Encrypting files for others

Encrypting a file ensures that the contents cannot be read or modified without the secret key. This allows you to securely share a file with other people via an insecure channel (e.g. email, an unencrypted messenger like Discord, or the cloud).

Using public keys

Kryptor will convert the shared secret for each (sender private key, recipient public key) pair into a unique encryption key per file/directory.

Only specified recipients can decrypt the files/directories you send, using their private key.

Both you (the sender) and any recipients need to generate an encryption key pair once, which can be generated as follows:

$ kryptor -g

Please select a key pair type (type 1 or 2):
1) Encryption
2) Signing
1

Enter a passphrase (leave empty for a random one):

Retype passphrase:

Deriving encryption key from passphrase...

Public key: Cu//2M5FqAnxmW7PiKxIqLmKEPNxT1Kdkm4U3K/Gr++6OAQ=
Public key file: "C:\Users\samuel-lucas6\.kryptor\encryption.public"

Private key file: "C:\Users\samuel-lucas6\.kryptor\encryption.private" - Keep this secret!

IMPORTANT: Please back up these files to external storage (e.g. memory sticks).

Or non-interactively like so:

$ kryptor -g -s -p:"TkU-?IV_V|@UcTvCHf#FpU-yf"

  • Never share your private key file! Keep it secret and offline!

  • Back up the private key file to external storage (e.g. memory sticks).

  • Do NOT overwrite unencrypted files (please see the Encryption options section) unless you (the sender) want to lose access to them.

Next, you need to exchange encryption public keys (e.g. via a messaging app). This only needs to be done once unless someone generates a new key pair. You can either share your public key:

  1. As a string (easiest): Cu//2M5FqAnxmW7PiKxIqLmKEPNxT1Kdkm4U3K/Gr++6OAQ=

  2. As a .public file (more long-term): ~/.kryptor/encryption.public

You must specify your private key and each recipient's public key. You'll be asked to decrypt your private key using your passphrase. For security reasons, this involves a slight delay.

Here's an example of how to use your default encryption private key with one recipient:

$ kryptor -e -y Cu//0bQcNYsWeSMwh+sZlJjDIRajfxn65x0qY0MHanPAjlk= file.txt

Enter your private key passphrase:

Here's an example with multiple recipients:

$ kryptor -e -y Cu//0bQcNYsWeSMwh+sZlJjDIRajfxn65x0qY0MHanPAjlk= -y Cu//Rwvoo8l1x0/bn6yg3p2+SMWSzKhDdPqvlYRFLNaaFSU= file.txt

Enter your private key passphrase:

Here's an example of how to specify an encryption private key not stored in the default folder:

$ kryptor -e -x:"C:\Users\samuel-lucas6\Documents\encryption.private" -y Cu//0bQcNYsWeSMwh+sZlJjDIRajfxn65x0qY0MHanPAjlk= file.txt

After encryption has finished, you can share the encrypted file(s) with the recipients (e.g. via email, a messaging app, or a cloud storage service).

Using a symmetric key

Kryptor will convert the randomly generated symmetric key into a unique encryption key per file/directory.

Unlike using public keys, anybody with access to the symmetric key can decrypt the file.

Never send someone the key via an insecure channel (e.g. email, SMS, an unencrypted messenger like Discord, or the cloud)!

Here's an example of randomly generating a symmetric key string:

$ kryptor -e -k " " file.txt

Randomly generated key: PSK/I1SkTbgoylRxiW3w0wcYmovWTWgC54bPmpgsiQrgO3c=

Then share the key with the recipient using an end-to-end encrypted messaging app (e.g. Signal) with disappearing messages if possible.

Last updated