kr!pt - faq

• What is kr!pt? A simple encryption/decryption tool in JavaScript, so that it can be run on any device with a browser. It may come handy in some cases but is more of a toy.
• What kind of cryptography is used in kr!pt? Kr!pt uses AES (when passphrases are used, then AES with 256 bit-long-keys) with the CTR block cipher mode. When passphrases are used then a 256-bit-long key is derived from the passphrase. If you provide the key, you can give 128-bit, 192-bit and 256-bit AES keys. Cryptograms are always base64 coded. Kr!pt uses the open source CryptoJS library. The file formal is compatible with that of OpenSSL.
• How is kr!pt intended to be used? You are on the road. You store your files somewhere on the web or in the cloud. They are encrypted with a passphrase in your head only. You download them, dekr!pt them, work with them and upload them enkr!pted.
• Does kr!pt support any other encryption algorithm or mode? No, and it is not on the roadmap. AES-256-CTR is pretty much what you need today. The more unnecessary settings you open, the easier it is for the user to get lost. Kr!pt is not meant to be a Swiss-army-knife; if you need one, use OpenSSL.
• Can I access the enkr!pted files with other encryption software? Yes, the format kr!pt uses is compatible with that of OpenSSL. If you encrypt a file via OpenSSL this way, you shall be able to decrypt it with kr!pt:

  
  openssl enc -aes-256-ctr -base64 -A < plaintext_file > ciphertext_file
      

  and if you encrypt a file with kr!pt, you shall be able to decrypt it with OpenSSL via:

  
  openssl enc -aes-256-ctr -base64 -A -d < ciphertext_file >  plaintext_file
      

• How secure is kr!pt? The encryption is pretty strong as kr!pt uses standard AES in a strong block cipher mode. However, if you want to do any 'serious' crypto operation, you probably don't want to do it in a browser, as a browser is prone to many attacks - see e.g. this writing. Kr!pt is more of a toy.
• Should I use kr!pt via https only? With https, you encrypt traffic on the network. Kr!pt does not send anything via the network and does not send anything to any server, it runs inside your browser only. If you load kr!pt via https, it gives you confidence that you really downloaded it from the URL in your browser only.
• How long passphrases should I use for kr!pt? My recommendation is to use at minimum 12 but rather 16+ characters. Use strong, complex passphrases, see e.g. this classic on recommendations for choosing a strong passphrase. Make sure that you don't lose your passphrase; if you lose your passphrase, it will not be possible to decrypt your data. I recommend using a password manager for backing up your passphrase.
• Does kr!pt store my passphrase? No, kr!pt does not upload you passphrase anywhere and does not store it. However, kr!pt uses the passphrase inside the browser, and it is fairly easy to extract it. I recommend closing the window and clearing the browser cache after using kr!pt.
• Is kr!pt open source? Yes, it is a web application in JavaScript. :) Kr!pt is also free, released under GPL. The CryptoJS library has its own license.
• Why is there an exclamation mark in kr!pt? It is not an exclamation mark, it is an upside down letter 'i'. :P