# Encrypting files for others Encrypting a file ensures that the contents cannot be read or modified without the secret key. This allows you to securely share a file with other people via an insecure channel (e.g. email, an unencrypted messenger like Discord, or the cloud). ## Using public keys Kryptor will convert the shared secret for each (sender private key, recipient public key) pair into a unique encryption key per file/directory. **Only specified recipients can decrypt the files/directories you send**, using their private key. Both **you (the sender) and any recipients** need to generate an encryption key pair **once**, which can be generated as follows: ```bash $ kryptor -g Please select a key pair type (type 1 or 2): 1) Encryption 2) Signing 1 Enter a passphrase (leave empty for a random one): Retype passphrase: Deriving encryption key from passphrase... Public key: Cu//2M5FqAnxmW7PiKxIqLmKEPNxT1Kdkm4U3K/Gr++6OAQ= Public key file: "C:\Users\samuel-lucas6\.kryptor\encryption.public" Private key file: "C:\Users\samuel-lucas6\.kryptor\encryption.private" - Keep this secret! IMPORTANT: Please back up these files to external storage (e.g. memory sticks). ``` Or non-interactively like so: ```bash $ kryptor -g -s -p:"TkU-?IV_V|@UcTvCHf#FpU-yf" ``` {% hint style="warning" %} * **Never** share your **private key** file! Keep it **secret** and **offline**! * **Back up** the private key file to external storage (e.g. memory sticks). * Do **NOT** overwrite unencrypted files (please see the [Encryption options](/tutorial/encryption-options.md#overwriting-unencrypted-files) section) unless you (the sender) want to lose access to them. {% endhint %} Next, you need to exchange **encryption public keys** (e.g. via a messaging app). **This only needs to be done once** unless someone generates a new key pair. You can either share your public key: 1. As a string (**easiest**): `Cu//2M5FqAnxmW7PiKxIqLmKEPNxT1Kdkm4U3K/Gr++6OAQ=` 2. As a `.public` file (**more long-term**): `~/.kryptor/encryption.public` **You must specify your private key and each recipient's public key**. You'll be asked to decrypt your private key using your passphrase. For security reasons, this involves a slight delay. Here's an example of how to use your default encryption private key with one recipient: ```bash $ kryptor -e -y Cu//0bQcNYsWeSMwh+sZlJjDIRajfxn65x0qY0MHanPAjlk= file.txt Enter your private key passphrase: ``` Here's an example with multiple recipients: ```bash $ kryptor -e -y Cu//0bQcNYsWeSMwh+sZlJjDIRajfxn65x0qY0MHanPAjlk= -y Cu//Rwvoo8l1x0/bn6yg3p2+SMWSzKhDdPqvlYRFLNaaFSU= file.txt Enter your private key passphrase: ``` Here's an example of how to specify an encryption private key not stored in the [default folder](/tutorial/generating-a-new-key-pair.md): ```bash $ kryptor -e -x:"C:\Users\samuel-lucas6\Documents\encryption.private" -y Cu//0bQcNYsWeSMwh+sZlJjDIRajfxn65x0qY0MHanPAjlk= file.txt ``` After encryption has finished, you can share the encrypted file(s) with the recipients (e.g. via email, a messaging app, or a cloud storage service). ## Using a symmetric key Kryptor will convert the randomly generated symmetric key into a unique encryption key per file/directory. Unlike using public keys, **anybody** with access to the symmetric key can decrypt the file. {% hint style="warning" %} **Never** send someone the key via an insecure channel (e.g. email, SMS, an unencrypted messenger like Discord, or the cloud)! {% endhint %} Here's an example of randomly generating a symmetric key string: ```bash $ kryptor -e -k " " file.txt Randomly generated key: PSK/I1SkTbgoylRxiW3w0wcYmovWTWgC54bPmpgsiQrgO3c= ``` Then share the key with the recipient using an **end-to-end encrypted** messaging app (e.g. [Signal](https://www.signal.org/)) with [disappearing messages](https://support.signal.org/hc/en-us/articles/360007320771-Set-and-manage-disappearing-messages) if possible. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.kryptor.co.uk/tutorial/encrypting-files-for-others.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.