# Encrypting files for yourself Encrypting a file ensures that the contents cannot be read or modified without the secret key. This is useful for protecting your files on external storage (e.g. memory sticks) or in the cloud. ## Using a passphrase Kryptor will convert your passphrase into a unique encryption key per file/directory. For security reasons, this involves a slight delay. {% hint style="warning" %} * To prevent files from being decrypted by someone else, **always use a strong passphrase**! * To ensure that files can always be decrypted, **only use** [**ASCII**](https://www.rfc-editor.org/rfc/rfc20) **characters in passphrases**. For example, use a [password manager](https://bitwarden.com/) to randomly generate passwords/passphrases. * If you forget your passphrase, any files encrypted using that passphrase will be **unrecoverable**. Therefore, using a [password manager](https://keepassxc.org/) is strongly recommended. {% endhint %} You can either type your passphrase: 1. Interactively (**recommended**): you'll be asked to enter a new passphrase and then to retype the passphrase for confirmation. You can type nothing initially to randomly generate a passphrase. The characters you type are hidden to prevent someone from seeing your passphrase and the length of the passphrase. 2. Non-interactively (**less secure**): this involves specifying the passphrase on the command line. You can type `" "` to randomly generate a passphrase. Here's an example using interactive passphrase entry: ```bash $ kryptor -e -p file.txt Enter a passphrase (leave empty for a random one): Retype passphrase: ``` Here's an example using non-interactive passphrase entry: ```bash $ kryptor -e -p:"CED<7q*uxx@4S=szftln3@co(" file.txt ``` ## Using a symmetric key Kryptor will convert the specified or randomly generated symmetric key into a unique encryption key per file/directory. Unlike using a passphrase, this involves no delay. {% hint style="warning" %} If you lose the symmetric key, any files encrypted using that symmetric key will be **unrecoverable**. Therefore, using a [password manager](https://keepassxc.org/) is strongly recommended. {% endhint %} Here's an example of randomly generating a symmetric key string: ```bash $ kryptor -e -k " " file.txt Randomly generated key: PSK/I1SkTbgoylRxiW3w0wcYmovWTWgC54bPmpgsiQrgO3c= ``` Here's an example of using the same symmetric key string again: ``` $ kryptor -e -k PSK/I1SkTbgoylRxiW3w0wcYmovWTWgC54bPmpgsiQrgO3c= file2.txt ``` ## Using a keyfile Kryptor will convert the hash of the keyfile into a unique encryption key per file/directory. Keyfiles can be used alongside (**recommended**) or instead of a passphrase (**less secure**). When used with a passphrase, the keyfile is like [2FA](https://en.wikipedia.org/wiki/Multi-factor_authentication). Used alone, it's weaker than a passphrase in that it's stored on disk and cannot be memorised. {% hint style="warning" %} * If the keyfile is lost or modified, files encrypted using that keyfile will become **unrecoverable**. Therefore, you should **back up** keyfiles to external storage (e.g. memory sticks). * **Never** share a keyfile! Keep them **secret** and **offline**! {% endhint %} You can either: 1. Randomly generate keyfiles (**recommended**): you can specify a non-existent file to give the keyfile a name, or you can specify a directory that exists to generate a keyfile with a random name. 2. Select ordinary files (**less secure**): you can specify any file that's at least 32 bytes long. Compressed files (e.g. `.zip`) are strongly recommended. Here's an example of randomly generating a keyfile alongside using a passphrase: ```bash kryptor -e -p -k "C:\Users\samuel-lucas6\Documents\keyfile.key" file.txt Randomly generated keyfile: keyfile.key ``` Here's an example of using an ordinary file as a keyfile alongside a passphrase: ```bash $ kryptor -e -p -k "C:\Users\samuel-lucas6\Pictures\wallpaper.jpg" file.txt ``` ## Using a private key Kryptor will convert your encryption private key into a unique encryption key per file/directory. This requires an encryption key pair, which can be generated as follows: ```bash $ kryptor -g Please select a key pair type (type 1 or 2): 1) Encryption 2) Signing 1 Enter a passphrase (leave empty for a random one): Retype passphrase: Deriving encryption key from passphrase... Public key: Cu//2M5FqAnxmW7PiKxIqLmKEPNxT1Kdkm4U3K/Gr++6OAQ= Public key file: "C:\Users\samuel-lucas6\.kryptor\encryption.public" Private key file: "C:\Users\samuel-lucas6\.kryptor\encryption.private" - Keep this secret! IMPORTANT: Please back up these files to external storage (e.g. memory sticks). ``` Or non-interactively like so: ```bash $ kryptor -g -e -p:"G,GfDJ0(RcX8eq}_NH5/BhIoo" ``` {% hint style="warning" %} * If you lose the private key file, files encrypted using that private key will be **unrecoverable**. Therefore, you should **back up** the private key file to external storage (e.g. memory sticks). * **Never** share your **private key** file! Keep it **secret** and **offline**! {% endhint %} When performing encryption, you'll be asked to decrypt your private key using your passphrase. For security reasons, this involves a slight delay. Here's an example of how to use your default encryption private key: ```bash $ kryptor -e file.txt Enter your private key passphrase: ``` Here's an example of how to specify an encryption private key not stored in the [default folder](/tutorial/generating-a-new-key-pair.md): ```bash $ kryptor -e -x:"C:\Users\samuel-lucas6\Documents\encryption.private" file.txt Enter your private key passphrase: ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.kryptor.co.uk/tutorial/encrypting-files-for-yourself.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.