Generating a new key pair
Kryptor will randomly generate an asymmetric key pair and use your passphrase to encrypt the private key. For security reasons, this involves a slight delay.
The asymmetric keys will be exported to files (.public
and .private
), and the file paths will be displayed in the terminal. The public key will also be displayed in the terminal as a Base64 string, which can be copied and pasted. Only the public key should be shared.
To protect the private key, always use a strong passphrase!
To ensure that the private key can always be decrypted, only use ASCII characters in passphrases. For example, use a password manager to randomly generate passwords/passphrases.
Always back up the private key file to external storage (e.g. memory sticks).
Never share your private key file! Keep it secret and offline!
The default key directory depends on your operating system:
Windows:
%USERPROFILE%/.kryptor
Linux:
/home/.kryptor
macOS:
/Users/USERNAME/.kryptor
Using the default key directory saves you typing in the path of your private key each time you want to use it.
Here's an example of using the default key directory:
This can also be done non-interactively like so, specifying -e
for encryption or -s
for signing:
Here's an example of specifying a custom key directory:
You can share your encryption public key string/file with other people so they can send you an encrypted file that only you and any other specified recipients will be able to decrypt.
You can share your signing public key string/file to allow other people to verify signatures you created so people can verify the authenticity of files.
Specifying a comment
When generating a new key pair, you can include a comment in the public/private key files as an identifier. Note that this is not authenticated in any way, so it can be changed without detection.
Here's an example:
Overwriting key pairs
If you've already generated a key pair for the default/custom directory, you must specify that you want to overwrite the existing key pair when generating a new key pair of the same type (encryption or signing).
This will replace the existing key pair. Make sure you back up the old key pair if you don't want to lose access to it.
Here's an example:
Last updated