Krypton for iOS is a privacy tool that uses strong encryption to securely protect personal and confidential information resident on your Apple computer, iPod touch, iPhone and iPad. Krypton is not a password manager: it encrypts and decrypts entire documents (text, spreadsheets, images, audio and video, recipes, emails, anything).
Topics
Metaphorically, Krypton keeps your ciphertext items in a special vault, with each item contained in their own deposit box; to gain access to a ciphertext item the vault must be open and the passcode key must be used to unlock the deposit box before you can discern the plaintext contents inside. In iOS the vault may be open or closed, while on macOS the vault opens upon Log In.
When the App first runs the vault opens
automatically and all your ciphertext items are displayed, each represented by its name, creation date, size and one of these icons:
A vault document resides on your device; an iCloud Drive or Dropbox document resides on the cloud and must be downloaded to the vault before it can be decrypted.
Settings is where you enable the vault's five-number combination lock. With the vault closed and secured, prying eyes cannot even see the
names of your ciphertext items. If you enable the vault lock, please do not forget the
combination - no one can help you back in.
If Vault Security is enabled, when entering the background the vault is auto-locked.
Enter the vault's combination either by manipulating the lock mechanism, or touching the keyboard icon and entering your 5-number combination in the text field,
separating each number by one or more non-digit characters (use more non-digit characters for obfuscation if someone is watching).
If Touch/Face ID is enabled on your device you may use that feature to unlock the vault. Select Cancel to unlock the vault the old fashioned way.
To decrypt and view a ciphertext item, simply touch it and enter the encryption passcode. Krypton
decodes the ciphertext and then tries to display the plaintext in a Viewport. Common file formats are supported, such as text, images, Office
and iWork documents, HTML, and so on.
Plaintext items that are simple text files are displayed with long lines wrapped in the Viewport. If you double-tap a text item its lines are not
wrapped in the Viewport, but may be horizontally scrolled. A text file is any file with a .txt or .html extension, or that iOS
recognizes as Unicode strings.
In Krypton's world, plaintext data is meant to be ephermeral and fleeting, to exist for as little time as possible,
and then to be shredded. You may choose to shred the plaintext data you are examining as soon as you leave the Viewport, or you may choose to keep it
around temporarily. If you elect to keep the plaintext when exiting the Viewport and returning to the vault, the item's icon changes to a red alert triangle:
Temporarily retaining the plaintext may be a good choice for items that decrypt slowly and that you plan to revisit several times while in the vault.
However, plaintext data
is always shredded when Krypton terminates or enters the background, unless you disable this feature - it's your choice, selectable in Settings.
When you Passcode Lock your device (in iOS Settings / General), any exposed plaintext is automatically
protected by the device's hardware encryption mechanisms. This protection even extends to macOS backups when encryption is enabled.
Available from the Viewport Action menu,
Krypton can search
various types of plaintext, including simple text files, HTML, and Office and iWork documents (technically, anything that is internally represented as HTML) if a
search tool is visible. Examples of plaintext that cannot be searched include PDFs and images.
Matched text is displayed in black against a yellow background.
Available from the Viewport Action menu,
Krypton can edit plaintext files if a
pencil tool is visible. Touch the pencil to open
the edit Viewport, make your changes and touch Encrypt.
Available from the Viewport Action menu,
Krypton can print plaintext files if a
printer tool is visible.
Available from the Viewport Action menu, Krypton can share plaintext if a
share plaintext tool is visible.
Available from the Viewport Action menu, the shred tool
destroys the plaintext.
When Krypton shreds a plaintext item it first overwrites the file with a pattern of all ones, followed by a second pass of all zeros,
before deleting the file. Any files that, for whatever reason, escape shredding at App termination are shredded the next time Krypton runs.
This Settings option, which defaults to ON, is designed to protect existing ciphertext items in the vault. When importing ciphertext,
Krypton does not replace an existing ciphertext item, but rather gives the new item a different name by appending a unique number of the form
Beginning with iOS 11 managing your files is relatively easy using Apple's Files App. Files not only provides a storage location for your files such as iCloud Drive or Dropbox, but also allows you to create subfolders and maneuver between them, which means you can setup a file hierachy that is meaningful to you. To take advantage of theses capabilities, incorporate Files in your Import and Share workflows.
If you have iCloud Drive configured then Krypton creates a folder similar to this for storing its encrypted (ciphertext) items, you should not use this folder for other uses. But you can use Files to import/share plaintext/ciphertext data from/to other folders.
Additional help is available in the following sections Import Ciphertext and Plaintext and Share Ciphertext and Plaintext.
There are various ways to import items into Krypton's vault: using the
pasteboard, via File Sharing, from other Apps'
Open In menu, from iCloud Drive or from Dropbox.
Note: if the imported item is plaintext it's encrypted and then stored in the vault.
To use the pasteboard to copy-and-paste, first select an item from one of these supported pasteboard types:
and copy it to the pasteboard. Then open the vault, touch the Encrypt From Pasteboard button, and follow the instructions.
If you copy a URL to the pasteboard, the Encrypt From Pasteboard
button changes to an Import button that downloads the item over the network and stores it in the vault.
The pasteboard is erased after any encryption attempt, successful or unsuccessful.
Note: the encrypt button is not always updated automatically. If you copied data to the pasteboard and
the button's title reads Check For Pasteboard Data, touch the button to interrogate the pasteboard for available data.
To use File Sharing,
connect your iDevice to your computer's USB port, locate the device in the Locations section of Finder's left sidebar,
select the Files tab, click the App Krypton, and the vault's contents appears. Simply drag files
to/from the Files area. (Note in versions of macOS older than version 10.15 Catalina this feature is part of iTunes' File Sharing tab.)
Apps like Files use the iOS Document Model and have a menu to open their
documents in another App (labelled variously as Add to appName, Copy to appName,
Open in appName, or Save to appName). If such an App
sends a file (named, say, ASTR 332 Homework 1.pages) to Krypton, that
files's name appears in the Encrypt button, and touching the button effectively imports and encrypts the file.
Two examples, in pictures, of this multi-step technique follow. The initial steps occur in the Files App
to setup the input file (or folder) destined for
encryption, while the last step happens in Krypton to activate the encryption engine.
Continuing, we have already touched the Share button to display its options (shown below) and,
in row two, we have touched Open in Krypton. Note that Krypton's Encrypt
button has changed from Check For Pasteboard Data to Import and Encrypt ASTR 332 Homework 1.pages. Touch this button to
encrypt the Pages document and add it to the vault.
Now continue as with the first example, Share Outside.zip and touch Open in Krypton.
Note that Krypton's Encrypt
button has changed from Check For Pasteboard Data to Import and Encrypt Outside.zip. Touch this button to
encrypt the ZIP document and add it to the vault.
Finally, if you see the iCloud Drive or Dropbox icon
touch Action to copy the document from cloud storage to the vault.
You can share ciphertext items in the vault by tapping Action and selecting Email, Open In Another App, Send To iCloud Drive or Send To Dropbox from the menu,
or via File Sharing as described in Import Ciphertext and Plaintext.
To share plaintext, you must first decrypt the ciphertext and display the plaintext in the Viewport. Touch the file's Action icon on the top-right, and select Share:
To remove an item from the vault use the Action menu (or swipe left on the vault item) and touch Delete. If the plaintext exists it is shredded as well.
Deleting an iCloud Drive / Dropbox item removes the ciphertext from your device, iCloud Drive / Dropbox and all synchronized devices.
Crypto best practices are constantly evolving, and occassionally Krypton's encryption algorithm is strengthened accordingly. Once Krypton has incorporated a stronger encryption methodology all newly encrypted documents are generated in this format, such that, over time, you may collect a mixture of encrypted documents of various security strength levels.
Krypton indicates this strength level using a small LED in the ciphertext item's deposit box door. For vault items that are in the cloud and not resident on the device the LED is unlit and not visible. Otherwise the LED is lit, and for vault items with the highest security level the light glows green. For vault items encrypted with an older algorithm the LED glows orange; but keep in mind that this does not mean the item is insecure, only less secure relative to Krypton's latest encryption standard. Although we guarantee that in the future Krypton will decrypt a document of any security level, it is in your best interest to re-encrypt older items with the latest encryption algorithm: the higher the security level the better.
Additionally, when your iDevice is locked (passcode, finger or face print) every Krypton file is encrypted by iOS, so bad guys have to defeat this first level of encyption before they can even think of cracking a Krypton vault item.
You can change the passcode for ciphertext items created by Krypton for iOS version 4, or macOS version 3, and higher. Touch Action, select Change Passcode,
and enter your current and new passcodes. Krypton uses the current passcode to first authenticate the ciphertext, and assuming that is succesful, the passcode change operation commences. For a 4 GB file this will take approximately 40 seconds on a iPhone 5s ... if you do not have a spare minute do not attempt a passcode change!
Because your encrypted file is randomly re-written in-place, you must NOT interrupt the change process. Do not leave Krypton, do not lock your screen or power-off your iDevice. Doing so will almost certainly lead to irrecoverable data loss.
After a change passcode action successfully completes, cloud-based Krypton items are automatically pushed up to iCloud Drive (or Dropbox).
iCloud Drive support is controlled by iOS in Settings / Apple ID1 / iCloud Drive. Dropbox support is controlled by Krypton in Info / Settings.
1 In older versions of iOS touch the iCloud preference item here instead.↩
Krypton documents on iCloud Drive (or Dropbox) must first be imported before they can be decrypted and viewed. After touching Action and selecting Import From iCloud Drive (or Import From Dropbox)
the item is marked busy until the download completes and the ciphertext is stored in the vault. At that point you use the item as you normally would. If you swipe to
delete the vault copy of an iCloud Drive-backed (or Dropbox-backed) document only the vault item is removed. But if you swipe to delete the iCloud Drive (or Dropbox) item then the ciphertext is
removed from your device, iCloud Drive (or Dropbox) and all synchronized devices.
To move an item from the vault to iCloud Drive (or Dropbox) touch Action and select Send To iCloud Drive (or Send To Dropbox).
Krypton handles iCloud Drive (and Dropbox) version conflicts simply: the last document pushed to iCloud Drive (or Dropbox) wins. So, if you create encrypted
documents having identical names on two offline iDevices and/or Macintoshes, then as each device connects to the Internet it stores its version of the document on iCloud Drive (or Dropbox); consequently, the
second copy overwrites the first and becomes the true copy.
Krypton distinguishes vault items that have duplicate names by displaying a tiny overlay indicating the item's cloud repository source.
Krypton's simple document model works well for most folks, most of the time. However, if you want to deal with large documents (ranging from about 10 MB up to about 4,000 MB), some additional work on your part may be required.
But first, here's a brief internals overview on ZIP files, the shredder, and the scanner that are relevant to all topics.
Encrypting plaintext (a document or folder) or decrypting a Krypton item is a two step process. For encryption, the plaintext is first zipped to
a temporary file, and that
temporary file is then AES encrypted for security (hence the "zip" in the Krypton extension
zip-aes-256-cbc-pkcs7-kry). For decryption, the item is first decrypted to a temporary file, and that temporary file is
then unzipped, thus re-creating the plaintext. Using the ZIP format as an intermediary is convenient for several reasons:
But those intermediate ZIP files are by definition plaintext and need to be shredded;
which leads us to the next topic, shredding files.
The shredder runs as a background thread, dutifully destroying plaintext data, either yours or those intermediate ZIP files. When the
shredder is active you'll see this spinner in the vault's title bar:
Shredding is an expensive operation and you'll become aware of it as document sizes increase. So don't be alarmed if the shredder activates
while decrypting a large document, it's probably just disposing of the intermediate ZIP file.
There's another task that runs on demand, called the scanner, whose job is to update the list of Krypton
items in the vault. The scanner is not allowed to run during encryption, decryption or shredding, so if you are expecting an item to appear in
(or disappear from) the vault, wait for an idle time.
Sometimes it's more convenient to collect related documents in a single folder and store that folder in the vault.
Then, with a single decryption operation, the entire document collection is opened for browsing. It's simple to do this, here's what's involved in a nutshell:
Krypton imports the Zip archive
but, noticing the .zip extension, bypasses its normal compression step and proceeds to directly encrypt the archive. Once in the vault, you
can navigate the folder hierarchy and view plaintext as you are accustomed to doing.
Creating the Zip-compressed archive is easy too. Assume the folder is named ProjectDocuments:
Any Zip folders that you create manually can be shared after decryption by touching the share Zip plaintext icon:
Krypton has been carefully crafted to handle arbitrarily large documents.
The upper limit is undefined, but for practical purposes let's say about 500 - 4,000 MB.
Anything more is probably too large for most other
Apps to handle, and prohibitively slow during encryption and decryption.
A document is defined as being large if it's 10 MB or greater in size. That's not a firm value, you may find that your 60 MB
document works perfectly. But at some point, to encrypt plaintext only, you'll have to assist Krypton:
That's it: if the plaintext to encrypt is too large to handle, pre-ZIP it! Krypton
can encrypt, unzip and decrypt arbitrarily large files, it just cannot ZIP a large file without exhausting memory.
See the text on Folders above for more ZIP information.
Tip: The most efficient way to import your newly created ZIP file is via macOS File Sharing, but the shredder could create an issue. Consider disabling the Settings option Shred Plaintext to prevent the shredder from mistaking the file as plaintext. But remember to turn Shred Plaintext back on after the ZIP file has been imported and encrypted.
8.2.1 - 2022.10.11
8.2 - 2022.02.25
8.1 - 2021.02.13
8.0 - 2020.09.19
7.2 - 2020.06.09
7.1 - 2019.11.16
7.0 - 2019.11.07
6.9 - 2019.03.22
6.8 - 2018.09.14
6.7 - 2018.01.10
6.6 - 2017.11.21
6.5 - 2017.10.26
6.4 - 2017.07.23
6.3 - 2017.05.25
6.2 - 2017.01.22
6.1 - 2017.01.04
6.0 - 2016.12.21
5.0
4.2
4.1
4.0
3.0
2.11
2.10
2.9
2.8
2.7
2.6
2.5.1
2.5
2.4
2.3
Terminology
The Vault
Decrypt Ciphertext, View Plaintext
Even Plaintext Is Encrypted
Search Plaintext
Edit Plaintext (Text Files Only)
Print Plaintext
Share Plaintext
Shred Plaintext
Ciphertext Versioning
Importing and Sharing Information
Import Ciphertext and Plaintext
Share Ciphertext and Plaintext
Delete Ciphertext and Plaintext
Ciphertext Encryption Strength Levels
Change Passcode
iCloud Drive and Dropbox Documents
Advanced Kryptonology
Gesture Summary
What's New?
Copyright (©) 2009 - 2022 BigCatOS. All rights reserved. | Contact