Kryptor Versions Save

A simple, modern, and secure encryption and signing tool that aims to be a better version of age and Minisign.

v2.2.2

3 years ago

⚠️ IMPORTANT: Previous versions of Kryptor contain a severe nonce reuse security vulnerability. Please decrypt your files with the previous version before updating. This release contains breaking changes.

This release was not planned and has been rushed, but I discovered this vulnerability yesterday when developing v3.0.0 Beta, and it needed to be fixed as soon as possible. It's a classic case of knowing good practices but failing to implement them correctly. I sincerely apologise for its existence and not spotting it sooner. It's existed ever since the program was released, which is why it went unnoticed. The good news is that it has now been patched, and I will be extra cautious with future versions.

Changelog

  • Fixed nonce reuse vulnerability. Switched to a counter instead of a random nonce.
  • Now only supporting XChaCha20 for file encryption.
  • No longer using associated data to hash the password since there's only one encryption algorithm.
  • Removed Shred Files feature.
  • Minor code improvements.
  • Minor changes to CLI --help.
  • Updated website URLs to lowercase.

Instructions & Requirements

Click to view

Running Kryptor

Instructions for running Kryptor can be found here.

CLI Requirements

There are no requirements for Windows, Linux, or macOS. Remember to mark the 'kryptor' file as executable (e.g. 'chmod +x kryptor') on Linux and macOS before running it from the terminal.

GUI Requirements

Windows: .NET Framework 4.8 Linux & macOS: Mono

Building Kryptor

If you'd like to build Kryptor from source, then please download the master branch. Instructions can be found in the README.

Verifying Signatures & Hashes

Click to view

Verifying Signatures

The GPG signatures are attached (the '.sig' files) and so is my public key (the 'kryptor_signing_key.asc' file). Instructions for verifying the signatures can be found here.

Hashes

Version SHA256
KryptorGUI - Installer e6a79b2c80f4ebdfc744bdbccb18ca30899451ca32e5b903cbccc404c764c78f
KryptorGUI - Portable 50060b7f0b7ab851941ff5797508bfe916291877326368a35f590b1e5db362df
KryptorCLI - Windows 0f936a0568a50bc723eef7833991fdea49e333254f6e339803e86be731f99785
KryptorCLI - Linux d30daa47d6e32b2acac59c7273c1c33fdbddaf725be2fcee7f3a7780ff969d4a
KryptorCLI - macOS 399cb5e720daeb41487f94b8278a60a7b0473e38710b9e4d686b473b6db6795c

v2.2.1

3 years ago

This release contains a few small changes to patch two CLI bugs.

v2.3.0 Beta will hopefully be released in January. Lots of code improvements, masked password entry in the CLI version, private key encryption, and better Windows Forms handling in the GUI version are on the way. You can keep track of my progress here.

Changelog

KryptorCLI

  • Fixed System.OverflowException when trying to encrypt large files.
  • Fixed --update command. This was due to an issue with .NET Core publishing.
  • Added hidden --error-log command to allow the user to access their error log when reporting a bug on GitHub.

KryptorGUI

  • One minor code improvement - changed Argon2 benchmark parameter from bool to int.

Instructions & Requirements

Click to view

Running Kryptor

Instructions for running Kryptor can be found here.

CLI Requirements

There are no requirements for Windows, Linux, or macOS. Remember to mark the 'kryptor' file as executable (e.g. 'chmod +x kryptor') on Linux and macOS before running it from the terminal.

GUI Requirements

Windows: .NET Framework 4.8 Linux & macOS: Mono

Building Kryptor

If you'd like to build Kryptor from source, then please download the master branch. Instructions can be found in the README.

Verifying Signatures & Hashes

Click to view

Verifying Signatures

The GPG signatures are attached (the '.sig' files) and so is my public key (the 'kryptor_gpg_key.asc' file). Instructions for verifying the signatures can be found here.

Hashes

Version SHA256
KryptorGUI - Installer de9523d87d5c099493ab18232ffb14a834e6abd59ae6a8caba48acb5a59d39b0
KryptorGUI - Portable 48bc66c5755426b25928f58aa58df22ff29bd78c01a3669c0d8f5760a9066816
KryptorCLI - Windows e1cac0009a73dda8aa686e3614cf07a1260e02e52de12b9deb1f0591b6e32a9f
KryptorCLI - Linux e0d9f4f6ba9e5f2d8e4ca5ed07b9ad332e6578bcacd1953704d12bc5ebd98f17
KryptorCLI - macOS 86504ba2beebb54c2a935043371da94a82e3c212d1ff2de6bc51a9500cae986b

v2.2.0

3 years ago

A command line version of Kryptor is now available (KryptorCLI), which improves Linux and macOS support as Mono/Wine are no longer required. The CLI version is completely portable on Windows, Linux, and macOS. This release also brings some minor changes to the GUI version as well.

Note: It's currently not possible to check for updates from within the CLI version. I had to disable the --update command at the last minute due to an exception that occurs in the published version probably due to the single file publishing. I will have this fixed for the next release.

Running Kryptor

Instructions for running Kryptor can be found here.

CLI Requirements

There are no requirements for Windows, Linux, or macOS. Remember to mark the 'kryptor' file as executable (chmod +x kryptor) on Linux and macOS before running it from the terminal.

GUI Requirements

Windows: .NET Framework 4.8 Linux & macOS: Mono

Changelog:

KryptorCLI

  • Now using the CommandLineUtils library by Nate McMaster.
  • Added a custom --help text.
  • Rearranged some code.
  • Converted some global variables to local variables.
  • Updated the GitHub links because of the username change.
  • Added random passphrase generation if no password or keyfile is specified.
  • Removed the first run benchmark and automatic updates.
  • Added a --benchmark option.
  • Fixed opening links on Windows.

File Handling

  • Specified a larger buffer size (128 KiB) in the FileStreams. This should improve read/write speeds with large files. The main limitation at the moment is due to the anonymous rename feature - aka reading the original file name from the end of the decrypted file. This significantly slows down decryption of large (GB) files. This is due to be fixed in a future release, but it may be a breaking change.
  • Specified FileOptions.SequentialScan or FileOptions.RandomAccess in the FileStreams to help with file caching.

Argon2

  • Changed the default Argon2 iterations from 3 to 4.
  • Changed the recommended memory size from less than (<) to less than or equal to (<=) in the Argon2 benchmark.

Building Kryptor

If you'd like to build Kryptor from source, then please download the master branch. Instructions can be found in the README.

Verifying Signatures

The GPG signatures are attached (the '.sig' files) and so is my public key (the 'kryptor_gpg_key.asc' file). Instructions for verifying the signatures can be found here.

Checksums

Windows - GUI - Installer

  • SHA256: 620bf9c010a07891e81c0e71f93f5fabf7eb4d15346e69c7638c6aafd96ed1eb

Windows - GUI - Portable

  • SHA256: 8f0614c5b1f00b2f313759ff3afe455c645958198bc04968741d1996b1e31d1c

Windows - CLI - Portable

  • SHA256: ecc8aaa0d23551ebc9f950f6a83313ae3009071800762610941575d0600732e2

Linux - CLI - Portable

  • SHA256: 2a0cbe1b8375943510f366e90b40f3cdbaaaa17a6ecb792bfc9fb1e73436b9f3

Linux - GUI - Portable

  • SHA256: 6b3dd9c9c59f76dc8b8a6b6dd4b072581229a40fe70709e4c3c13512b8366041

macOS - CLI - Portable

  • SHA256: 8e7917264ea70a596555b76644ba9aab20dba2f9322cde7a4addbf5c6d1012e3

macOS - GUI - Portable

  • SHA256: e212443f92ed0ae9eed935496596caa62f2d4cdf65bfa4178b755bd8f9b5e385

v2.1.1

3 years ago

Version 2.1.1 applies a patch for a timer issue during the Argon2 benchmark and when pressing the 'Test Parameters' button in settings.

Requirements

Windows: .NET Framework 4.8 Linux & macOS: Mono Note: macOS Catalina is currently not supported - please see this issue. Better Linux and macOS support will be coming, but the program will be CLI.

Changelog:

Argon2 Benchmark

  • Fixed a timer issue that caused inaccurate times for the first memory size in the benchmark and the 'Test Parameters' button in settings.

Building Kryptor

If you'd like to build Kryptor from source, then please download the master branch. Instructions can be found in the README.

Verifying Signatures

The GPG signatures are attached (the '.sig' files) and so is my public key (the 'kryptor_gpg_key.asc' file). Instructions for verifying the signatures can be found here.

Checksums

Windows - Installer

  • SHA256: 60cd1b4cbd3890c332415fb32535f782ac11b4af55a8eb715dc9ce9e7fee3e71

Windows - Portable

  • SHA256: decb8098c76439ed6d93ef862d84a01cd409c8c2d770522b2d7bc9175132fc9e

Linux - Portable

  • SHA256: fd81be19b6a1be08def4051eaa549217e46343a53a38257cb1ca33592ebb7131

macOS - Portable

  • SHA256: e05f7371c5671dd7b21cecd861ecbae73d000a4ec77fc5b8b5dd16357479bd38

v2.1.0

3 years ago

Version 2.1 contains a breaking change. If you are upgrading from version 1.0.0 or 2.0.0, then you will need to decrypt your files before you update.

I've decided to name this release version 2.1 despite there being a breaking change because version 2 was released the other day, and I don't want to run out of version numbers.

Requirements

Windows: .NET Framework 4.8 Linux & macOS: Mono Note: macOS Catalina is currently not supported - please see this issue. Better Linux and macOS support will be coming, but the program will be CLI.

Changelog:

Cryptography

  • Now one key is generated using Argon2 and split into two keys rather than calling Argon2 twice. This is a security improvement (the previous implementation was a potential minor vulnerability) and makes key derivation faster. Thank you to Lynn Stephenson, who brought this issue to my attention; it was something I managed to overlook.

Argon2 Benchmark

  • The benchmark now starts at 50 MiB instead of 10 MiB.
  • The benchmark goes up to 300 MiB instead of 250 MiB.

Settings

  • The minimum memory size for Argon2 has been changed from 10 MiB to 32 MiB in settings.
  • The maximum memory size has been changed from 300 MiB to 500 MiB in settings.
  • The maximum number of iterations has been changed from 100 to 128 in settings.
  • The default memory size for Argon2 is now 128 MiB instead of 100 MiB. This only applies if the benchmark doesn't run. This should produce a delay of between 150-250 ms per file on most machines.

Code Improvements

  • Fixed CodeFactor issues from version 2.0.0 Beta.
  • Fixed all of the subroutine naming warnings.

Building Kryptor

If you'd like to build Kryptor from source, then please download the master branch. Instructions can be found in the README.

Verifying Signatures

The GPG signatures are attached (the '.sig' files) and so is my public key (the 'kryptor_gpg_key.asc' file). Instructions for verifying the signatures can be found here.

Checksums

Windows - Installer

  • SHA256: e899075d8e7aabeaaca57afedd341c95fa7d5adb148f46926b32b8be7a49c01a

Windows - Portable

  • SHA256: ae4044ffb375ddb70f2c03220060df848f3fe19f1ac0389980a477c0acb44ce0

Linux - Portable

  • SHA256: cd65dfdef251f8e281b564a31a2202ee4100373a6d1aabf635ab4ba0063ddf08

macOS - Portable

  • SHA256: 5ecc148cb75d2fb9f7dc9b46d3f896a2e38ca59eca99b91584821a9b0e123dba

v2.0.0

3 years ago

Version 2 brings several breaking changes. If you are upgrading from version 1.0.0, then you will need to decrypt your files before you update.

Everything is much faster than in version 1. Libsodium is now used as the library for Argon2 (instead of Konscious.Security.Cryptography), HMAC has been replaced with BLAKE2b, and the Argon2 parameters/salt/nonce are now stored as headers rather than trailers. Please view the changelog for more details.

Requirements

Windows: .NET Framework 4.8 Linux & macOS: Mono

Changelog:

Cryptography

  • Switched to the libsodium Argon2 implementation. This implementation is several times faster than Konscious.Security.Cryptography and allows for more secure parameters to be used with the same time delay.
  • Argon2 now uses a 16 byte (128-bit) random salt instead of 32 bytes (256-bits) because this is the requirement for libsodium. Furthermore, no associated data and no known secret are used with Argon2 as these are not supported.
  • Switched to keyed BLAKE2b instead of HMAC-SHA512 as the message authentication code for file encryption. BLAKE2 is several times faster than HMAC.
  • The MAC key has been reduced from 1024-bits (128 bytes) to 512-bits (64 bytes) because 64 bytes is the max key size for BLAKE2. 1024-bits was excessive anyway, but it was the size used in .NET's HMAC-SHA512 implementation.
  • Keyed BLAKE2b is now used to combine the associated data with the password bytes before the password bytes are sent to Argon2.
  • Keyed BLAKE2b is used to combine the keyfile bytes with the password bytes instead of HMAC-SHA512.
  • Libsodium is now used to generate random bytes instead of RNGCryptoServiceProvider. This was changed because I can't find any information about RNGCryptoServiceProvider in Mono. This makes no difference for generating random data on Windows, but it likely makes things more secure on Linux & macOS.
  • Removed the AES-CTR encryption algorithm as it was custom made and too slow. AES-CBC is significantly faster and makes CTR redundant.
  • Switched from ISO10126 to PKCS7 padding for AES-CBC. PKCS7 is more widely used, and ISO10126 was withdrawn in 2007.

File Encryption

  • Keyfiles have been reduced from 1024-bits (128 bytes) to 512-bits (64 bytes) as 64 bytes is the max key size for BLAKE2.
  • The Argon2 parameters, salt, and nonce are now stored as headers at the beginning of each encrypted file.
  • Added 128 KiB buffers for reading files larger than 1 MiB. Previously all FileStreams used 4 KiB buffers, except when a file was less than 4 KiB in size.
  • Changed the Argon2 parameters end flag from uppercase to lowercase - '|END|' to '|end|' in the file header.
  • Changed the way the MAC hash is backed up in case decryption fails. It's now stored in memory and appended to the encrypted file if there's an exception. As a last resort, if the append fails, it is written to a '.backup' file. This '.backup' last resort will probably be removed in the future as it's unlikely to work if there's an exception appending the MAC to the file.

Argon2 Benchmark

  • The 500 ms benchmark option has been removed. Now there's either a delay of 250 ms (More Secure) or 150 ms (Fast) per file. This is to help with encrypting a large number of files at once.
  • The Argon2 benchmark now always starts at 10 MiB and stops at 250 MiB. It previously started at either 10 MiB or 50 MiB.

GUI

  • Fixed 'Test Parameters' button in Settings causing crashes on Mono (Linux & macOS).
  • Changed minimum Argon2 iterations to 3 & memory size to 10 MiB in Settings.
  • Removed the Argon2 warning message for high memory size/iteration count combinations in Settings.
  • Removed 'Parallelism' setting as there's no parallelism adjustment with libsodium.
  • Moved 'Encryption Erasure' position in the 'Shred Files Methods' combo box in Settings.
  • Renamed 'Exit Clipboard Clear' to 'Exit Clear Clipboard' in Settings.
  • Made the file encryption form topmost on Linux & macOS to help with drag & drop.
  • Changed the Argon2 benchmark form to a white font colour on Mono.
  • Changed the update link from the Kryptor website to GitHub because I will keep changelogs on GitHub.
  • Adjusted the position of the character set checkboxes on the Password Generator form.
  • The description label has been aligned with the title label on the About form.
  • Now using semantic versioning - displaying 3 version numbers rather than 4 in About.

Other Functionality

  • XChaCha20 is now used instead of AES-CBC for 'Encryption' erasure in Shred Files. XChaCha20 is faster.
  • File.SetLastAccessTime() has been removed in Shred Files because it's pointless - File.Delete() modifies the access time.
  • The version file for update checks now gets deleted after it is read.

Code Improvements

  • Changed lots of &s to && and |s to || for efficiency.
  • Improved the maintainability of dark theme and Mono label alignment code.
  • Rearranged some code into other classes, etc.
  • Quickly reviewed the entire code once more.

Building Kryptor

If you'd like to build Kryptor from source, then please download the master branch. Instructions can be found in the README.

Verifying Signatures

The GPG signatures are attached (the '.sig' files) and so is my public key (the 'kryptor_gpg_key.asc' file). Instructions for verifying the signatures can be found here.

Checksums

Windows - Installer

  • SHA256: 65130a41991431f3d0bf38fa90282eb79d63855cf3ffdafbd8b5fde41b8589ab

Windows - Portable

  • SHA256: db7bee51a842af80a8b937131b130b3825094591d75bcdd332048db2215a852e

Linux - Portable

  • SHA256: 941896a2c6aeb397f991ff9d78648f8c30292415bb6b4ebfc7f121c41d639bc2

macOS - Portable

  • SHA256: 4e3077750baaea47c35142d167ae9f4ea7cd09f9e569ef7039736ffc89118e80

v1.0.0.0

3 years ago

The first release of Kryptor! Please note that Kryptor is currently in Beta - there may be some bugs. Please report any issues here on GitHub to help improve the software. You can find information about how to report bugs, vulnerabilities, request new features, etc here.

Requirements

Windows: .NET Framework 4.8 Linux & macOS: Mono

Verifying Signatures

The GPG signatures & checksums will be attached to every GitHub release. Signatures and checksums for the latest release can also be found on the website by clicking the links at the bottom of the Downloads page.

Checksums

Windows - Installer

  • MD5: a3075104d347a9f433fdefa4ec2bb524
  • SHA1: 1cf781ffeb0dd7471c71a17b37e6a4428d91e609
  • SHA256: 7057edec992c9e185ea514cc5bcb6b15c01c711093abab54450368dd015d9a70

Windows - Portable

  • MD5: 9e11d1b2a2eccd934f5cce6b24f667f7
  • SHA1: 2c2d1bfafa26bbf72b47be98e3539f1316e460cb
  • SHA256: 2bc264a8503d91aa7fadb5eedafc389a85fb1d2addb5331096e69fa242b7e007

Linux - Portable

  • MD5: 79c112f3905a88253a5ea04be1ce0a9a
  • SHA1: b1b6d91db080a42ae939b58bf1c5d66683b0dcd1
  • SHA256: f788af1768ddbd31fdc6ca09fb9eaa98b6428439746b95da7ce7259857111ae3

macOS - Portable

  • MD5: dabe0331fa2cad3daa9509d5e2e1c83a
  • SHA1: e30a93e40002d21d5d1147ff95b115b5825dbe4c
  • SHA256: e599f95a51bcb6fcd609fd45e3db674c66904726191e4dec3fcec846215caa21