- File encryption using XChaCha20 with 256-bit keys.
- Key derivation using Argon2id with secure default parameters.
- You can use a password and/or keyfile to encrypt files.
- Each file is encrypted using a unique encryption key.
- Argon2 uses a 128-bit random salt per file.
- BLAKE2b with a unique 512-bit key per file is used for file authentication.
- The libsodium library is used to securely generate random bytes throughout the software.
- Secure keyfile generation. Any type of file can also be used as a keyfile. Keyfiles are 512-bits (64 bytes).
- Sensitive byte arrays are encrypted in memory using ProtectedMemory/the Data Protection API (on Windows) or libsodium Sealed Boxes (on Linux and macOS).
You can read the full technical information here.
- Kryptor is run locally on your computer. No personal data is ever collected or sent to anyone.
- The command line (CLI) version runs offline and doesn't perform any automatic checks for updates.
- The GUI version performs automatic checks for updates via GitHub. This can be disabled in the settings.
- No account is needed to use Kryptor.
- Optional anonymous renaming of encrypted files and folders.
- Password sharing support using libsodium Sealed Boxes (Curve25519, XSalsa20-Poly1305).
- An Argon2 memory size benchmark is executed on first launch that can be rerun from the settings.
- Password strength checking using the zxcvbn library.
- Built-in password and passphrase generator with character set and length customisation.
- Auto clear the clipboard after copying passwords and/or on program exit.