search
Ctrlk

Generating a new key pair

Kryptor will randomly generate an asymmetric key pair and use your passphrase to encrypt the private key. For security reasons, this involves a slight delay.

The asymmetric keys will be exported to files (.public and .private), and the file paths will be displayed in the terminal. The public key will also be displayed in the terminal as a Base64 string, which can be copied and pasted. Only the public key should be shared.

circle-exclamation

  • To protect the private key, always use a strong passphrase!

  • To ensure that the private key can always be decrypted, only use ASCIIarrow-up-right characters in passphrases. For example, use a password managerarrow-up-right to randomly generate passwords/passphrases.

  • Always back up the private key file to external storage (e.g. memory sticks).

  • Never share your private key file! Keep it secret and offline!

The default key directory depends on your operating system:

  • Windows: %USERPROFILE%/.kryptor

  • Linux: /home/.kryptor

  • macOS: /Users/USERNAME/.kryptor

Using the default key directory saves you typing in the path of your private key each time you want to use it.

Here's an example of using the default key directory:

$ kryptor -g

Please select a key pair type (type 1 or 2):
1) Encryption
2) Signing
2

Enter a passphrase (leave empty for a random one):

Retype passphrase:

Deriving encryption key from passphrase...

Public key: Ed//L2CzmImpu9UA6HFjllemS4TVaE84PdTTrTNc5i6gxFU=
Public key file: "C:\Users\samuel-lucas6\.kryptor\signing.public"

Private key file: "C:\Users\samuel-lucas6\.kryptor\signing.private" - Keep this secret!

IMPORTANT: Please back up these files to external storage (e.g. memory sticks).

This can also be done non-interactively like so, specifying -e for encryption or -s for signing:

Here's an example of specifying a custom key directory:

You can share your encryption public key string/file with other people so they can send you an encrypted file that only you and any other specified recipients will be able to decrypt.

You can share your signing public key string/file to allow other people to verify signatures you created so people can verify the authenticity of files.

hashtag
Specifying a comment

When generating a new key pair, you can include a comment in the public/private key files as an identifier. Note that this is not authenticated in any way, so it can be changed without detection.

Here's an example:

hashtag
Overwriting key pairs

If you've already generated a key pair for the default/custom directory, you must specify that you want to overwrite the existing key pair when generating a new key pair of the same type (encryption or signing).

triangle-exclamation

This will replace the existing key pair.​ Make sure you back up the old key pair if you don't want to lose access to it.

Here's an example:

Last updated