Krypton
Personal Privacy Agent

Krypton for iOS is a privacy tool that uses strong encryption to securely protect personal and confidential information resident on your Apple computer, iPod touch, iPhone and iPad. Krypton is not a password manager: it encrypts and decrypts entire documents (text, spreadsheets, images, audio and video, recipes, emails, anything).

Topics

Terminology
  • Plaintext refers to any item, whether a text file, image, Word or Pages document, spreadsheet, HTML or sound file, etc., in its normal format.
  • Ciphertext refers to a plaintext item that has been encrypted, and is thus unrecognizable.
  • A passcode is a string of words and characters used as a key during encryption and decryption. The only way to decrypt a Krypton item is by knowing the passcode used to encrypt it.

Topics

The Vault

Metaphorically, Krypton keeps your ciphertext items in a special vault, with each item contained in their own deposit box; to gain access to a ciphertext item the vault must be open and the passcode key must be used to unlock the deposit box before you can discern the plaintext contents inside. In iOS the vault may be open or closed, while on macOS the vault opens upon Log In. When the App first runs the vault opens automatically and all your ciphertext items are displayed, each represented by its name, creation date, size and one of these icons:

Safety Deposit Box Image

A vault document resides on your device; an iCloud Drive or Dropbox document resides on the cloud and must be downloaded to the vault before it can be decrypted.

Settings is where you enable the vault's five-number combination lock. With the vault closed and secured, prying eyes cannot even see the names of your ciphertext items. If you enable the vault lock, please do not forget the combination - no one can help you back in.

If Vault Security is enabled, when entering the background the vault is auto-locked.

Enter the vault's combination either by manipulating the lock mechanism, or touching the keyboard icon and entering your 5-number combination in the text field, separating each number by one or more non-digit characters (use more non-digit characters for obfuscation if someone is watching).

If Touch/Face ID is enabled on your device you may use that feature to unlock the vault. Select Cancel to unlock the vault the old fashioned way.

Topics

Decrypt Ciphertext, View Plaintext

To decrypt and view a ciphertext item, simply touch it and enter the encryption passcode. Krypton decodes the ciphertext and then tries to display the plaintext in a Viewport. Common file formats are supported, such as text, images, Office and iWork documents, HTML, and so on.

Plaintext items that are simple text files are displayed with long lines wrapped in the Viewport. If you double-tap a text item its lines are not wrapped in the Viewport, but may be horizontally scrolled. A text file is any file with a .txt or .html extension, or that iOS recognizes as Unicode strings.

In Krypton's world, plaintext data is meant to be ephermeral and fleeting, to exist for as little time as possible, and then to be shredded. You may choose to shred the plaintext data you are examining as soon as you leave the Viewport, or you may choose to keep it around temporarily. If you elect to keep the plaintext when exiting the Viewport and returning to the vault, the item's icon changes to a red alert triangle:

Alert Image

Temporarily retaining the plaintext may be a good choice for items that decrypt slowly and that you plan to revisit several times while in the vault. However, plaintext data is always shredded when Krypton terminates or enters the background, unless you disable this feature - it's your choice, selectable in Settings.

Topics

Even Plaintext Is Encrypted

When you Passcode Lock your device (in iOS Settings / General), any exposed plaintext is automatically protected by the device's hardware encryption mechanisms. This protection even extends to macOS backups when encryption is enabled.

Topics

Search Plaintext

Available from the Viewport Action menu, Krypton can search various types of plaintext, including simple text files, HTML, and Office and iWork documents (technically, anything that is internally represented as HTML) if a search tool is visible. Examples of plaintext that cannot be searched include PDFs and images.

Matched text is displayed in black against a yellow background.

Topics

Edit Plaintext (Text Files Only)

Available from the Viewport Action menu, Krypton can edit plaintext files if a pencil tool is visible. Touch the pencil to open the edit Viewport, make your changes and touch Encrypt.

Topics

Print Plaintext

Available from the Viewport Action menu, Krypton can print plaintext files if a printer tool is visible.

Topics

Share Plaintext

Available from the Viewport Action menu, Krypton can share plaintext if a share plaintext tool is visible.

Topics

Shred Plaintext

Available from the Viewport Action menu, the shred tool destroys the plaintext.

When Krypton shreds a plaintext item it first overwrites the file with a pattern of all ones, followed by a second pass of all zeros, before deleting the file. Any files that, for whatever reason, escape shredding at App termination are shredded the next time Krypton runs.

Topics

Ciphertext Versioning

This Settings option, which defaults to ON, is designed to protect existing ciphertext items in the vault. When importing ciphertext, Krypton does not replace an existing ciphertext item, but rather gives the new item a different name by appending a unique number of the form -nnn, where nnn ranges from 000 to 999. If Ciphertext Versioning is turned OFF then Krypton silently replaces duplicate items.

Topics

Importing and Sharing Information

Beginning with iOS 11 managing your files is relatively easy using Apple's Files App. Files not only provides a storage location for your files such as iCloud Drive or Dropbox, but also allows you to create subfolders and maneuver between them, which means you can setup a file hierachy that is meaningful to you. To take advantage of theses capabilities, incorporate Files in your Import and Share workflows.

If you have iCloud Drive configured then Krypton creates a folder similar to this for storing its encrypted (ciphertext) items, you should not use this folder for other uses. But you can use Files to import/share plaintext/ciphertext data from/to other folders.

  • To import a file from Files:
    1. First run the Files App
    2. Naviagte to the desired folder
    3. Long touch the desired file to display the file's Action menu
    4. Share
    5. Open in Krypton, which runs Krypton
    6. This activates the Encrypt button which imports and encrypts the plaintext. The ciphertext is stored in the default Krypton folder.
  • To share a file to Files touch the Krypton Action icon:
    1. Open In Another App
    2. Save to Files, which runs Files
    3. Navigate to the destination folder
    4. Save

Additional help is available in the following sections Import Ciphertext and Plaintext and Share Ciphertext and Plaintext.

Import Ciphertext and Plaintext

There are various ways to import items into Krypton's vault: using the pasteboard, via File Sharing, from other Apps' Open In menu, from iCloud Drive or from Dropbox. Note: if the imported item is plaintext it's encrypted and then stored in the vault.

  1. Pasteboard

    To use the pasteboard to copy-and-paste, first select an item from one of these supported pasteboard types:

    • Text: ASCII plaintext, UTF-8 plaintext
    • Image: PNG, JPEG, TIFF, PICT, GIF
    • Movie
    • URL
    • Any previously encrypted item, i.e. having the extension .zip-aes-256-cbc-pkcs7-kry

    and copy it to the pasteboard. Then open the vault, touch the Encrypt From Pasteboard button, and follow the instructions. If you copy a URL to the pasteboard, the Encrypt From Pasteboard button changes to an Import button that downloads the item over the network and stores it in the vault.

    The pasteboard is erased after any encryption attempt, successful or unsuccessful.

    Note: the encrypt button is not always updated automatically. If you copied data to the pasteboard and the button's title reads Check For Pasteboard Data, touch the button to interrogate the pasteboard for available data.

  2. File Sharing

    To use File Sharing, connect your iDevice to your computer's USB port, locate the device in the Locations section of Finder's left sidebar, select the Files tab, click the App Krypton, and the vault's contents appears. Simply drag files to/from the Files area. (Note in versions of macOS older than version 10.15 Catalina this feature is part of iTunes' File Sharing tab.)

    Alert Image

  3. Open In

    Apps like Files use the iOS Document Model and have a menu to open their documents in another App (labelled variously as Add to appName, Copy to appName, Open in appName, or Save to appName). If such an App sends a file (named, say, ASTR 332 Homework 1.pages) to Krypton, that files's name appears in the Encrypt button, and touching the button effectively imports and encrypts the file.

    Two examples, in pictures, of this multi-step technique follow. The initial steps occur in the Files App to setup the input file (or folder) destined for encryption, while the last step happens in Krypton to activate the encryption engine.

    • Here is an example of encrypting a Pages document in an iPad split screen view, with Files on the left and Krypton on the right. To begin the Share, we've already started the Files App, navigated to the folder containing the document, and long touched ASTR 332 Homework 1.pages, which displays the file's Action menu:

      Alert Image

      Continuing, we have already touched the Share button to display its options (shown below) and, in row two, we have touched Open in Krypton. Note that Krypton's Encrypt button has changed from Check For Pasteboard Data to Import and Encrypt ASTR 332 Homework 1.pages. Touch this button to encrypt the Pages document and add it to the vault.

      Alert Image

    • In this example we encrypt a folder in an iPad slide over view, with the Files App underneath and Krypton sliding above. The idea is to consolidate the folder and its entire contents into a single ZIP archive, and then encrypt the archive - Krypton knows about ZIP files and can decrypt, expand and display an archive's contents. First, long touch the Outside folder and select Compress to create Outside.zip.

      Alert Image

      Now continue as with the first example, Share Outside.zip and touch Open in Krypton. Note that Krypton's Encrypt button has changed from Check For Pasteboard Data to Import and Encrypt Outside.zip. Touch this button to encrypt the ZIP document and add it to the vault.

      Alert Image
  4. iCloud and Dropbox

    Finally, if you see the iCloud Drive or Dropbox icon touch Action to copy the document from cloud storage to the vault.

Share Ciphertext and Plaintext

You can share ciphertext items in the vault by tapping Action and selecting Email, Open In Another App, Send To iCloud Drive or Send To Dropbox from the menu, or via File Sharing as described in Import Ciphertext and Plaintext.

To share plaintext, you must first decrypt the ciphertext and display the plaintext in the Viewport. Touch the file's Action icon on the top-right, and select Share:

Alert Image

Topics

Delete Ciphertext and Plaintext

To remove an item from the vault use the Action menu (or swipe left on the vault item) and touch Delete. If the plaintext exists it is shredded as well. Deleting an iCloud Drive / Dropbox item removes the ciphertext from your device, iCloud Drive / Dropbox and all synchronized devices.

Topics

Ciphertext Encryption Strength Levels

Crypto best practices are constantly evolving, and occassionally Krypton's encryption algorithm is strengthened accordingly. Once Krypton has incorporated a stronger encryption methodology all newly encrypted documents are generated in this format, such that, over time, you may collect a mixture of encrypted documents of various security strength levels.

Krypton indicates this strength level using a small LED in the ciphertext item's deposit box door. For vault items that are in the cloud and not resident on the device the LED is unlit and not visible. Otherwise the LED is lit, and for vault items with the highest security level the light glows green. For vault items encrypted with an older algorithm the LED glows orange; but keep in mind that this does not mean the item is insecure, only less secure relative to Krypton's latest encryption standard. Although we guarantee that in the future Krypton will decrypt a document of any security level, it is in your best interest to re-encrypt older items with the latest encryption algorithm: the higher the security level the better.

Alert Image

Additionally, when your iDevice is locked (passcode, finger or face print) every Krypton file is encrypted by iOS, so bad guys have to defeat this first level of encyption before they can even think of cracking a Krypton vault item.

Topics

Change Passcode

You can change the passcode for ciphertext items created by Krypton for iOS version 4, or macOS version 3, and higher. Touch Action, select Change Passcode, and enter your current and new passcodes. Krypton uses the current passcode to first authenticate the ciphertext, and assuming that is succesful, the passcode change operation commences. For a 4 GB file this will take approximately 40 seconds on a iPhone 5s ... if you do not have a spare minute do not attempt a passcode change!

WARNING!

Because your encrypted file is randomly re-written in-place, you must NOT interrupt the change process. Do not leave Krypton, do not lock your screen or power-off your iDevice. Doing so will almost certainly lead to irrecoverable data loss.

WARNING!

After a change passcode action successfully completes, cloud-based Krypton items are automatically pushed up to iCloud Drive (or Dropbox).

Topics

iCloud Drive and Dropbox Documents

iCloud Drive support is controlled by iOS in Settings / Apple ID1 / iCloud Drive. Dropbox support is controlled by Krypton in Info / Settings.

1 In older versions of iOS touch the iCloud preference item here instead.

iCloud Image

Krypton documents on iCloud Drive (or Dropbox) must first be imported before they can be decrypted and viewed. After touching Action and selecting Import From iCloud Drive (or Import From Dropbox) the item is marked busy until the download completes and the ciphertext is stored in the vault. At that point you use the item as you normally would. If you swipe to delete the vault copy of an iCloud Drive-backed (or Dropbox-backed) document only the vault item is removed. But if you swipe to delete the iCloud Drive (or Dropbox) item then the ciphertext is removed from your device, iCloud Drive (or Dropbox) and all synchronized devices.

To move an item from the vault to iCloud Drive (or Dropbox) touch Action and select Send To iCloud Drive (or Send To Dropbox).

Krypton handles iCloud Drive (and Dropbox) version conflicts simply: the last document pushed to iCloud Drive (or Dropbox) wins. So, if you create encrypted documents having identical names on two offline iDevices and/or Macintoshes, then as each device connects to the Internet it stores its version of the document on iCloud Drive (or Dropbox); consequently, the second copy overwrites the first and becomes the true copy.

Krypton distinguishes vault items that have duplicate names by displaying a tiny overlay indicating the item's cloud repository source.

Cloud Name Resolution

Topics

Advanced Kryptonology

Krypton's simple document model works well for most folks, most of the time. However, if you want to deal with large documents (ranging from about 10 MB up to about 4,000 MB), some additional work on your part may be required. But first, here's a brief internals overview on ZIP files, the shredder, and the scanner that are relevant to all topics.

Encrypting plaintext (a document or folder) or decrypting a Krypton item is a two step process. For encryption, the plaintext is first zipped to a temporary file, and that temporary file is then AES encrypted for security (hence the "zip" in the Krypton extension zip-aes-256-cbc-pkcs7-kry). For decryption, the item is first decrypted to a temporary file, and that temporary file is then unzipped, thus re-creating the plaintext. Using the ZIP format as an intermediary is convenient for several reasons:

  • everything is compressed
  • folders are flattened into a single unit for easy manipulation
  • the format is universal, so you can create ZIP files on your Mac, PC or Linux computer

But those intermediate ZIP files are by definition plaintext and need to be shredded; which leads us to the next topic, shredding files.

The shredder runs as a background thread, dutifully destroying plaintext data, either yours or those intermediate ZIP files. When the shredder is active you'll see this spinner in the vault's title bar:

Shredding is an expensive operation and you'll become aware of it as document sizes increase. So don't be alarmed if the shredder activates while decrypting a large document, it's probably just disposing of the intermediate ZIP file.

There's another task that runs on demand, called the scanner, whose job is to update the list of Krypton items in the vault. The scanner is not allowed to run during encryption, decryption or shredding, so if you are expecting an item to appear in (or disappear from) the vault, wait for an idle time.

1) Folders

Sometimes it's more convenient to collect related documents in a single folder and store that folder in the vault. Then, with a single decryption operation, the entire document collection is opened for browsing. It's simple to do this, here's what's involved in a nutshell:

  1. Create a single folder on your computer and fill it with documents, or even other folders.
  2. Zip-compress the folder and ensure that it has a .zip extension.
  3. Import the Zip archive into the vault.

Krypton imports the Zip archive but, noticing the .zip extension, bypasses its normal compression step and proceeds to directly encrypt the archive. Once in the vault, you can navigate the folder hierarchy and view plaintext as you are accustomed to doing.

Creating the Zip-compressed archive is easy too. Assume the folder is named ProjectDocuments:

  • Mac OS X : right click (or control click) on the folder and select Compress "ProjectDocuments".
  • Windows : right click the folder, point to Send To, and click Compressed (zipped) Folder.
  • Linux : zip -r ProjectDocuments.zip ProjectDocuments/

Any Zip folders that you create manually can be shared after decryption by touching the share Zip plaintext icon:

Alert Image

2) Large Documents

Krypton has been carefully crafted to handle arbitrarily large documents. The upper limit is undefined, but for practical purposes let's say about 500 - 4,000 MB. Anything more is probably too large for most other Apps to handle, and prohibitively slow during encryption and decryption.

A document is defined as being large if it's 10 MB or greater in size. That's not a firm value, you may find that your 60 MB document works perfectly. But at some point, to encrypt plaintext only, you'll have to assist Krypton:

You must pre-ZIP large documents prior to on-device encryption

That's it: if the plaintext to encrypt is too large to handle, pre-ZIP it! Krypton can encrypt, unzip and decrypt arbitrarily large files, it just cannot ZIP a large file without exhausting memory. See the text on Folders above for more ZIP information.

Tip: The most efficient way to import your newly created ZIP file is via macOS File Sharing, but the shredder could create an issue. Consider disabling the Settings option Shred Plaintext to prevent the shredder from mistaking the file as plaintext. But remember to turn Shred Plaintext back on after the ZIP file has been imported and encrypted.

Topics

Gesture Summary
  • For iPad twist knob with 2 fingers to manipulate the combination and unlock the vault.
  • Single tap a vault item to display plaintext with lines wrapped in Viewport.
  • Double tap a vault item to display plaintext with lines not wrapped in Viewport.
  • Drag the vault contents downwards to force a content refresh from data sources such as iCloud Drive / Dropbox and macOS File Sharing.
  • Swiping left on a vault item is the generalized destruction gesture; depending upon context it deletes plaintext, a vault item or a cloud item, or cancels a Drobox transfer.
  • When Settings / Vault Item Order is set to Manual, touch and hold a vault item to activate re-ordering. For iPad drag the item to its new location and release. For iPhone grab the drag pad and re-order the item, then touch and hold to deactivate re-ordering.

Topics

What's New?

8.2.1 - 2022.10.11

  • iOS 16 security changes to Mobile Safari broke the display of some types of plaintext.
  • Minimum iOS version is 11.0.
  • Update for iOS 16.0.2.

8.2 - 2022.02.25

  • Minor bug fixes and improvements.
  • Update for iOS 15.3.1, macOS 12.2.1.

8.1 - 2021.02.13

  • Krypton now uses short-lived Dropbox tokens, which means you will have to re-authenticate occasionally.
  • New macOS Universal binary that runs on either Apple Silicon or Intel Macs.
  • Update for iOS 14.4, macOS 11.2.

8.0 - 2020.09.19

  • Krypton is now a single purchase that runs on your iPod touch, iPhone, iPad and Macintosh.
  • Update for iOS 13.6.1.

7.2 - 2020.06.09

  • Conform with Apple's 2020.06.30 App Store guidelines.
  • Update for iOS 13.5.1.

7.1 - 2019.11.16

  • After a change passcode action successfully completes, cloud-based Krypton items are automatically pushed up to iCloud Drive (or Dropbox).
  • Improve the Viewport display (enhance the algorithm that differentiates a folder from an application).
  • Document folder encryption.
  • Update for iOS 13.2.3.

7.0 - 2019.11.07

  • Add ability to import and encrypt folders.
  • When the Encrypt button reads Check For Pasteboard Data touching it evaluates the pasteboard contents for importable items.
  • Update documentation with Import examples, particularly Open In usage for iWork documents and the Files App.
  • Krypton is now Dark Mode aware.
  • Krypton works in full screen, split view and slide view.
  • Bug fixes. All deprecated APIs updated as well.
  • Update for Dropbox 3.10.0.
  • Update for iOS 13.2.2.

6.9 - 2019.03.22

  • Update for iOS 12.1.4.
  • Documentation now supports BigCatOs Appearances.

6.8 - 2018.09.14

  • Update for iOS 12.0.
  • Documentation updates.

6.7 - 2018.01.10

  • Update for iOS 11.2.2.
  • Improve Sharing with other Apps.
  • Clarify Face ID's effect on importing and encrypting from the pasteboard.

6.6 - 2017.11.21

  • Update for iOS 11.1.2 and iPhone X.
  • If Vault Security is enabled your options for unlocking the Vault now include the combination control, the keyboard, and, if enabled, Touch ID or Face ID.
  • Improve background thread handling.
  • Bug fixes.

6.5 - 2017.10.26

  • Update for iOS 11.0.3.
  • Full support for iPhone X.
  • Improve background thread handling.

6.4 - 2017.07.23

  • Documentation updates.
  • Update for iOS 10.3.3.

6.3 - 2017.05.25

  • Rewrite Dropbox code for new API version 2.
  • iOS version 9 or greater now required.
  • Update for iOS 10.3.2.
  • Bug fixes.

6.2 - 2017.01.22

  • Refresh various images; documentation tweaks.
  • Bug fixes.

6.1 - 2017.01.04

  • Fix Open In of a Zip file.
  • Update and consolidate plaintext and Zip Viewport display code; fix clipped text when pencil-editing.
  • Use AlertController framework to modernize and consolidate alert and action dialogs.
  • Remove the Viewport toolbar of actions and replace with a popup menu of possible actions. The Actions menu is activated via the Action button that replaces the Keep button on the right of the Viewport. The Keep button is now on the left of the Viewport where Shred used to be, and Shred is now an item in the Actions menu.

6.0 - 2016.12.21

  • Update for iOS 10.2.
  • Critical performance (not data integrity) bug fix for iPhone and iPod.
  • Various, smaller, bug fixes.
  • Krypton now requires that your iDevice run an iOS version >= 8.

5.0

  • Re-add iCloud Drive support.
  • Use Touch ID to unlock the Vault.
  • iPhone 6 and iPhone 6 Plus aware.
  • Update for iOS 8.1.

4.2

  • Update for iOS 8.

4.1

  • For files encrypted with Krypton for iOS version 4 (or Mac OS/X version 3) and higher, add the ability to change the ciphtertext passcode without having to re-encrypt the file.
  • Share and Import have been combined into Action, which includes the Change Passcode feature.
  • You can now paste a long and complex passcode via the pasteboard into the encryption and change passcode dialog views. (You must first disable Shred Plaintext in Settings.)
  • When importing a Dropbox document into the vault, the item's creation date inherits the Dropbox file creation date.
  • You can pencil-edit a plaintext text file once again.

4.0

  • Completely re-written to take advantage of features in iOS 6 and later.
  • New, more secure encryption format that authenticates your ciphertext via Encrypt-Then-MAC. Thanks to Jeffrey Goldberg of 1Password for his technical writings on the subject.
  • Encryption / decryption uses less memory and is approximately 14% faster. To put this in perspective, an iPhone 5S is almost as fast as a current generation iMac!
  • Maximum document size increased to 4 GB for 64-bit iOS devices (2 GB for older devices).
  • New iPad user interface displays Vault items in a matrix rather than a single column.
  • Vault items can be sorted alphabetically either up or down, or re-ordered manually by touching for 1 second and dragging.
  • Pull down to poll data sources such as macOS File Sharing and Dropbox to refresh the Vault's contents.
  • Like iPad, every iPhone and iPod view can now be rotated.
  • Dynamic Type that adjusts most text to your preferred reading size.
  • Auto Layout so Krypton is ready for all those rumored larger iDevices!
  • Update for iOS 7.1, 64-bit clean.

3.0

  • Update for iOS 7.
  • Similar to plaintext, ciphertext items are now protected by the device's hardware encryption keys.

2.11

  • Add pasteboard support for encrypting a QuickTime movie directly from the Camera roll.

2.10

  • One bug fix, but it was a doozy!

2.9

  • iOS 6 tested.
  • Improved iTunes File Sharing.
  • Support for new iPhone and iPod larger screen size.
  • With Vault Security enabled, randomize the combination and auto-lock the vault when entering the background.

2.8

  • Bug fixes only this time.

2.7

  • Add button to refresh Dropbox document list.
  • Add ability to download and encrypt Dropbox plaintext documents.

2.6

  • Add Dropbox support in lieu of iCloud, using the folder /Apps/Krypton as your ciphertext vault in the cloud.
  • More Advanced Kryptonology: ability to export decrypted Zip folders that you manually created.

2.5.1

2.5

  • Do not backup plaintext to iCloud.
  • For iPad display plaintext fullscreen rather than in a popover.

2.4

  • iCloud document support.

2.3

  • Large document support.
  • Robust shredder, with activity view.
  • Improved memory management and subtle bug fixes.

Topics



Copyright (©) 2009 - 2022 BigCatOS. All rights reserved.   |   Contact