Kryptor
Search…
Tutorial

Running Kryptor

Please refer to the Installation page for instructions on how to execute Kryptor on your operating system.

Specifying files

When referencing file paths/file names that contain spaces, you must surround them with "speech marks" on Windows and 'apostrophes' on Linux/macOS. Here is an example for Windows:
1
$ kryptor -e -p "GitHub Logo.png"
2
$ kryptor -e -p "C:\Users\samuel-lucas6\Downloads\GitHub Logo.png"
Copied!
Files in the same directory as the kryptor executable can be specified using a file name:
1
$ kryptor -e -p message.txt​
Copied!
However, files that are in a different directory to the kryptor executable (e.g. in your Documents folder) must be specified using a file path:
1
$ kryptor -e -p C:\Users\samuel-lucas6\Documents\message.txt​
Copied!

Password entry

Kryptor uses UNIX style password entry, meaning nothing is displayed in the terminal when you type. This prevents someone from seeing the password characters and the length of the password. You can paste passwords by right clicking. Once you have typed in or pasted your password, press Enter on your keyboard to continue.
When asked to enter a password, you can press Enter on your keyboard (instead of typing anything) to randomly generate a secure passphrase, which will be displayed in the terminal. To copy the passphrase, select it by holding down the left click and dragging before releasing the left click and right clicking to copy it. You can then paste this passphrase into a password manager so you do not forget it.
1
$ kryptor -e -p message.txt
2
3
Enter a password (leave empty for a random passphrase):
4
5
Randomly generated passphrase: Sesame-Immunity-Geometry-Uptown-Divisive-Ibuprofen-Gleaming-Celtic
Copied!

File encryption

To perform file encryption, use the -e|--encrypt option. You can either use a password, keyfile, password and keyfile, private key, or private key and public key, as explained in the following sections. Then you can specify as many files and directories to encrypt as you would like.

Using a password

To perform encryption using a password, use the -p|--password option. Kryptor will ask you to enter a new password and then to retype the same password for confirmation. The characters you type are hidden to prevent someone from seeing your password and the length of the password.
1
$ kryptor -e -p message.txt
Copied!
Always use a strong password! Guidance on generating strong passwords can be found here.

Using a keyfile

For some extra security, you can use a password and a keyfile for encryption by using the -k|--keyfile option to specify a keyfile.
Please see the Generating a keyfile section for instructions on how to randomly generate a keyfile. Alternatively, you can specify any type of file as a keyfile, but make sure you do not accidentally modify the file.
1
$ kryptor -e -p -k keyfile.key message.txt
Copied!

Generating a keyfile

To randomly generate a keyfile, you can type in a directory or file path after the -k|--keyfile option like so:
1
$ kryptor -e -k C:\Users\samuel-lucas6\Documents message.txt
2
3
Randomly generated keyfile: df00kis5djjuruahggarhe.key
Copied!

Using a private key

Instead of a password and/or keyfile, you can use your private key to encrypt files. This requires an encryption key pair. Please see the Generating a new key pair section for more details.
To specify your default encryption private key, you can use -e|--encrypt on its own or the -x|--private option without specifying a file path. You will be asked to decrypt your private key using your password.
1
$ kryptor -e message.txt
2
3
Enter your password:
Copied!

Using a private and public key (file sharing)

You can use hybrid encryption to send an encrypted file to someone else. Note that this is one-way encryption. You (the sender) cannot decrypt the file; only the recipient can, using their private key. This means that you should not overwrite the original file (please see the Overwriting input files section) unless you want to lose access to it.
  1. 1.
    Both you (the sender) and the recipient need to generate an encryption key pair. Please see the Generating a new key pair section for instructions.
  2. 2.
    Next, you need to exchange encryption public keys (e.g. via a messaging app). You can either share your public key as a string (e.g. Q3W9uqyBvaWr6ONs0hbiWT6AncnYXmmC/2pcuOT8wo8eVw==) or as a .public file. This never has to be done again unless you or the recipient changes their encryption key pair.
  3. 3.
    You can then specify your private key (using -x|--private) and the recipient's public key (using -y|--public) to encrypt files/folders. However, if you are using your default encryption private key, then there is no need to specify -x|--private.
  4. 4.
    You will be asked to enter your private key password.
Here is an example of how to use your default encryption private key:
1
$ kryptor -e -y Q3W9uqyBvaWr6ONs0hbiWT6AncnYXmmC/2pcuOT8wo8eVw== message.txt
2
3
Enter your password:
Copied!
Never share your private key! Only exchange public keys. Sharing your public key as a string is easiest.

Overwriting input files

To overwrite files you want to encrypt, use the -o|--overwrite option.
1
$ kryptor -e -p -o message.txt
Copied!
Remember that when encrypting to a recipient using their public key (please see the Using a private and public key section), the encryption is one-way. Therefore, overwriting the file will cause you (the sender) to lose access.

Obfuscating ouput file names

If you are concerned about file/folder names giving away what you have encrypted, then you can use the -f|--obfuscate option to give encrypted files/folders random names. The original names will be restored during decryption.
1
$ kryptor -e -p -f message.txt
Copied!

File decryption

File decryption is exactly the same process as file encryption except that you need to use the -d|--decrypt option and specify .kryptor files or a directory containing .kryptor files.

Using a password

To indicate that a password was used for encryption, use the -p|--password option. Kryptor will then ask you to enter your password.
1
$ kryptor -d -p message.txt.kryptor
Copied!

Using a keyfile

To indicate that a keyfile was used for encryption, use the -k|--keyfile option.
1
$ kryptor -d -p -k keyfile.key message.txt.kryptor
Copied!

Using a private key

To indicate that your default encryption private key was used for encryption, you can use the -d|--decrypt option on its own or the -x|--private option without specifying a file path. You will be asked to decrypt your private key using your password.
1
$ kryptor -d message.txt.kryptor
Copied!

Using a private and public key (file sharing)

Use the -x|--private option to specify your private key (as the recipient) and the -y|--public option to specify the sender's public key as either a string or a file. However, if you are using your default encryption private key, then there is no need to specify -x|--private.
Here is an example of how to use your default encryption private key:
1
$ kryptor -d -y sender.public message.txt.kryptor
Copied!

Generating a new key pair

You can generate a new asymmetric key pair using the -g|--generate option. You will be asked to select a type of key pair - encryption or signing. Then you will be asked to enter a password to encrypt your private key.
The generated public key will be displayed in the terminal as a Base64 string, which can be copied and pasted. However, the private key is not displayed in the terminal since it should never be shared.
The asymmetric keys will be exported to files (.public and .private), and the file paths will be displayed in the terminal. Make sure you back up these files to external storage (e.g. memory sticks).
The default key directory is %USERPROFILE%/.kryptor on Windows and /home/.kryptor on Linux/macOS, but you can pass in a custom directory path after the -g|--generate option. However, I recommend using the default key directory because that saves you typing in the path of your private key each time you want to use it.
1
$ kryptor -g
2
3
Please select a key pair type (type 1 or 2):
4
1) Encryption
5
2) Signing
6
2
7
8
Enter a password (leave empty for a random passphrase):
9
10
Public key: RWRfyoF8ofT8GqaRvEP0EqDo11B+yBbo0QuBDXsM9/jZEQ==
11
Public key file: C:\Users\samuel-lucas6\.kryptor\signing.public
12
13
Private key file: C:\Users\samuel-lucas6\.kryptor\signing.private - Keep this secret!
Copied!
You can share your encryption public key string/file with other people for file encryption so they can send you an encrypted file.
You can share your signing public key string/file to allow other people to verify signatures you created so people can verify the authenticity of a file.
Never share your private key! It must be kept secret.

Overwriting key pairs

If you have already generated a key pair, then you must specify the -o|--overwrite option to generate a new key pair of the same type (encryption or signing).
1
$ kryptor -g -o
Copied!
This will replace the existing key pair.​ Make sure you back up the old key pair if you do not want to lose access to it.

Signing a file

You can sign files using the -s|--sign option, specifying your private key (using -x|--private) and a file to sign. However, if you are using your default signing private key, then there is no need to specify -x|--private.
Here is an example of how to use your default signing private key:
1
$ kryptor -s message.txt
Copied!
This will create a .signature file that you can share along with your public key string/file so other people can verify the signature.

Authenticated comment

You can use the -c|--comment option to specify a comment that will be displayed if verification is successful. If you do not specify a comment, then the default comment will be used.
Remember to specify "speech marks" on Windows and 'apostrophes' on Linux/macOS around the comment.
1
$ kryptor -s -c "Signed by Bob on the 25th of September 2021." message.txt
Copied!

Prehashing

You can use the -l|--prehash option to sign large files without having to load them into memory. This is useful if you have limited RAM.
Kryptor automatically uses prehashing when you select a file that is greater than 1 GiB in size.
1
$ kryptor -s -l large-message.txt
Copied!
Verification of a prehashed signature happens automatically; there is no need to specify the -l|--prehash option when verifying a signature.

Verifying a signature

You can verify a signature using the -v|--verify option, specifying the signer's public key as a string or a file (using -y|--public), a .signature file (using -t|--signature), and the file to verify.
If the signature file has the same file name and is in the same directory as the file to verify, then you do not need to specify the signature file:
1
$ kryptor -v -y publickey.public message.txt
2
3
message.txt: Good signature.
4
Authenticated comment: Signed by Bob on the 25th of September 2021.
Copied!
If the signature is valid, then you will see the message 'Good signature', followed by the authenticated comment.
If you see the message 'Bad signature', then the signature is not valid for that public key and the comment will not be displayed.
Last modified 2mo ago