Encrypting files for yourself

Encrypting a file ensures that the contents cannot be read or modified without the secret key. This is useful for protecting your files on external storage (e.g. memory sticks) or in the cloud.

Using a passphrase

Kryptor will convert your passphrase into a unique encryption key per file/directory. For security reasons, this involves a slight delay.

  • To prevent files from being decrypted by someone else, always use a strong passphrase!

  • To ensure that files can always be decrypted, only use ASCII characters in passphrases. For example, use a password manager to randomly generate passwords/passphrases.

  • If you forget your passphrase, any files encrypted using that passphrase will be unrecoverable. Therefore, using a password manager is strongly recommended.

You can either type your passphrase:

  1. Interactively (recommended): you'll be asked to enter a new passphrase and then to retype the passphrase for confirmation. You can type nothing initially to randomly generate a passphrase. The characters you type are hidden to prevent someone from seeing your passphrase and the length of the passphrase.

  2. Non-interactively (less secure): this involves specifying the passphrase on the command line. You can type " " to randomly generate a passphrase.

Here's an example using interactive passphrase entry:

$ kryptor -e -p file.txt

Enter a passphrase (leave empty for a random one):

Retype passphrase:

Here's an example using non-interactive passphrase entry:

$ kryptor -e -p:"CED<7q*uxx@4S=szftln3@co(" file.txt

Using a symmetric key

Kryptor will convert the specified or randomly generated symmetric key into a unique encryption key per file/directory. Unlike using a passphrase, this involves no delay.

If you lose the symmetric key, any files encrypted using that symmetric key will be unrecoverable. Therefore, using a password manager is strongly recommended.

Here's an example of randomly generating a symmetric key string:

$ kryptor -e -k " " file.txt

Randomly generated key: PSK/I1SkTbgoylRxiW3w0wcYmovWTWgC54bPmpgsiQrgO3c=

Here's an example of using the same symmetric key string again:

$ kryptor -e -k PSK/I1SkTbgoylRxiW3w0wcYmovWTWgC54bPmpgsiQrgO3c= file2.txt

Using a keyfile

Kryptor will convert the hash of the keyfile into a unique encryption key per file/directory. Keyfiles can be used alongside (recommended) or instead of a passphrase (less secure).

When used with a passphrase, the keyfile is like 2FA. Used alone, it's weaker than a passphrase in that it's stored on disk and cannot be memorised.

  • If the keyfile is lost or modified, files encrypted using that keyfile will become unrecoverable. Therefore, you should back up keyfiles to external storage (e.g. memory sticks).

  • Never share a keyfile! Keep them secret and offline!

You can either:

  1. Randomly generate keyfiles (recommended): you can specify a non-existent file to give the keyfile a name, or you can specify a directory that exists to generate a keyfile with a random name.

  2. Select ordinary files (less secure): you can specify any file that's at least 32 bytes long. Compressed files (e.g. .zip) are strongly recommended.

Here's an example of randomly generating a keyfile alongside using a passphrase:

kryptor -e -p -k "C:\Users\samuel-lucas6\Documents\keyfile.key" file.txt

Randomly generated keyfile: keyfile.key

Here's an example of using an ordinary file as a keyfile alongside a passphrase:

$ kryptor -e -p -k "C:\Users\samuel-lucas6\Pictures\wallpaper.jpg" file.txt

Using a private key

Kryptor will convert your encryption private key into a unique encryption key per file/directory.

This requires an encryption key pair, which can be generated as follows:

$ kryptor -g

Please select a key pair type (type 1 or 2):
1) Encryption
2) Signing
1

Enter a passphrase (leave empty for a random one):

Retype passphrase:

Deriving encryption key from passphrase...

Public key: Cu//2M5FqAnxmW7PiKxIqLmKEPNxT1Kdkm4U3K/Gr++6OAQ=
Public key file: "C:\Users\samuel-lucas6\.kryptor\encryption.public"

Private key file: "C:\Users\samuel-lucas6\.kryptor\encryption.private" - Keep this secret!

IMPORTANT: Please back up these files to external storage (e.g. memory sticks).

Or non-interactively like so:

$ kryptor -g -e -p:"G,GfDJ0(RcX8eq}_NH5/BhIoo"
  • If you lose the private key file, files encrypted using that private key will be unrecoverable. Therefore, you should back up the private key file to external storage (e.g. memory sticks).

  • Never share your private key file! Keep it secret and offline!

When performing encryption, you'll be asked to decrypt your private key using your passphrase. For security reasons, this involves a slight delay.

Here's an example of how to use your default encryption private key:

$ kryptor -e file.txt

Enter your private key passphrase:

Here's an example of how to specify an encryption private key not stored in the default folder:

$ kryptor -e -x:"C:\Users\samuel-lucas6\Documents\encryption.private" file.txt

Enter your private key passphrase:

Last updated