Kryptor

Added

• Support for changing a private key passphrase via -m|--modify.
• Support for a comment after a public/private key string in .public/.private files, either manually by opening such files in a text editor or by specifying -c|--comment during key pair generation. Note that these comments are not authenticated in any way.

Changed

• The -a|--about option has been replaced with --version to align with other tools.
• There's no longer a new line before output to the terminal.
• Bad signature now has an exit code of -1.
• Errors should be written to stderr.
• Updated dependencies/.NET.

Removed

• The -u|--update option to align with other tools. Just use a package manager.

Removed

• Support for v1 private and public keys. Please see the v4.0.0 release for more information.
• The dependencies for v1 key pairs.

Changed

• 'Password' has been renamed to 'passphrase'. The option is now -p|--passphrase.
• Random passphrases are now lowercase to allow easy typing.
• The public/private key file length checks have been moved.
• Various error messages have been shortened/rephrased.
• Updated dependencies and the .NET SDK/runtime.

Fixed

• InsufficientMemoryException if you don't have enough memory to use Argon2.

Warning
This release contains many breaking changes. If you're updating from a previous version of Kryptor, please decrypt all of your files using your current version.

After many hours and much indecision, the next major version of Kryptor is here. It's not perfect; there are still a few things I'm not entirely happy about. However, it's definitely an improvement on v3. I just hope I haven't missed anything, and please bear with me whilst I update the website.

Deprecated

• Support for the previous private key format will be removed in a future release. The format is automatically updated when you use your private key for the first time.
• Similarly, support for the previous public key format will be removed in a future release. Again, the format is automatically updated when your private key is. Alternatively, you can use -r|--recover.

Note
You should republish/share your new public key string/file in place of the old one and back up your new private key file. However, your key pair doesn't actually change. The private key gets re-encrypted, and the public key has a different header, so the string looks different.

Added

• The new encryption format is intended to be indistinguishable from random to limit metadata. This means no identifiable headers and randomised padding. Few tools do this (e.g. age doesn't care about metadata). A huge thanks to Monocypher for Elligator 2 and Covert Encryption for inspiration and their randomised padding scheme.
• Directories are now converted into ZIP files (with no compression for speed) before being encrypted. This means an encrypted directory is indistinguishable from an encrypted file.
• You can now specify up to 20 public key recipients for a single file. It used to be limited to 1 recipient.
• Support for pre-shared keys has been added to provide optional post-quantum security when encrypting a file to someone's public key.
• Pre-shared keys can also be used for file encryption alone like keyfiles. This is a faster alternative to password-based encryption.
• Some of the encrypted metadata header is currently empty, which will eventually be used for storing the file timestamps and cross-platform attributes. The timestamps of the encrypted file can then be altered to further limit metadata. This all needs more thought and some study of digital forensics though.
• You can now sign each file in a directory. This is handy for signing software releases quickly.
• Multiple signatures can now be verified at once.
• Multiple custom signature paths can be specified at once for signing.
• Key pairs can be generated non-interactively.
• macOS ARM64 and Linux ARM64 are now officially supported and can be updated using -u|--update.
• A -1 exit code is returned when an error occurs.

Changed

• Switched from XChaCha20-BLAKE2b to ChaCha20-Poly1305 for encryption. It's faster and standardised. The padding fix is applied when encrypting the metadata header to add key commitment.
• Now using a little-endian counter nonce and the STREAM construction. A random nonce is unnecessary in this use case, especially since it was being incremented for each chunk before anyway. Then the STREAM construction has become unofficially standardised and is more flexible.
• The Argon2 parameters have been reduced as they were excessive and much slower than I thought on other machines. This speeds up password-based key derivation whilst retaining a good security margin.
• Passwords are no longer prehashed. This was done previously for consistency with how peppering was done.
• The pepper is now used as input keying material for key derivation after password hashing instead of being used as a key prior to password hashing. This was done to save an extra call to BLAKE2b.
• Using a keyfile alone no longer uses Argon2 as random keyfiles are high in entropy.
• Keyfile hashing has been made compatible with the pre-shared key format, and random keyfiles are now 32 bytes in size instead of 64 bytes.
• The previous authentication tag is no longer used as associated data. This was unnecessary and came with a performance cost.
• Both public keys are included in the key derivation for shared secrets.
• The long-term and ephemeral shared secrets are concatenated the other way around to comply with the Noise Protocol Framework.
• The ephemeral public key is used as info in the wrap key derivation instead of being used as associated data. With passwords/pre-shared keys, this is actually an additional 256-bit random salt since no public key is used.
• The encrypted metadata header has been rearranged. The file length is now stored instead of the amount of padding. The file name is also stored there and padded to 256 bytes.
• Private keys are now encrypted using ChaCha20-Poly1305 with the padding fix for key commitment and an all zero nonce since the key is unique.
• The public/private key headers have been changed to make the algorithm readable at the beginning of the string (Cu// for Curve25519 and Ed// for Ed25519).
• Geralt, my libsodium binding, is now used instead of libsodium-core.
• Thanks to Geralt, spans are used instead of byte arrays when possible for improved performance and fewer allocations.
• Sensitive bytes are pinned when possible/sensible so they can be zeroed properly.
• FileStream performance should be improved as the buffer size is now adjusted based on the size of the file and output files are preallocated on disk.
• Random file name generation has been improved due to Geralt.
• File names are checked for invalid characters to prevent problems storing the file name/decrypting cross-platform.
• libsodium is used for Base64 encoding, which is done in constant time.
• Lots of wrapper classes have been removed due to Geralt.
• It's now clearer when you're being asked for a private key password compared to a regular password.
• 'Directory' is used instead of 'folder' in messages.
• Some error messages have been made more consistent.
• Blue is no longer used for any messages; orange (technically 'dark yellow') is used instead.
• The initial validation has been improved.
• Code has been spaced out for readability, Geralt constants are used, and the if/loop braces style has been changed.

Fixed

• Early returns when an exception was thrown during decryption, potentially preventing some files from being processed.
• An empty file name in error messages when the path ends in a directory/volume separator character.
• An unhandled directory UnauthorizedAccessException during empty directory validation.
• 'name (2)' getting restored to 'name (3)' instead of 'name (2) (2)' if 'name (2)' exists decrypting a file that had its name encrypted. I don't like this numbering, but it's the safest approach I can come up with.
• Removing double digit file name numbers (e.g. 'name (10)').
• The resources are now embedded when building as well as publishing.
• The publish profiles for ARM64.
• Probably some other stuff I've neglected to mention.

This is a very quick, unpolished hotfix release due to the severity of issue #40 (explained below), which was reported via email yesterday. I have exams starting within the next few weeks, so no more releases are planned until afterwards in the summer, and there will probably be few code updates until then.

Fixed

• Files with a certain length would accidentally have the last 16,384 byte chunk removed during decryption due to a mathematical mistake that wasn't detected during any of my testing because of the file sizes of my test files. I'm extremely sorry for any trouble this causes. It's rather crushing as a maintainer when something like this happens, but I would like to again thank the person who reported this issue.
• Chocolatey installs hopefully won't have a vcruntime140.dll extraction error anymore. I'm also working on adding the package equivalent of this file as a dependency.

Changed

• Encrypted files are no longer deleted by default when decrypting. The -o|--overwrite option now needs to be specified to do this.
• Illegal characters from file/directory names are now rejected with an error rather than being silently removed. As this was taken from a v4 commit, with v4 encrypting directories differently, this change won't work with subdirectories.
• 'Decrypting private key...' is displayed instead of 'Deriving encryption key from password...' for private key decryption to avoid confusion.
• The dependencies and vcruntime140.dll files have been updated.

Added

• A message saying to back up the private key file when generating a new key pair.
• A message saying to back up the keyfile when generating a random keyfile.
• Publish profiles for Linux ARM64 and macOS ARM64 to build from source more easily. Builds for these platforms may be included in releases for v4 onwards.

Security

• Patched a potential directory traversal attack vulnerability when decrypting a file/folder someone sent you that contained a malicious file name. I say potential because I have not attempted to exploit the attack, and this type of vulnerability primarily affects web applications. However, it has also affected ZIP libraries and encryption libraries.

Added

• Non-interactive password support, meaning you can now do -p:"[password]" instead of entering the password interactively. To randomly generate a password, you can type a space: -p:" ". However, entering a password interactively is still more secure as it hides your password and avoids using a string variable.
• Exporting the recovered public key from -r|--recover to a .public file if one does not exist in the same directory as the .private key file.
• Automatic vcruntime140.dll extraction on Windows to always ensure that the libsodium cryptographic library is portable.
• -u|--update can now install updates for you. This checks the download signatures automatically, ensuring authenticity and integrity, and replaces the kryptor executable in place.
• Coloured error messages (red) and successful messages (green). Blue and orange are also used but rarely.
• A note in -h|--help about having to surround file names/paths with "speech marks".

Changed

• Switched to .NET 6.
• The -f|--obfuscate option has been renamed to -n|--names. I will now be calling it file name encryption rather than file name obfuscation.
• Path.GetRandomFileName() is no longer being used because the documentation was updated to remove the claim that it is cryptographically secure.
• It is now possible to sign .signature files.
• The spacing in the output text has been changed to try and make things more readable.
• File names in the output text are now surrounded by "speech marks" to help distinguish them from other text.
• Lots of code improvements to reduce the line count.
• Various error messages have been improved.

Fixed

• The authenticated comment is no longer shown if it is empty when verifying a signature.
• Folders containing only empty subdirectories are now detected as containing no files, leading to an error.
• String.Replace() is no longer used for file paths since it may cause problems by removing multiple parts of a string.
• Illegal file name characters are now removed from the file name before it is stored during file name encryption because this could cause issues decrypting the file on another operating system. This may be switched to an error in the future.
• The total count should now be correct when decrypting a directory with an incorrect salt length.

v4.0.0 Roadmap

As a reminder, lots of improvements and breaking changes will be coming in v4, and you can follow my progress via the Roadmap and Projects tab. It will take a while to get this release out because of university and writing a custom libsodium binding.

• Fixed a bug when encrypting/decrypting 0 byte files (please see #27).
• Fixed a bug related to renaming duplicated files (please see #28).
• Added a 'Deriving encryption key from the password...' message to explain the key derivation delay.
• Added 'Encrypting [file] => [file.kryptor]...' and 'Decrypting [file.kryptor] => [file]...' messages to indicate that Kryptor is doing something rather than frozen when encrypting/decrypting large files.
• Added 'Commencing encryption of [directory] directory...' and 'Commencing decryption of [directory] directory...' messages to help separate the folder encryption output from the file encryption output.
• Now displaying the name of randomly generated keyfiles.
• The -s|--sign and -v|--verify validation has been improved.
• Fixed an UnauthorizedAccessException when trying to randomly generate a keyfile to a path where a keyfile by that name already exists.
• Various code improvements, although there's still lots to go through. More code improvements will be coming in the next release.

If you're interested in where Kryptor is heading, then please take a look at the new Roadmap. However, development will slow down a little over the coming months as I'm going back to university for my busiest year yet.

The first stable release of Kryptor!

• Validation for file paths now happens before being asked to enter a password.
• Added empty directory validation.
• Added a validation check for a salt file when encrypting directories.
• Added a validation check for a salt file when decrypting directories using a private key.
• The total number of files count is no longer reduced when a file is invalid (e.g. already encrypted).​
• Removed error logging. It is not needed, and the log file never got shared in bug reports.
• Added a private key encryption example to -h|--help to clarify that you do not need to specify your public key when encrypting files for yourself.
• Simplified the examples in -h|--help.
• Reworded several error messages.

• Fixed the UnauthorizedAccessException when overwriting read-only files.
• Fixed the UnauthorizedAccessException when storing the file name if the file was read-only.
• Now restoring the -o|--overwrite setting if an exception occurs during directory encryption.
• Now displaying the name of the copied/backup directory when encrypting a directory without the -o|--overwrite option.
• Now renaming the copied/backup directory to the original directory name if possible (if -f|--obfuscate is specified and -o|--overwrite is not). The directory can't be renamed otherwise because two directories cannot have the same path.

• Now including the vcruntime140.dll file in the Windows release so the application is portable without the Visual C++ runtime installed. I forgot to include this in the v3.0.0 Beta release. 🤦‍♂️
• Minor changes to -a|--about.

⚠️IMPORTANT: This release contains breaking changes. If you are updating from a previous version of Kryptor, then you should decrypt all of your files.

After just over 2 months of work, v3 is finally done🎉 I recommend reading the new documentation to get up to speed.

• Chunked AEAD for encryption.
• New KEK/DEK design.
• File signing.
• Fixed Argon2 parameters.
• Faster directory encryption.
• Authenticated hybrid file encryption.
• Masked password entry with support for random passphrase generation.
• Separate encryption and signing asymmetric keys.
• Private key encryption.
• Export asymmetric key pairs.
• Code improvements due to a rewrite.
• New GitBook documentation.
• No longer working on a GUI version - not enough time to work on two different versions, tricky to implement in a GUI format, not cross-platform, and more confusing for the user downloading the software. More detail can be found here.

⚠️ IMPORTANT: Previous versions of Kryptor contain a severe nonce reuse security vulnerability. Please decrypt your files with the previous version before updating. This release contains breaking changes.

This release was not planned and has been rushed, but I discovered this vulnerability yesterday when developing v3.0.0 Beta, and it needed to be fixed as soon as possible. It's a classic case of knowing good practices but failing to implement them correctly. I sincerely apologise for its existence and not spotting it sooner. It's existed ever since the program was released, which is why it went unnoticed. The good news is that it has now been patched, and I will be extra cautious with future versions.

Changelog

• Fixed nonce reuse vulnerability. Switched to a counter instead of a random nonce.
• Now only supporting XChaCha20 for file encryption.
• No longer using associated data to hash the password since there's only one encryption algorithm.
• Removed Shred Files feature.
• Minor code improvements.
• Minor changes to CLI --help.
• Updated website URLs to lowercase.

Instructions & Requirements

Running Kryptor

Instructions for running Kryptor can be found here.

CLI Requirements

There are no requirements for Windows, Linux, or macOS. Remember to mark the 'kryptor' file as executable (e.g. 'chmod +x kryptor') on Linux and macOS before running it from the terminal.

GUI Requirements

Windows: .NET Framework 4.8
Linux & macOS: Mono

Building Kryptor

If you'd like to build Kryptor from source, then please download the master branch. Instructions can be found in the README.

Verifying Signatures & Hashes

Verifying Signatures

The GPG signatures are attached (the '.sig' files) and so is my public key (the 'kryptor_signing_key.asc' file). Instructions for verifying the signatures can be found here.

Hashes

This release contains a few small changes to patch two CLI bugs.

v2.3.0 Beta will hopefully be released in January. Lots of code improvements, masked password entry in the CLI version, private key encryption, and better Windows Forms handling in the GUI version are on the way. You can keep track of my progress here.

Changelog

KryptorCLI

• Fixed System.OverflowException when trying to encrypt large files.
• Fixed --update command. This was due to an issue with .NET Core publishing.
• Added hidden --error-log command to allow the user to access their error log when reporting a bug on GitHub.

KryptorGUI

• One minor code improvement - changed Argon2 benchmark parameter from bool to int.

Instructions & Requirements

Running Kryptor

Instructions for running Kryptor can be found here.

CLI Requirements

There are no requirements for Windows, Linux, or macOS. Remember to mark the 'kryptor' file as executable (e.g. 'chmod +x kryptor') on Linux and macOS before running it from the terminal.

GUI Requirements

Windows: .NET Framework 4.8
Linux & macOS: Mono

Building Kryptor

If you'd like to build Kryptor from source, then please download the master branch. Instructions can be found in the README.

Verifying Signatures & Hashes

Verifying Signatures

The GPG signatures are attached (the '.sig' files) and so is my public key (the 'kryptor_gpg_key.asc' file). Instructions for verifying the signatures can be found here.

Hashes

A command line version of Kryptor is now available (KryptorCLI), which improves Linux and macOS support as Mono/Wine are no longer required. The CLI version is completely portable on Windows, Linux, and macOS. This release also brings some minor changes to the GUI version as well.

Note: It's currently not possible to check for updates from within the CLI version. I had to disable the --update command at the last minute due to an exception that occurs in the published version probably due to the single file publishing. I will have this fixed for the next release.

Running Kryptor

Instructions for running Kryptor can be found here.

CLI Requirements

There are no requirements for Windows, Linux, or macOS. Remember to mark the 'kryptor' file as executable (chmod +x kryptor) on Linux and macOS before running it from the terminal.

GUI Requirements

Windows: .NET Framework 4.8
Linux & macOS: Mono

Changelog:

KryptorCLI

• Now using the CommandLineUtils library by Nate McMaster.
• Added a custom --help text.
• Rearranged some code.
• Converted some global variables to local variables.
• Updated the GitHub links because of the username change.
• Added random passphrase generation if no password or keyfile is specified.
• Removed the first run benchmark and automatic updates.
• Added a --benchmark option.
• Fixed opening links on Windows.

File Handling

• Specified a larger buffer size (128 KiB) in the FileStreams. This should improve read/write speeds with large files. The main limitation at the moment is due to the anonymous rename feature - aka reading the original file name from the end of the decrypted file. This significantly slows down decryption of large (GB) files. This is due to be fixed in a future release, but it may be a breaking change.
• Specified FileOptions.SequentialScan or FileOptions.RandomAccess in the FileStreams to help with file caching.

Argon2

• Changed the default Argon2 iterations from 3 to 4.
• Changed the recommended memory size from less than (<) to less than or equal to (<=) in the Argon2 benchmark.

Building Kryptor

If you'd like to build Kryptor from source, then please download the master branch. Instructions can be found in the README.

Verifying Signatures

The GPG signatures are attached (the '.sig' files) and so is my public key (the 'kryptor_gpg_key.asc' file). Instructions for verifying the signatures can be found here.

Checksums

Windows - GUI - Installer

• SHA256: 620bf9c010a07891e81c0e71f93f5fabf7eb4d15346e69c7638c6aafd96ed1eb

Windows - GUI - Portable

• SHA256: 8f0614c5b1f00b2f313759ff3afe455c645958198bc04968741d1996b1e31d1c

Windows - CLI - Portable

• SHA256: ecc8aaa0d23551ebc9f950f6a83313ae3009071800762610941575d0600732e2

Linux - CLI - Portable

• SHA256: 2a0cbe1b8375943510f366e90b40f3cdbaaaa17a6ecb792bfc9fb1e73436b9f3

Linux - GUI - Portable

• SHA256: 6b3dd9c9c59f76dc8b8a6b6dd4b072581229a40fe70709e4c3c13512b8366041

macOS - CLI - Portable

• SHA256: 8e7917264ea70a596555b76644ba9aab20dba2f9322cde7a4addbf5c6d1012e3

macOS - GUI - Portable

• SHA256: e212443f92ed0ae9eed935496596caa62f2d4cdf65bfa4178b755bd8f9b5e385

Version 2.1.1 applies a patch for a timer issue during the Argon2 benchmark and when pressing the 'Test Parameters' button in settings.

Requirements

Windows: .NET Framework 4.8
Linux & macOS: Mono
Note: macOS Catalina is currently not supported - please see this issue. Better Linux and macOS support will be coming, but the program will be CLI.

Changelog:

Argon2 Benchmark

• Fixed a timer issue that caused inaccurate times for the first memory size in the benchmark and the 'Test Parameters' button in settings.

Building Kryptor

If you'd like to build Kryptor from source, then please download the master branch. Instructions can be found in the README.

Verifying Signatures

The GPG signatures are attached (the '.sig' files) and so is my public key (the 'kryptor_gpg_key.asc' file). Instructions for verifying the signatures can be found here.

Checksums

Windows - Installer

• SHA256: 60cd1b4cbd3890c332415fb32535f782ac11b4af55a8eb715dc9ce9e7fee3e71

Windows - Portable

• SHA256: decb8098c76439ed6d93ef862d84a01cd409c8c2d770522b2d7bc9175132fc9e

Linux - Portable

• SHA256: fd81be19b6a1be08def4051eaa549217e46343a53a38257cb1ca33592ebb7131

macOS - Portable

• SHA256: e05f7371c5671dd7b21cecd861ecbae73d000a4ec77fc5b8b5dd16357479bd38

Version 2.1 contains a breaking change. If you are upgrading from version 1.0.0 or 2.0.0, then you will need to decrypt your files before you update.

I've decided to name this release version 2.1 despite there being a breaking change because version 2 was released the other day, and I don't want to run out of version numbers.

Requirements

Windows: .NET Framework 4.8
Linux & macOS: Mono
Note: macOS Catalina is currently not supported - please see this issue. Better Linux and macOS support will be coming, but the program will be CLI.

Changelog:

Cryptography

• Now one key is generated using Argon2 and split into two keys rather than calling Argon2 twice. This is a security improvement (the previous implementation was a potential minor vulnerability) and makes key derivation faster. Thank you to Lynn Stephenson, who brought this issue to my attention; it was something I managed to overlook.

Argon2 Benchmark

• The benchmark now starts at 50 MiB instead of 10 MiB.
• The benchmark goes up to 300 MiB instead of 250 MiB.

Settings

• The minimum memory size for Argon2 has been changed from 10 MiB to 32 MiB in settings.
• The maximum memory size has been changed from 300 MiB to 500 MiB in settings.
• The maximum number of iterations has been changed from 100 to 128 in settings.
• The default memory size for Argon2 is now 128 MiB instead of 100 MiB. This only applies if the benchmark doesn't run. This should produce a delay of between 150-250 ms per file on most machines.

Code Improvements

• Fixed CodeFactor issues from version 2.0.0 Beta.
• Fixed all of the subroutine naming warnings.

Building Kryptor

If you'd like to build Kryptor from source, then please download the master branch. Instructions can be found in the README.

Verifying Signatures

The GPG signatures are attached (the '.sig' files) and so is my public key (the 'kryptor_gpg_key.asc' file). Instructions for verifying the signatures can be found here.

Checksums

Windows - Installer

• SHA256: e899075d8e7aabeaaca57afedd341c95fa7d5adb148f46926b32b8be7a49c01a

Windows - Portable

• SHA256: ae4044ffb375ddb70f2c03220060df848f3fe19f1ac0389980a477c0acb44ce0

Linux - Portable

• SHA256: cd65dfdef251f8e281b564a31a2202ee4100373a6d1aabf635ab4ba0063ddf08

macOS - Portable

• SHA256: 5ecc148cb75d2fb9f7dc9b46d3f896a2e38ca59eca99b91584821a9b0e123dba

Version 2 brings several breaking changes. If you are upgrading from version 1.0.0, then you will need to decrypt your files before you update.

Everything is much faster than in version 1. Libsodium is now used as the library for Argon2 (instead of Konscious.Security.Cryptography), HMAC has been replaced with BLAKE2b, and the Argon2 parameters/salt/nonce are now stored as headers rather than trailers. Please view the changelog for more details.

Requirements

Windows: .NET Framework 4.8
Linux & macOS: Mono

Changelog:

Cryptography

• Switched to the libsodium Argon2 implementation. This implementation is several times faster than Konscious.Security.Cryptography and allows for more secure parameters to be used with the same time delay.
• Argon2 now uses a 16 byte (128-bit) random salt instead of 32 bytes (256-bits) because this is the requirement for libsodium. Furthermore, no associated data and no known secret are used with Argon2 as these are not supported.
• Switched to keyed BLAKE2b instead of HMAC-SHA512 as the message authentication code for file encryption. BLAKE2 is several times faster than HMAC.
• The MAC key has been reduced from 1024-bits (128 bytes) to 512-bits (64 bytes) because 64 bytes is the max key size for BLAKE2. 1024-bits was excessive anyway, but it was the size used in .NET's HMAC-SHA512 implementation.
• Keyed BLAKE2b is now used to combine the associated data with the password bytes before the password bytes are sent to Argon2.
• Keyed BLAKE2b is used to combine the keyfile bytes with the password bytes instead of HMAC-SHA512.
• Libsodium is now used to generate random bytes instead of RNGCryptoServiceProvider. This was changed because I can't find any information about RNGCryptoServiceProvider in Mono. This makes no difference for generating random data on Windows, but it likely makes things more secure on Linux & macOS.
• Removed the AES-CTR encryption algorithm as it was custom made and too slow. AES-CBC is significantly faster and makes CTR redundant.
• Switched from ISO10126 to PKCS7 padding for AES-CBC. PKCS7 is more widely used, and ISO10126 was withdrawn in 2007.

File Encryption

• Keyfiles have been reduced from 1024-bits (128 bytes) to 512-bits (64 bytes) as 64 bytes is the max key size for BLAKE2.
• The Argon2 parameters, salt, and nonce are now stored as headers at the beginning of each encrypted file.
• Added 128 KiB buffers for reading files larger than 1 MiB. Previously all FileStreams used 4 KiB buffers, except when a file was less than 4 KiB in size.
• Changed the Argon2 parameters end flag from uppercase to lowercase - '|END|' to '|end|' in the file header.
• Changed the way the MAC hash is backed up in case decryption fails. It's now stored in memory and appended to the encrypted file if there's an exception. As a last resort, if the append fails, it is written to a '.backup' file. This '.backup' last resort will probably be removed in the future as it's unlikely to work if there's an exception appending the MAC to the file.

Argon2 Benchmark

• The 500 ms benchmark option has been removed. Now there's either a delay of 250 ms (More Secure) or 150 ms (Fast) per file. This is to help with encrypting a large number of files at once.
• The Argon2 benchmark now always starts at 10 MiB and stops at 250 MiB. It previously started at either 10 MiB or 50 MiB.

GUI

• Fixed 'Test Parameters' button in Settings causing crashes on Mono (Linux & macOS).
• Changed minimum Argon2 iterations to 3 & memory size to 10 MiB in Settings.
• Removed the Argon2 warning message for high memory size/iteration count combinations in Settings.
• Removed 'Parallelism' setting as there's no parallelism adjustment with libsodium.
• Moved 'Encryption Erasure' position in the 'Shred Files Methods' combo box in Settings.
• Renamed 'Exit Clipboard Clear' to 'Exit Clear Clipboard' in Settings.
• Made the file encryption form topmost on Linux & macOS to help with drag & drop.
• Changed the Argon2 benchmark form to a white font colour on Mono.
• Changed the update link from the Kryptor website to GitHub because I will keep changelogs on GitHub.
• Adjusted the position of the character set checkboxes on the Password Generator form.
• The description label has been aligned with the title label on the About form.
• Now using semantic versioning - displaying 3 version numbers rather than 4 in About.

Other Functionality

• XChaCha20 is now used instead of AES-CBC for 'Encryption' erasure in Shred Files. XChaCha20 is faster.
• File.SetLastAccessTime() has been removed in Shred Files because it's pointless - File.Delete() modifies the access time.
• The version file for update checks now gets deleted after it is read.

Code Improvements

• Changed lots of &s to && and |s to || for efficiency.
• Improved the maintainability of dark theme and Mono label alignment code.
• Rearranged some code into other classes, etc.
• Quickly reviewed the entire code once more.

Building Kryptor

If you'd like to build Kryptor from source, then please download the master branch. Instructions can be found in the README.

Verifying Signatures

The GPG signatures are attached (the '.sig' files) and so is my public key (the 'kryptor_gpg_key.asc' file). Instructions for verifying the signatures can be found here.

Checksums

Windows - Installer

• SHA256: 65130a41991431f3d0bf38fa90282eb79d63855cf3ffdafbd8b5fde41b8589ab

Windows - Portable

• SHA256: db7bee51a842af80a8b937131b130b3825094591d75bcdd332048db2215a852e

Linux - Portable

• SHA256: 941896a2c6aeb397f991ff9d78648f8c30292415bb6b4ebfc7f121c41d639bc2

macOS - Portable

• SHA256: 4e3077750baaea47c35142d167ae9f4ea7cd09f9e569ef7039736ffc89118e80

The first release of Kryptor! Please note that Kryptor is currently in Beta - there may be some bugs. Please report any issues here on GitHub to help improve the software. You can find information about how to report bugs, vulnerabilities, request new features, etc here.

Requirements

Windows: .NET Framework 4.8
Linux & macOS: Mono

Verifying Signatures

The GPG signatures & checksums will be attached to every GitHub release. Signatures and checksums for the latest release can also be found on the website by clicking the links at the bottom of the Downloads page.

Checksums

Windows - Installer

• MD5: a3075104d347a9f433fdefa4ec2bb524
• SHA1: 1cf781ffeb0dd7471c71a17b37e6a4428d91e609
• SHA256: 7057edec992c9e185ea514cc5bcb6b15c01c711093abab54450368dd015d9a70

Windows - Portable

• MD5: 9e11d1b2a2eccd934f5cce6b24f667f7
• SHA1: 2c2d1bfafa26bbf72b47be98e3539f1316e460cb
• SHA256: 2bc264a8503d91aa7fadb5eedafc389a85fb1d2addb5331096e69fa242b7e007

Linux - Portable

• MD5: 79c112f3905a88253a5ea04be1ce0a9a
• SHA1: b1b6d91db080a42ae939b58bf1c5d66683b0dcd1
• SHA256: f788af1768ddbd31fdc6ca09fb9eaa98b6428439746b95da7ce7259857111ae3

macOS - Portable

• MD5: dabe0331fa2cad3daa9509d5e2e1c83a
• SHA1: e30a93e40002d21d5d1147ff95b115b5825dbe4c
• SHA256: e599f95a51bcb6fcd609fd45e3db674c66904726191e4dec3fcec846215caa21