Entering a passphrase

To ensure that files/private keys can always be decrypted, only use ASCII characters in passphrases. For example, use a password manager to randomly generate passwords/passphrases.

Interactively

There are three ways of entering a passphrase interactively:

  1. Press Enter on your keyboard (instead of typing anything) to randomly generate a secure passphrase, which will be displayed in the terminal. Make sure you copy this passphrase into a password manager.

  2. Type in your passphrase, press Enter on your keyboard, and retype the passphrase.

  3. Paste your passphrase by right-clicking, press Enter on your keyboard, and paste the passphrase again.

Kryptor uses UNIX style passphrase entry, meaning nothing is displayed in the terminal when you type. This prevents someone from seeing the passphrase characters and the length of the passphrase.

Here's what randomly generating a passphrase looks like:

$ kryptor -e -p file.txt

Enter a passphrase (leave empty for a random one):

Randomly generated passphrase: lethargic-shivering-confirm-doable-unlearned-fragility-aim-glitch

Here's what typing a passphrase looks like:

$ kryptor -e -p file.txt

Enter a passphrase (leave empty for a random one):

Retype passphrase:

Non-interactively

Instead of the above, you can specify -p:"[passphrase]" like so:

$ kryptor -e -p:"YeV$Ra7{_IJ]nN2v1m,ei9d+T" file.txt

To randomly generate a passphrase this way, you can specify -p:" " like so:

$ kryptor -e -p:" " file.txt

Randomly generated passphrase: dumpster-roundup-unviable-sanitizer-unsecured-budget-sinner-shindig

This method of passphrase entry can also be used for encrypting and decrypting a private key (e.g. for generating a key pair, encrypting files with a private key, or signing files). However, you must specify -x|--private alongside non-interactive passphrase entry for file encryption/decryption.

Here are some examples:

$ kryptor -g -p:"w*%Ul=j.F>1e{6H,+#ZWhXYUl"
$ kryptor -e -x -p:"1yF+k5l9zezPB}R]Pe+|*;sra" file.txt
$ kryptor -d -x -p:"1yF+k5l9zezPB}R]Pe+|*;sra" file.txt.bin
$ kryptor -s -p:"w*%Ul=j.F>1e{6H,+#ZWhXYUl" file.txt

This shouldn't be used if someone else may see your screen.

Last updated