C:\Users\samuel-lucas6\.kryptor\encryption.private" - Keep this secret!
14
​
15
IMPORTANT: Please back up these files to external storage (e.g. memory sticks).
Copied!
  • If you lose the private key file, then files encrypted using that private key will be unrecoverable. Therefore, you should back up the private key file to external storage (e.g. memory sticks).
  • Never share your private key file! Keep it secret and offline!
When performing encryption, you will be asked to decrypt your private key using your password. For security reasons, this involves a slight delay.
Here is an example of how to use your default encryption private key:
1
$ kryptor -e file.txt
2
​
3
Enter your password:
4
​
Copied!
Here is an example of how to specify an encryption private key not stored in the default folder:
1
$ kryptor -e -x:"C:\Users\samuel-lucas6\Documents\encryption.private" file.txt
2
​
3
Enter your password:
4
​
Copied!

Using a keyfile

Kryptor will convert the hash of the keyfile into a unique encryption key per file/directory. Keyfiles can be used alongside (recommended) or instead of a password (less secure).
  • If the keyfile is lost or modified, then files encrypted using that keyfile will become unrecoverable. Therefore, you should back up keyfiles to external storage (e.g. memory sticks).
  • Never share a keyfile! Keep them secret and offline!
You can either:
  1. 1.
    Randomly generate keyfiles (recommended): you can specify a non-existent file to give the keyfile a name, or you can specify a directory that exists to generate a keyfile with a random name.
  2. 2.
    Select ordinary files (less secure): you can specify any file that is at least 64 bytes long. Compressed files, such as .jpg and .zip, are strongly recommended.
Here is an example of randomly generating a keyfile alongside using a password:
1
kryptor -e -p -k "C:\Users\samuel-lucas6\Documents\keyfile.key" file.txt
2
​
3
Randomly generated keyfile: keyfile.key
Copied!
Here is an example of using an ordinary file as a keyfile alongside a password:
1
$ kryptor -e -p -k "C:\Users\samuel-lucas6\Pictures\wallpaper.jpg" file.txt
Copied!

Encrypt files for someone else

Using a private and public key

Kryptor will convert the shared secret for the (private, public) key pair into a unique encryption key per file/directory. This is one-way encryption; only the recipient can decrypt the files/directories you send, using their private key.
Both you (the sender) and the recipient need to generate an encryption key pair once, which can be generated as follows:
1
$ kryptor -g
2
​
3
Please select a key pair type (type 1 or 2):
4
1) Encryption
5
2) Signing
6
1
7
​
8
Enter a password (leave empty for a random passphrase):
9
​
10
Public key: Q3WgFmQxczaXNmzONsARQVfFejlJuznMbEHU6BSHDBj0Tw==
11
Public key file: "C:\Users\samuel-lucas6\.kryptor\encryption.public"
12
​
13
Private key file: "C:\Users\samuel-lucas6\.kryptor\encryption.private" - Keep this secret!
14
​
15
IMPORTANT: Please back up these files to external storage (e.g. memory sticks).
Copied!
  • Never share your private key file! Keep it secret and offline!
  • Back up the private key file to external storage (e.g. memory sticks).
  • Do not overwrite input files (please see the Overwriting input files section) unless you (the sender) want to lose access to them.
Next, you need to exchange encryption public keys (e.g. via a messaging app). This only needs to be done once unless either or both of you generate a new key pair. You can either share your public key:
  1. 1.
    As a string (easiest): Q3WgFmQxczaXNmzONsARQVfFejlJuznMbEHU6BSHDBj0Tw==
  2. 2.
    As a .public file (more long-term): ~\.kryptor\encryption.public
When performing encryption, you will be asked to decrypt your private key using your password. For security reasons, this involves a slight delay.
Here is an example of how to use your default encryption private key:
1
$ kryptor -e -y Q3W9uqyBvaWr6ONs0hbiWT6AncnYXmmC/2pcuOT8wo8eVw== file.txt
2
​
3
Enter your password:
4
​
Copied!
Here is an example of how to specify an encryption private key not stored in the default folder:
1
$ kryptor -e -x:"C:\Users\samuel-lucas6\Documents\encryption.private" -y Q3W9uqyBvaWr6ONs0hbiWT6AncnYXmmC/2pcuOT8wo8eVw== file.txt
Copied!
After the encryption has finished, you can share the encrypted files with the recipient (e.g. via a messaging app or cloud storage service).

Using a password

Kryptor will convert your password into a unique encryption key per file/directory. For security reasons, this involves a slight delay.
This is not one-way encryption; anyone who knows the password will be able to decrypt any shared encrypted files/directories. Therefore, encryption using a private and public key is more secure.
  • To prevent the file from being decrypted by someone else, always use a strong password! Guidance on generating strong passwords can be found here.
  • Never send someone a password via an insecure channel (e.g. email, SMS, an unencrypted messenger like Discord, or the cloud)! This would completely defeat the point of using file encryption.
  • Use disappearing messages or delete the message containing the password manually after the recipient has written it down or decrypted the file.
  • Use a different password every time.
You can either type your password:
  1. 1.
    Interactively (recommended): you will be asked to enter a new password and then retype the password for confirmation. You can type nothing initially to randomly generate a passphrase. The characters you type are hidden to prevent someone from seeing your password and the length of the password.
  2. 2.
    Non-interactively (less secure): this involves specifying the password on the command line.
Here is an example using interactive password entry:
1
$ kryptor -e -p file.txt
2
​
3
Enter a password (leave empty for a random passphrase):
4
​
5
Retype password:
6
​
Copied!
Here is an example using non-interactive password entry:
1
$ kryptor -e -p:"wRL~DXzEmQu}Xled|_;C&/0|}" file.txt
Copied!
Then share the password with the recipient using an end-to-end encrypted messaging app (e.g. Signal) with disappearing messages if possible.

Encryption options

Overwriting input files

For each specified file, Kryptor will copy the encrypted file to the location of the unencrypted input file before deleting the overwritten input file, leaving just the encrypted file.
Here is an example:
1
$ kryptor -e -o file.txt
Copied!

Encrypting file names

The names of encrypted files will be randomised, and the original name for each file will be restored automatically during decryption.
Here is an example:
1
$ kryptor -e -n file.txt
Copied!
Do not rename encrypted folders if you have specified this option as it will currently prevent the folder names being restored correctly. This limitation will be fixed in v4.

Decrypt your files

Using your password

Kryptor will convert your password into the unique encryption key per file/directory used for encryption. For security reasons, this involves a slight delay.
You can either type your password:
  1. 1.
    Interactively (recommended): you will be asked to enter your password and then retype the password for confirmation. The characters you type are hidden to prevent someone from seeing your password and the length of the password.
  2. 2.
    Non-interactively (less secure): this involves specifying your password on the command line.
Here is an example using interactive password entry:
1
$ kryptor -d -p file.txt.kryptor
2
​
3
Enter your password:
4
​
5
Retype password:
6
​
Copied!
Here is an example using non-interactive password entry:
1
$ kryptor -d -p:"CED<7q*[email protected][email protected](" file.txt.kryptor
Copied!

Using your private key

Kryptor will convert your encryption private key into the unique encryption key per file/directory used for encryption.
You will be asked to decrypt your private key using your password. For security reasons, this involves a slight delay.
Here is an example of how to use your default encryption private key:
1
$ kryptor -d file.txt.kryptor
2
​
3
Enter your password:
4
​
Copied!
Here is an example of how to specify an encryption private key not stored in the default folder:
1
$ kryptor -d -x:"C:\Users\samuel-lucas6\Documents\encryption.private" file.txt.kryptor
2
​
3
Enter your password:
4
​
Copied!

Using your keyfile

Kryptor will convert the hash of the keyfile into the unique encryption key per file/directory used for encryption.
Here is an example of specifying a keyfile alongside a password:
1
$ kryptor -d -p -k "C:\Users\samuel-lucas6\Documents\keyfile.key" file.txt.kryptor
Copied!

Decrypt files you were sent

Using a private and public key

Kryptor will convert the shared secret for the (private, public) key pair into the unique encryption key per file/directory used for encryption. The sender cannot decrypt the files/directories they sent; only you (the recipient) can.
You will be asked to decrypt your private key using your password. For security reasons, this involves a slight delay.
Here is an example of how to use your default encryption private key:
1
$ kryptor -d -y Q3WgFmQxczaXNmzONsARQVfFejlJuznMbEHU6BSHDBj0Tw== file.txt.kryptor
2
​
3
Enter your password:
4
​
Copied!
Here is an example using a private key not stored in the default folder:
1
$ kryptor -d -x:"C:\Users\samuel-lucas6\Documents\encryption.private" -y Q3WgFmQxczaXNmzONsARQVfFejlJuznMbEHU6BSHDBj0Tw== file.txt.kryptor
2
​
3
Enter your password:
4
​
Copied!

Using a password

Kryptor will convert your password into the unique encryption key per file/directory used for encryption. For security reasons, this involves a slight delay.
This is not one-way encryption; anyone who knows the password will be able to decrypt any encrypted files/directories that were sent.
You can either type your password:
  • Interactively (recommended): you will be asked to enter your password and then retype the password for confirmation. The characters you type are hidden to prevent someone from seeing your password and the length of the password.
  • Non-interactively (less secure): this involves specifying your password on the command line.
Here is an example using interactive password entry:
1
$ kryptor -d -p file.txt.kryptor
2
​
3
Enter your password:
4
​
5
Retype password:
6
​
Copied!
Here is an example using non-interactive password entry:
1
$ kryptor -d -p:"CED<7q*[email protected][email protected](" file.txt.kryptor
Copied!

Decryption options

Deleting encrypted files

Kryptor will delete the specified encrypted files after decryption, leaving just the decrypted files.
Here is an example:
1
$ kryptor -d -o file.txt.kryptor
Copied!

Sign files

Kryptor will use your signing private key to create a signature file for each file you specify. Sharing the file, signature file, and your public key allows other people to verify the signature for that file.
This requires a signing key pair, which can be generated as follows:
1
$ kryptor -g
2
​
3
Please select a key pair type (type 1 or 2):
4
1) Encryption
5
2) Signing
6
2
7
​
8
Enter a password (leave empty for a random passphrase):
9
​
10
Public key: RWRfyoF8ofT8GqaRvEP0EqDo11B+yBbo0QuBDXsM9/jZEQ==
11
Public key file: "C:\Users\samuel-lucas6\.kryptor\signing.public"
12
​
13
Private key file: "C:\Users\samuel-lucas6\.kryptor\signing.private" - Keep this secret!
14
​
15
IMPORTANT: Please back up these files to external storage (e.g. memory sticks).
Copied!
  • If you lose the private key file, then files encrypted using that private key will be unrecoverable. Therefore, you should back up the private key file to external storage (e.g. memory sticks).
  • Never share your private key file! Keep it secret and offline!
You can either share your public key:
  • As a string (easiest): RWRfyoF8ofT8GqaRvEP0EqDo11B+yBbo0QuBDXsM9/jZEQ==
  • As a .public file (more long-term): ~\.kryptor\signing.public
Before signing, you will be asked to decrypt your private key using your password. For security reasons, this involves a slight delay.
Here is an example of how to use your default signing private key:
1
$ kryptor -s file.zip
2
​
3
Enter your password:
4
​
Copied!
Here is an example of how to use a private key not stored in the default folder:
1
$ kryptor -s -x:"C:\Users\samuel-lucas6\Documents\signing.private" file.zip
2
​
3
Enter your password:
4
​
Copied!

Specifying a custom signature file

If you want to give the signature file a custom name or store it in a different location to the file being signed, then you must specify a custom file name/path.
Here is an example:
1
$ kryptor -s -t "C:\Users\samuel-lucas6\Documents\file.signature" file.zip
Copied!

Specifying a comment

Kryptor will verify the comment as part of the signature and display it to the user verifying the signature if verification succeeds. If you do not specify a comment, then the default comment will be used.
Remember to type "speech marks" around the comment like so:
1
$ kryptor -s -c "Signed by Bob on the 4th of February 2022." file.zip
Copied!
If you do not want an authenticated comment, then you can type a space as the comment:
1
$ kryptor -s -c " " file.zip
Copied!

Signing large files

If you have limited RAM, then you may not be able to sign large files without prehashing. However, Kryptor automatically uses prehashing when you select a file that is greater than 1 GiB in size, so this should not be a problem on most machines.
Here is an example using prehashing:
1
$ kryptor -s -l photos.zip
Copied!

Verify a signature

If you have a signature, the associated file to verify, and the signer's public key, then you can verify that the signature is valid for that file and public key.
You can either specify their public key:
  • As a string (easiest): RWRfyoF8ofT8GqaRvEP0EqDo11B+yBbo0QuBDXsM9/jZEQ==
  • As a .public file (more long-term): signing.public
If you see the message 'Bad signature', then the signature is not valid for that public key and the comment will not be displayed. This means either:
  • The public key is wrong for that signature file.
  • The file has been corrupted or tampered with.
If the signature file has the same file name (minus the .signature extension) and is in the same directory as the file to verify, then you do not need to specify the signature file:
1
$ kryptor -v -y RWRfyoF8ofT8GqaRvEP0EqDo11B+yBbo0QuBDXsM9/jZEQ== file.zip
2
​
3
Good signature.
4
Authenticated comment: Signed by Bob on the 4th of February 2022.
Copied!
Here is an example where the signature file name is different to that of the file to verify:
1
$ kryptor -v -y RWRfyoF8ofT8GqaRvEP0EqDo11B+yBbo0QuBDXsM9/jZEQ== -t file.signature file.zip
Copied!
If the signature is valid, then you will see the message 'Good signature', followed by the authenticated comment.

Generating a new key pair

Kryptor will randomly generate an asymmetric key pair and use your password to encrypt the private key. For security reasons, this involves a slight delay.
The asymmetric keys will be exported to files (.public and .private), and the file paths will be displayed in the terminal. The public key will also be displayed in the terminal as a Base64 string, which can be copied and pasted. Only the public key should be shared.
  • To protect the private key in the event of a leak or physical/remote access, always use a strong password! Guidance on generating strong passwords can be found here.
  • Always back up the private key file to external storage (e.g. memory sticks).
  • Never share your private key file! Keep it secret and offline!
The default key directory depends on your operating system:
  • Windows: %USERPROFILE%/.kryptor
  • Linux: /home/.kryptor
  • macOS: /Users/USERNAME/.kryptor
Using the default key directory saves you typing in the path of your private key each time you want to use it.
Here is an example of using the default key directory:
1
$ kryptor -g
2
​
3
Please select a key pair type (type 1 or 2):
4
1) Encryption
5
2) Signing
6
2
7
​
8
Enter a password (leave empty for a random passphrase):
9
​
10
Public key: RWRfyoF8ofT8GqaRvEP0EqDo11B+yBbo0QuBDXsM9/jZEQ==
11
Public key file: "C:\Users\samuel-lucas6\.kryptor\signing.public"
12
​
13
Private key file: "C:\Users\samuel-lucas6\.kryptor\signing.private" - Keep this secret!
14
​
15
IMPORTANT: Please back up these files to external storage (e.g. memory sticks).
Copied!
Here is an example of specifying a custom key directory:
1
$ kryptor -g "C:\Users\samuel-lucas6\Documents\Keys"
Copied!
You can share your encryption public key string/file with other people for file encryption so they can send you an encrypted file that only you will be able to decrypt.
You can share your signing public key string/file to allow other people to verify signatures you created so people can verify the authenticity of a file.

Overwriting key pairs

If you have already generated a key pair, then you must specify that you want to overwrite the key pair when generating a new key pair of the same type (encryption or signing).
This will replace the existing key pair.​ Make sure you back up the old key pair if you do not want to lose access to it.
Here is an example:
1
$ kryptor -g -o
Copied!
Last modified 30d ago