Personal Privacy Agent
Krypton for macOS is a privacy tool that uses strong encryption to securely protect personal and confidential information resident on your Apple computer, iPod touch, iPhone and iPad. Krypton is not a password manager: it encrypts and decrypts entire folders and documents (text, spreadsheets, images, recipes, emails, anything).




The Vault

Metaphorically, Krypton keeps your ciphertext items in a special vault, with each item contained in their own deposit box; to gain access to a ciphertext item the vault must be open and the passcode key must be used to unlock the deposit box before you can discern the plaintext contents inside. In iOS the vault may be open or closed, while on macOS the vault opens upon Log In. When the vault is open ciphertext items are displayed in alphabetical order, each represented by its name, creation date, size and one of these icons:

Safety Deposit Box Image

A vault document resides on your Macintosh; an iCloud Drive or Dropbox document resides on the cloud and must be downloaded to the vault before it can be decrypted. Double-clicking a vault item performs the default action upon that item: for a vault document the decryption process is initiated; for an iCloud Drive or Dropbox document it is imported and a copy is stored in the vault.

To encrypt a document and add it to the vault use the File menu item Add To Vault (⌘N).

Safety Deposit Box Image

For further actions, double-click a vault item's Action icon. Here, for the C header file HelpWindowController.h, we can share or delete it from the vault, upload it to iCloud Drive or Dropbox, decrypt it, and change its passcode.

Safety Deposit Box Image


Decrypt Ciphertext

To decryypt a ciphertext item simply double-click it. Krypton asks where to store the plaintext and prompts for the item's passcode, then decodes the ciphertext. Unlike the iOS version of Krypton that automatically opens a viewport to display the plaintext, you are responsible for manually opening the plaintext file.


Import Ciphertext and Plaintext

You can import items into Krypton's vault using the File / Add To Vault (⌘N) menu, dropping a single file/folder onto the App's icon or vault, or from iCloud Drive or Dropbox. Note: if the imported item is plaintext it's encrypted and then stored in the vault.

You can import/encrypt any number of files and/or folders via the File / Add To Vault (⌘N) menu. You are asked once for a passcode that is used to encrypt all the chosen items. Already encrypted items are simply copied to the vault, they are not re-encrypted.

Finally, double-clicking an iCloud Drive or Dropbox document or selecting the action Import From iCloud Drive or Import From Dropbox copies the ciphertext document to the vault.


Share Ciphertext

You can share ciphertext items in the vault by double-clicking the Action icon and selecting Share from the list of actions.


Delete Ciphertext

To remove an item from the vault double-click the Action icon and select Delete. Deleting an iCloud Drive (or Dropbox) item removes the ciphertext from your device, iCloud Drive (or Dropbox) and all synchronized computers and mobile devices.


Ciphertext Encryption Strength Levels

Crypto best practices are constantly evolving, and occassionally Krypton's encryption algorithm is strengthened accordingly. Once Krypton has incorporated a stronger encryption methodology all newly encrypted documents are generated in this format, such that, over time, you may collect a mixture of encrypted documents of various security strength levels.

Krypton indicates this strength level using a small LED in the ciphertext item's deposit box door. For vault items that are in the cloud and not resident on the device the LED is unlit and not visible. Otherwise the LED is lit, and for vault items with the highest security level the light glows green. For vault items encrypted with an older algorithm the LED glows orange; but keep in mind that this does not mean the item is insecure, only less secure relative to Krypton's latest encryption standard. Although we guarantee that in the future Krypton will decrypt a document of any security level, it is in your best interest to re-encrypt older items with the latest encryption algorithm: the higher the security level the better.

Alert Image


Change Passcode

You can change the passcode for ciphertext items created by Krypton for macOS version 3, or iOS version 4, and higher. Touch Action, select Change Passcode, and enter your current and new passcodes. Krypton uses the current passcode to first authenticate the ciphertext, and assuming that is succesful, the passcode change operation commences. For a 4 GB file this will take approximately 2 minutes on a fast iMac ... if you do not have a few minutes to spare do not attempt a passcode change!


Because your encrypted file is randomly re-written in-place, you must NOT interrupt the change process. Do not leave Krypton, do not lock your screen or power-off your Macintosh. Doing so will almost certainly lead to irrecoverable data loss.


After a change passcode action successfully completes, cloud-based Krypton items are automatically pushed up to iCloud Drive (or Dropbox).


iCloud Drive and Dropbox Documents

iCloud Drive support is controlled by macOS in System Preferences / Apple ID1 / iCloud Drive / Options. Dropbox support is controlled by Krypton in Krypton / Preferences.

1 In older versions of macOS click the iCloud preference item here instead.

iCloud Image

Krypton documents on iCloud Drive (or Dropbox) must first be imported before they can be decrypted and viewed. After touching Action and selecting Import From iCloud Drive (or Import From Dropbox) the item is marked busy until the download completes and the ciphertext is stored in the vault. At that point you use the item as you normally would. If you delete the vault copy of an iCloud Drive-backed (or Dropbox-backed) document only the vault item is removed. But if you delete the iCloud Drive (or Dropbox) item then the ciphertext is removed from your device, iCloud Drive (or Dropbox) and all synchronized devices.

To move an item from the vault to iCloud Drive (or Dropbox) touch Action and select Send To iCloud Drive (or Send To Dropbox).

Krypton handles iCloud Drive (and Dropbox) version conflicts simply: the last document pushed to iCloud Drive (or Dropbox) wins. So, if you create encrypted documents having identical names on two offline iDevices and/or Macintoshes, then as each device connects to the Internet it stores its version of the document on iCloud Drive (or Dropbox); consequently, the second copy overwrites the first and becomes the true copy.

Krypton distinguishes vault items that have duplicate names by displaying a tiny overlay indicating the item's cloud repository source.

Cloud Name Resolution

The vault's contents are generally updated automatically, but you can force an iCloud and Dropbox refresh with the command File / Refresh Vault List (⌘R)


Shred Plaintext

When Krypton shreds a plaintext item it first overwrites the file with a pattern of all ones, followed by a second pass of all zeros, before deleting the file.


What's New?

8.2 - 2022.02.25

8.1 - 2021.02.13

8.0 - 2020.09.19

5.2 - 2020.06.09

5.1 - 2019.12.01

5.0 - 2019.11.08

4.7 - 2019.03.22

4.6 - 2018.09.14

4.5 - 2018.01.13

4.4 - 2017.07.23

4.3 - 2017.07.11

4.2 - 2017.05.29








Copyright (©) 2009 - 2022 BigCatOS. All rights reserved.   |   Contact