• Plaintext refers to any item, whether a text file, image, Word or Pages document, spreadsheet, HTML or sound file, etc., in its normal format.
• Ciphertext refers to a plaintext item that has been encrypted, and is thus unrecognizable.
• A passcode is a string of words and characters used as a key during encryption and decryption. The only way to decrypt a Krypton item is by knowing the passcode used to encrypt it.

Topics

Metaphorically, Krypton keeps your ciphertext items in a special vault, with each item contained in their own deposit box; to gain access to a ciphertext item the vault must be open and the passcode key must be used to unlock the deposit box before you can discern the plaintext contents inside. In iOS the vault may be open or closed, while on macOS the vault opens upon Log In. When the App first runs the vault opens automatically and all your ciphertext items are displayed, each represented by its name, creation date, size and one of these icons:

A vault document resides on your device; an iCloud Drive or Dropbox document resides on the cloud and must be downloaded to the vault before it can be decrypted.

Settings is where you enable the vault's five-number combination lock. With the vault closed and secured, prying eyes cannot even see the names of your ciphertext items. If you enable the vault lock, please do not forget the combination - no one can help you back in.

If Vault Security is enabled, when entering the background the vault is auto-locked.

Enter the vault's combination either by manipulating the lock mechanism, or touching the keyboard icon and entering your 5-number combination in the text field, separating each number by one or more non-digit characters (use more non-digit characters for obfuscation if someone is watching).

If Touch/Face ID is enabled on your device you may use that feature to unlock the vault. Select Cancel to unlock the vault the old fashioned way.

Topics

To decrypt and view a ciphertext item, simply touch it and enter the encryption passcode. Krypton decodes the ciphertext and then tries to display the plaintext in a Viewport. Common file formats are supported, such as text, images, Office and iWork documents, HTML, and so on.

Plaintext items that are simple text files are displayed with long lines wrapped in the Viewport. If you double-tap a text item its lines are not wrapped in the Viewport, but may be horizontally scrolled. A text file is any file with a .txt or .html extension, or that iOS recognizes as Unicode strings.

In Krypton's world, plaintext data is meant to be ephermeral and fleeting, to exist for as little time as possible, and then to be shredded. You may choose to shred the plaintext data you are examining as soon as you leave the Viewport, or you may choose to keep it around temporarily. If you elect to keep the plaintext when exiting the Viewport and returning to the vault, the item's icon changes to a red alert triangle:

Temporarily retaining the plaintext may be a good choice for items that decrypt slowly and that you plan to revisit several times while in the vault. However, plaintext data is always shredded when Krypton terminates or enters the background, unless you disable this feature - it's your choice, selectable in Settings.

Topics

When you Passcode Lock your device (in iOS Settings / General), any exposed plaintext is automatically protected by the device's hardware encryption mechanisms. This protection even extends to macOS backups when encryption is enabled.

Topics

Available from the Viewport Action menu, Krypton can search various types of plaintext, including simple text files, HTML, and Office and iWork documents (technically, anything that is internally represented as HTML) if a search tool is visible. Examples of plaintext that cannot be searched include PDFs and images.

Matched text is displayed in black against a yellow background.

Topics

Available from the Viewport Action menu, Krypton can edit plaintext files if a pencil tool is visible. Touch the pencil to open the edit Viewport, make your changes and touch Encrypt.

Topics

Available from the Viewport Action menu, Krypton can print plaintext files if a printer tool is visible.

Topics

Available from the Viewport Action menu, Krypton can share plaintext if a share plaintext tool is visible.

Topics

Available from the Viewport Action menu, the shred tool destroys the plaintext.

When Krypton shreds a plaintext item it first overwrites the file with a pattern of all ones, followed by a second pass of all zeros, before deleting the file. Any files that, for whatever reason, escape shredding at App termination are shredded the next time Krypton runs.

Topics

This Settings option, which defaults to ON, is designed to protect existing ciphertext items in the vault. When importing ciphertext, Krypton does not replace an existing ciphertext item, but rather gives the new item a different name by appending a unique number of the form -nnn, where nnn ranges from 000 to 999. If Ciphertext Versioning is turned OFF then Krypton silently replaces duplicate items.

Topics

• To import a file from Files:
  1. First run the Files App
  2. Naviagte to the desired folder
  3. Long touch the desired file to display the file's Action menu
  4. Share
  5. Open in Krypton, which runs Krypton
  6. This activates the Encrypt button which imports and encrypts the plaintext. The ciphertext is stored in the default Krypton folder.
• To share a file to Files touch the Krypton Action icon:
  1. Open In Another App
  2. Save to Files, which runs Files
  3. Navigate to the destination folder
  4. Save

Additional help is available in the following sections Import Ciphertext and Plaintext and Share Ciphertext and Plaintext.

Share Ciphertext and Plaintext

You can share ciphertext items in the vault by tapping Action and selecting Email, Open In Another App, Send To iCloud Drive or Send To Dropbox from the menu, or via File Sharing as described in Import Ciphertext and Plaintext.

To share plaintext, you must first decrypt the ciphertext and display the plaintext in the Viewport. Touch the file's Action icon on the top-right, and select Share:

Topics

To remove an item from the vault use the Action menu (or swipe left on the vault item) and touch Delete. If the plaintext exists it is shredded as well. Deleting an iCloud Drive / Dropbox item removes the ciphertext from your device, iCloud Drive / Dropbox and all synchronized devices.

Topics

Crypto best practices are constantly evolving, and occassionally Krypton's encryption algorithm is strengthened accordingly. Once Krypton has incorporated a stronger encryption methodology all newly encrypted documents are generated in this format, such that, over time, you may collect a mixture of encrypted documents of various security strength levels.

Krypton indicates this strength level using a small LED in the ciphertext item's deposit box door. For vault items that are in the cloud and not resident on the device the LED is unlit and not visible. Otherwise the LED is lit, and for vault items with the highest security level the light glows green. For vault items encrypted with an older algorithm the LED glows orange; but keep in mind that this does not mean the item is insecure, only less secure relative to Krypton's latest encryption standard. Although we guarantee that in the future Krypton will decrypt a document of any security level, it is in your best interest to re-encrypt older items with the latest encryption algorithm: the higher the security level the better.

Additionally, when your iDevice is locked (passcode, finger or face print) every Krypton file is encrypted by iOS, so bad guys have to defeat this first level of encyption before they can even think of cracking a Krypton vault item.

Topics

You can change the passcode for ciphertext items created by Krypton for iOS version 4, or macOS version 3, and higher. Touch Action, select Change Passcode, and enter your current and new passcodes. Krypton uses the current passcode to first authenticate the ciphertext, and assuming that is succesful, the passcode change operation commences. For a 4 GB file this will take approximately 40 seconds on a iPhone 5s ... if you do not have a spare minute do not attempt a passcode change!

Because your encrypted file is randomly re-written in-place, you must NOT interrupt the change process. Do not leave Krypton, do not lock your screen or power-off your iDevice. Doing so will almost certainly lead to irrecoverable data loss.

After a change passcode action successfully completes, cloud-based Krypton items are automatically pushed up to iCloud Drive (or Dropbox).

Topics

iCloud Drive support is controlled by iOS in Settings / Apple ID¹ / iCloud Drive. Dropbox support is controlled by Krypton in Info / Settings.

¹ In older versions of iOS touch the iCloud preference item here instead.↩

Krypton documents on iCloud Drive (or Dropbox) must first be imported before they can be decrypted and viewed. After touching Action and selecting Import From iCloud Drive (or Import From Dropbox) the item is marked busy until the download completes and the ciphertext is stored in the vault. At that point you use the item as you normally would. If you swipe to delete the vault copy of an iCloud Drive-backed (or Dropbox-backed) document only the vault item is removed. But if you swipe to delete the iCloud Drive (or Dropbox) item then the ciphertext is removed from your device, iCloud Drive (or Dropbox) and all synchronized devices.

To move an item from the vault to iCloud Drive (or Dropbox) touch Action and select Send To iCloud Drive (or Send To Dropbox).

Krypton handles iCloud Drive (and Dropbox) version conflicts simply: the last document pushed to iCloud Drive (or Dropbox) wins. So, if you create encrypted documents having identical names on two offline iDevices and/or Macintoshes, then as each device connects to the Internet it stores its version of the document on iCloud Drive (or Dropbox); consequently, the second copy overwrites the first and becomes the true copy.

Krypton distinguishes vault items that have duplicate names by displaying a tiny overlay indicating the item's cloud repository source.

Topics

Krypton's simple document model works well for most folks, most of the time. However, if you want to deal with large documents (ranging from about 10 MB up to about 4,000 MB), some additional work on your part may be required. But first, here's a brief internals overview on ZIP files, the shredder, and the scanner that are relevant to all topics.

Encrypting plaintext (a document or folder) or decrypting a Krypton item is a two step process. For encryption, the plaintext is first zipped to a temporary file, and that temporary file is then AES encrypted for security (hence the "zip" in the Krypton extension zip-aes-256-cbc-pkcs7-kry). For decryption, the item is first decrypted to a temporary file, and that temporary file is then unzipped, thus re-creating the plaintext. Using the ZIP format as an intermediary is convenient for several reasons:

• everything is compressed
• folders are flattened into a single unit for easy manipulation
• the format is universal, so you can create ZIP files on your Mac, PC or Linux computer

But those intermediate ZIP files are by definition plaintext and need to be shredded; which leads us to the next topic, shredding files.

The shredder runs as a background thread, dutifully destroying plaintext data, either yours or those intermediate ZIP files. When the shredder is active you'll see this spinner in the vault's title bar:

Shredding is an expensive operation and you'll become aware of it as document sizes increase. So don't be alarmed if the shredder activates while decrypting a large document, it's probably just disposing of the intermediate ZIP file.

There's another task that runs on demand, called the scanner, whose job is to update the list of Krypton items in the vault. The scanner is not allowed to run during encryption, decryption or shredding, so if you are expecting an item to appear in (or disappear from) the vault, wait for an idle time.

1) Folders

Sometimes it's more convenient to collect related documents in a single folder and store that folder in the vault. Then, with a single decryption operation, the entire document collection is opened for browsing. It's simple to do this, here's what's involved in a nutshell:

1. Create a single folder on your computer and fill it with documents, or even other folders.
2. Zip-compress the folder and ensure that it has a .zip extension.
3. Import the Zip archive into the vault.

Krypton imports the Zip archive but, noticing the .zip extension, bypasses its normal compression step and proceeds to directly encrypt the archive. Once in the vault, you can navigate the folder hierarchy and view plaintext as you are accustomed to doing.

Creating the Zip-compressed archive is easy too. Assume the folder is named ProjectDocuments:

• Mac OS X : right click (or control click) on the folder and select Compress "ProjectDocuments".
• Windows : right click the folder, point to Send To, and click Compressed (zipped) Folder.
• Linux : zip -r ProjectDocuments.zip ProjectDocuments/

Any Zip folders that you create manually can be shared after decryption by touching the share Zip plaintext icon:

2) Large Documents

Krypton has been carefully crafted to handle arbitrarily large documents. The upper limit is undefined, but for practical purposes let's say about 500 - 4,000 MB. Anything more is probably too large for most other Apps to handle, and prohibitively slow during encryption and decryption.

A document is defined as being large if it's 10 MB or greater in size. That's not a firm value, you may find that your 60 MB document works perfectly. But at some point, to encrypt plaintext only, you'll have to assist Krypton:

You must pre-ZIP large documents prior to on-device encryption

That's it: if the plaintext to encrypt is too large to handle, pre-ZIP it! Krypton can encrypt, unzip and decrypt arbitrarily large files, it just cannot ZIP a large file without exhausting memory. See the text on Folders above for more ZIP information.

Tip: The most efficient way to import your newly created ZIP file is via macOS File Sharing, but the shredder could create an issue. Consider disabling the Settings option Shred Plaintext to prevent the shredder from mistaking the file as plaintext. But remember to turn Shred Plaintext back on after the ZIP file has been imported and encrypted.

Topics

• For iPad twist knob with 2 fingers to manipulate the combination and unlock the vault.
• Single tap a vault item to display plaintext with lines wrapped in Viewport.
• Double tap a vault item to display plaintext with lines not wrapped in Viewport.
• Drag the vault contents downwards to force a content refresh from data sources such as iCloud Drive / Dropbox and macOS File Sharing.
• Swiping left on a vault item is the generalized destruction gesture; depending upon context it deletes plaintext, a vault item or a cloud item, or cancels a Drobox transfer.
• When Settings / Vault Item Order is set to Manual, touch and hold a vault item to activate re-ordering. For iPad drag the item to its new location and release. For iPhone grab the drag pad and re-order the item, then touch and hold to deactivate re-ordering.

Topics

8.2.1 - 2022.10.11

• iOS 16 security changes to Mobile Safari broke the display of some types of plaintext.
• Minimum iOS version is 11.0.
• Update for iOS 16.0.2.

8.2 - 2022.02.25

• Minor bug fixes and improvements.
• Update for iOS 15.3.1, macOS 12.2.1.

8.1 - 2021.02.13

• Krypton now uses short-lived Dropbox tokens, which means you will have to re-authenticate occasionally.
• New macOS Universal binary that runs on either Apple Silicon or Intel Macs.
• Update for iOS 14.4, macOS 11.2.

8.0 - 2020.09.19

• Krypton is now a single purchase that runs on your iPod touch, iPhone, iPad and Macintosh.
• Update for iOS 13.6.1.

7.2 - 2020.06.09

• Conform with Apple's 2020.06.30 App Store guidelines.
• Update for iOS 13.5.1.

7.1 - 2019.11.16

• After a change passcode action successfully completes, cloud-based Krypton items are automatically pushed up to iCloud Drive (or Dropbox).
• Improve the Viewport display (enhance the algorithm that differentiates a folder from an application).
• Document folder encryption.
• Update for iOS 13.2.3.

7.0 - 2019.11.07

• Add ability to import and encrypt folders.
• When the Encrypt button reads Check For Pasteboard Data touching it evaluates the pasteboard contents for importable items.
• Update documentation with Import examples, particularly Open In usage for iWork documents and the Files App.
• Krypton is now Dark Mode aware.
• Krypton works in full screen, split view and slide view.
• Bug fixes. All deprecated APIs updated as well.
• Update for Dropbox 3.10.0.
• Update for iOS 13.2.2.

6.9 - 2019.03.22

• Update for iOS 12.1.4.
• Documentation now supports BigCatOs Appearances.

6.8 - 2018.09.14

• Update for iOS 12.0.
• Documentation updates.

6.7 - 2018.01.10

• Update for iOS 11.2.2.
• Improve Sharing with other Apps.
• Clarify Face ID's effect on importing and encrypting from the pasteboard.

6.6 - 2017.11.21

• Update for iOS 11.1.2 and iPhone X.
• If Vault Security is enabled your options for unlocking the Vault now include the combination control, the keyboard, and, if enabled, Touch ID or Face ID.
• Improve background thread handling.
• Bug fixes.

6.5 - 2017.10.26

• Update for iOS 11.0.3.
• Full support for iPhone X.
• Improve background thread handling.

6.4 - 2017.07.23

• Documentation updates.
• Update for iOS 10.3.3.

6.3 - 2017.05.25

• Rewrite Dropbox code for new API version 2.
• iOS version 9 or greater now required.
• Update for iOS 10.3.2.
• Bug fixes.

6.2 - 2017.01.22

• Refresh various images; documentation tweaks.
• Bug fixes.

6.1 - 2017.01.04

• Fix Open In of a Zip file.
• Update and consolidate plaintext and Zip Viewport display code; fix clipped text when pencil-editing.
• Use AlertController framework to modernize and consolidate alert and action dialogs.
• Remove the Viewport toolbar of actions and replace with a popup menu of possible actions. The Actions menu is activated via the Action button that replaces the Keep button on the right of the Viewport. The Keep button is now on the left of the Viewport where Shred used to be, and Shred is now an item in the Actions menu.

6.0 - 2016.12.21

• Update for iOS 10.2.
• Critical performance (not data integrity) bug fix for iPhone and iPod.
• Various, smaller, bug fixes.
• Krypton now requires that your iDevice run an iOS version >= 8.

5.0

• Re-add iCloud Drive support.
• Use Touch ID to unlock the Vault.
• iPhone 6 and iPhone 6 Plus aware.
• Update for iOS 8.1.

4.2

• Update for iOS 8.

4.1

• For files encrypted with Krypton for iOS version 4 (or Mac OS/X version 3) and higher, add the ability to change the ciphtertext passcode without having to re-encrypt the file.
• Share and Import have been combined into Action, which includes the Change Passcode feature.
• You can now paste a long and complex passcode via the pasteboard into the encryption and change passcode dialog views. (You must first disable Shred Plaintext in Settings.)
• When importing a Dropbox document into the vault, the item's creation date inherits the Dropbox file creation date.
• You can pencil-edit a plaintext text file once again.

4.0

• Completely re-written to take advantage of features in iOS 6 and later.
• New, more secure encryption format that authenticates your ciphertext via Encrypt-Then-MAC. Thanks to Jeffrey Goldberg of 1Password for his technical writings on the subject.
• Encryption / decryption uses less memory and is approximately 14% faster. To put this in perspective, an iPhone 5S is almost as fast as a current generation iMac!
• Maximum document size increased to 4 GB for 64-bit iOS devices (2 GB for older devices).
• New iPad user interface displays Vault items in a matrix rather than a single column.
• Vault items can be sorted alphabetically either up or down, or re-ordered manually by touching for 1 second and dragging.
• Pull down to poll data sources such as macOS File Sharing and Dropbox to refresh the Vault's contents.
• Like iPad, every iPhone and iPod view can now be rotated.
• Dynamic Type that adjusts most text to your preferred reading size.
• Auto Layout so Krypton is ready for all those rumored larger iDevices!
• Update for iOS 7.1, 64-bit clean.

3.0

• Update for iOS 7.
• Similar to plaintext, ciphertext items are now protected by the device's hardware encryption keys.

2.11

• Add pasteboard support for encrypting a QuickTime movie directly from the Camera roll.

2.10

• One bug fix, but it was a doozy!

2.9

• iOS 6 tested.
• Improved iTunes File Sharing.
• Support for new iPhone and iPod larger screen size.
• With Vault Security enabled, randomize the combination and auto-lock the vault when entering the background.

2.8

• Bug fixes only this time.

2.7

• Add button to refresh Dropbox document list.
• Add ability to download and encrypt Dropbox plaintext documents.

2.6

• Add Dropbox support in lieu of iCloud, using the folder /Apps/Krypton as your ciphertext vault in the cloud.
• More Advanced Kryptonology: ability to export decrypted Zip folders that you manually created.

2.5.1

• Remove support for iCloud documents, per Apple's request. Please refer to the FAQ How do I recover Krypton documents stranded on iCloud? for more information.

2.5

• Do not backup plaintext to iCloud.
• For iPad display plaintext fullscreen rather than in a popover.

2.4

• iCloud document support.

2.3

• Large document support.
• Robust shredder, with activity view.
• Improved memory management and subtle bug fixes.

Topics