- File encryption using XChaCha20, XSalsa20, or AES-CBC with 256-bit keys.
- Key derivation using Argon2id with secure default parameters.
- You can use a password and/or keyfile to encrypt files.
- Each file is encrypted using a unique encryption key and a random nonce.
- Argon2 uses a 128-bit random salt per file. The BLAKE2b hash of the selected encryption algorithm name (e.g. "XChaCha20") is used as associated data and combined with the password.
- BLAKE2b with a unique 512-bit key per file is used for file authentication.
- The libsodium library is used to securely generate random bytes throughout the software.
- Secure keyfile generation. Any type of file can also be used as a keyfile. Keyfiles are 512-bits (64 bytes).
- Sensitive byte arrays are encrypted in memory using ProtectedMemory/the Data Protection API (on Windows) or libsodium Sealed Boxes (on Linux and macOS).
You can read the full technical information here.
- Kryptor is run locally on your computer. No personal data is ever collected or sent to anyone.
- Kryptor is completely offline besides automatic checks for updates via GitHub, which can be disabled in the settings.
- No account is needed to use Kryptor.
- Optional anonymous renaming of encrypted files and folders.
- Password sharing support using libsodium Sealed Boxes (Curve25519, XSalsa20-Poly1305).
- An Argon2 memory size benchmark is executed on first launch that can be rerun from the settings.
- Password strength checking using the zxcvbn library.
- Built-in password and passphrase generator with character set and length customisation.
- Auto clear the clipboard after copying passwords and/or on program exit.
- Shred files and folders by overwriting files with pseudorandom data, zeroes/ones, encryption with a random key, etc.
- Customisation of settings such as encryption algorithm, Argon2 parameters, light/dark theme, etc.