Kryptor

Frequently Asked Questions

Updated on the 24th of January 2021

General

What is the difference between the CLI and GUI versions?
Is there a tutorial for new users?
Does Kryptor connect to the internet?
Does Kryptor require an account to use?
I forgot my password or lost a keyfile, is there any way to recover encrypted files?
Why should I use Kryptor over the alternatives?
Why do I get a Windows SmartScreen popup when I first run Kryptor?
Why is Kryptor free and open source?

Security

Has Kryptor been audited?
How do I report security vulnerabilities and bugs?
Does Kryptor store my passwords on disk?
Does Kryptor have any keylogging protection?
Are the encryption algorithms quantum computing resistant?

File Encryption

Why doesn't Kryptor use authenticated encryption modes like AES-GCM and ChaCha20-Poly1305?
Why does Kryptor not support cipher cascades?

Keyfiles

What is a keyfile and how do I randomly generate them?
Where should I store my keyfiles?
How secure are keyfiles?

Other Functionality

How do I share a password using Password Sharing?
How do I add a custom wordlist for passphrase generation?

Development

What programming language is Kryptor written in?
What does the version number mean?
How do I build Kryptor from source?

General

What is the difference between the CLI and GUI versions?

GUI stands for Graphical User Interface, and CLI stands for Command Line Interface. The GUI version of Kryptor runs like a typical Windows program, whereas the CLI version must be run from the command line/terminal.

I recommend using the CLI version on Linux and macOS but the GUI version on Windows unless you're familiar with command line applications.

Is there a tutorial for new users?

Yes, click here to view a guide with step-by-step instructions and screenshots.

Does Kryptor connect to the internet?

The GUI version of Kryptor connects to GitHub when the program is launched to check for updates. This can be disabled in the settings.

The CLI version doesn't perform any automatic checks for updates, meaning it runs offline by default. However, an internet connection is required to check for updates and view the linked webpages (documentation, source code, etc).

Does Kryptor require an account to use?

No, Kryptor does not require an account to use. There's no such thing as a Kryptor account.

I forgot my password or lost a keyfile, is there any way to recover encrypted files?

Unfortunately, if you forget your password or lose a keyfile, then your encrypted files will be unrecoverable. If you have chosen a secure password/keyfile and are using secure Argon2 settings, then it will take an impractical amount of time to bruteforce the encryption keys used.

There is no backdoor in Kryptor. Only you know your passwords and have access to your keyfiles. Do not forget your passwords or lose keyfiles. Store your passwords in a password manager and backup keyfiles to external storage.

Why should I use Kryptor over the alternatives?

  1. Kryptor is free and open source - you don't need to pay to access any of the features.
  2. Kryptor uses strong, modern cryptographic algorithms - e.g. Argon2 is the most secure key derivation algorithm currently available.
  3. There's no master password - you can use different passwords for different files.
  4. You can use keyfiles instead of/as well as passwords.
  5. The names of encrypted files and folders are obfuscated by default.
  6. You can encrypt passwords to share encrypted files with other people.
  7. Kryptor doesn't require an internet connection or an account to use.

Why do I get a Windows SmartScreen popup when I first run Kryptor?

Because Windows SmartScreen is an annoyance for developers. In order to get rid of this popup, Kryptor needs to have a large userbase and be run on lots of different computers, or I have to pay over £300 a year for an EV Code Signing Certificate (although this is designed for companies, not individuals).

Kryptor is new software and therefore doesn't have a large userbase, and EV Code Signing Certificates are ridiculously expensive and designed for companies. By running Kryptor, you are helping to remove this popup, but every time there's a new version, this popup may reappear.

The best solution to this problem is that I purchase a Standard Code Signing Certificate (£65/yr). This won't remove the popup until enough people run the program, but it will remove the 'Unknown Publisher' warning. Please consider donating if you'd like to help me afford a certificate.

Why is Kryptor free and open source?

Because free and open source software is great. The user has the freedom to run, study, change, and distribute the software. Furthermore, open source allows people to review the code, which can lead to security vulnerabilities getting identified and patched.

Kryptor will always be free and open source, but if you'd like to support the project and help cover code signing certificate and website hosting costs, then please consider donating :)


Security

Has Kryptor been audited?

Kryptor has not been audited by a third-party. Security audits are extremely expensive (thousands of dollars) and require open source funding. However, it isn't easy to get funding as your software must meet certain requirements such as having a large enough userbase.

It's important to note that other more popular open source projects like KeePassXC also haven't been audited. They also raise some valid limitations of audits on their FAQ page.

The good news is that because Kryptor is open source, anybody is able to review the source code and identify security vulnerabilities.

How do I report security vulnerabilities and bugs?

Security vulnerabilities can be reported directly to me via email and bugs can be reported on GitHub as explained here.

Does Kryptor store my passwords on disk?

No, Kryptor never stores passwords on disk. Only you know your passwords.

However, the Windows operating system may make copies of password strings in memory that could end up on disk (e.g. in the paging file, hibernation file, etc). This is not something that can be controlled by Kryptor. Disk encryption is the best protection against this risk.

Does Kryptor have any keylogging protection?

Yes, keyfiles provide protection from keylogging. However, Kryptor does not provide any sort of secure desktop or typing obfuscation for password entry.

Are the encryption algorithms quantum computing resistant?

Kryptor should provide at least 128-bit security against quantum computing because 256-bit encryption keys are used, meaning the file encryption is secure against quantum computing.

However, Curve25519 (used for password sharing and memory encryption) is not quantum resistant. Note that many asymmetric algorithms aren't. With that said, it's currently secure and widely used.


Keyfiles

What is a keyfile and how do I randomly generate them?

A keyfile is a file that contains 64 bytes that are combined with your password for increased security or used instead of a password.

You can randomly generate keyfiles in Kryptor by going to File => Create Keyfile. Using generated keyfiles alongside passwords will provide increased security if you store your keyfiles correctly.

Where should I store my keyfiles?

I recommend storing your keyfiles on a USB or external hard drive. For another layer of security, you could also encrypt the USB or external hard drive using disk encryption software.

How secure are keyfiles?

Using a keyfile alongside a password will provide a significant increase in security assuming you store the keyfile correctly (e.g. on a USB or external hard drive). However, using a keyfile instead of a password is arguably less secure than just using a password because keyfiles get stored on disk, whereas passwords can be memorised.

I strongly recommend using a keyfile alongside a password instead of just using a keyfile. I also strongly recommend randomly generating keyfiles as explained above. Randomly generated keyfiles will provide more security than ordinary files.


File Encryption

Why doesn't Kryptor use authenticated encryption modes like AES-GCM and ChaCha20-Poly1305?

Authenticated encryption modes and AEADs are less suitable for file encryption because they are generally designed for smaller amounts of data. For example, they often use small nonces (e.g. 64-bits or 96-bits), which means there's greater potential for nonce reuse.

Furthermore, using authenticated encryption modes requires loading entire files into memory (rather than reading portions of the file into memory) because of how the MAC is calculated. This isn't possible for large files.

Instead, Kryptor uses unauthenticated encryption modes with BLAKE2b for authentication (Encrypt-then-MAC), allowing files to be read in chunks.

Why does Kryptor not support cipher cascades?

I decided not to include cipher cascades because I didn't think many people would use the feature. I also believe they're an excessive approach to security and provide protection against an unrealistic threat model considering that encryption algorithms like ChaCha20 are very much secure.


Other Functionality

How do I share a password using Password Sharing?

The Password Sharing documentation explains how to share a password step-by-step.

How do I add a custom wordlist for passphrase generation?

You can either edit or replace the 'wordlist.txt' file found in the Kryptor folder (%APPDATA%\Kryptor\wordlist.txt when Kryptor has been installed). Make sure that each word is on a new line.


Development

What programming language is Kryptor written in?

The GUI version of Kryptor is written in C# using .NET Framework 4.8 with Windows Forms. The CLI version is written in C# using .NET Core 3.1. All development is done in Visual Studio 2019 Community.

C# was chosen because I like the language and have more experience working with C# than other programming languages. Furthermore, Windows Forms makes creating a GUI nice and simple.

What does the version number mean?

Kryptor uses a version number with three numbers (e.g. 1.0.0).

  1. The major version. This changes when there are breaking changes.
  2. The minor version. This changes when new functionality is added.
  3. The patch version. This changes when bugs are fixed or code improvements are made.

How do I build Kryptor from source?

Before you do anything with the source code, make sure you understand the GPLv3 license used by Kryptor. Click here for a summary of GPLv3.

CLI

  1. Go to the latest GitHub release and download the 'Source code (zip)' file.
  2. Extract the ZIP, navigate to the 'Kryptor/KryptorCLI' folder, and open the 'KryptorCLI.sln' file in Visual Studio 2019 Community.
  3. Right click on 'KryptorCLI' in the Solution Explorer and choose 'Publish...'.
  4. Choose to publish Kryptor as either win-x64, linux-x64, or osx-x64. Then click 'Publish'. You will find the published program at the path listed next to 'Target location'.
  5. I don't recommend changing the profile settings, but you can publish the application as x86, Framework-dependent, change the target location, etc by changing the profile settings via 'Edit' or the pencil icons.

GUI

  1. Go to the latest GitHub release and download the 'Source code (zip)' file.
  2. Extract the ZIP, navigate to the 'Kryptor/KryptorGUI' folder, then open the 'KryptorGUI.sln' file in Visual Studio 2019 Community.
  3. You may be presented with lots of errors, but don't worry. You can go to Build => Clean Solution, select Release and x64 for the build options, and then click Build => Build Kryptor. Next, run the program by clicking the green play button in Visual Studio. This should resolve all of the errors.
  4. The libsodium-core library used by Kryptor does not support building to 'AnyCPU' in Visual Studio - you must either build to x86 or x64. Build to x64 when possible.

GUI Requirements

Notes

Visual Studio 2019 Community is the IDE I recommend building with, but be aware that it isn't open source. Furthermore, you have to sign into a Microsoft account after 30 days, although this can be bypassed.

If you just want to view the code, then you can use a text editor like Atom or a source code editor like VSCodium, which is the open source version of VSCode. However, you must use Visual Studio 2019 Community to view the Windows Forms Designer.