Krypton is a privacy tool that uses strong encryption to securely protect personal and confidential information resident on your macOS (and iOS) devices. Krypton is not a password manager: it encrypts and decrypts entire folders and documents (text, spreadsheets, images, audio and video, recipes, emails, anything).
Topics
Metaphorically, Krypton keeps your ciphertext items in a special vault, with each item contained in its own deposit box — to gain access to a ciphertext item the vault must be open, and to gain access its plaintext contents the passcode key must be used to unlock the deposit box. For macOS the vault opens upon Log In, while on iOS the vault may be open or closed.
When the vault is open previously encrypted ciphertext items are displayed in alphabetical order, each represented by its name, creation date, size and one of these icons:
The icon describes the location of the ciphertext: a vault ciphertext document resides locally on your macOS or iOS device; an iCloud Drive or Dropbox ciphertext document resides on the cloud and must be downloaded to the vault before it can be decrypted.
Double-clicking a vault ciphertext item performs the default action upon that item:
You can import items into Krypton's vault using the File / Add To Vault (⌘N) menu, dropping files and/or folders onto the vault or the App's dock icon, or from iCloud Drive or Dropbox.
If the imported item is plaintext it's first encrypted and then stored in the vault; already encrypted items are simply copied to the vault, they are not re-encrypted.
Double-click a vault item's Action button to see possible actions, which vary depending on the item's state. For example:
Mail transmits a copy of the ciphertext outside the vault. Delete From ... removes the ciphertext item from the vault or iCloud Drive or Dropbox.
Deleting an iCloud Drive or Dropbox item removes the ciphertext from your device, iCloud Drive or Dropbox and all synchronized computers and mobile devices. Import From ... copies the ciphertext to the vault from iCloud Drive or Dropbox. Export To ... copies the ciphertext from the vault to iCloud Drive or Dropbox. Change Passcode changes the passcode for ciphertext items created by Krypton for macOS version 3, or iOS version 4, and higher. A dialog asks for the item's current and new passcodes. Krypton uses the current passcode to first authenticate the ciphertext, and assuming that is succesful, the passcode change operation commences — for a 1.5 GB file this will take approximately 5 seconds on a Mac Studio.
Because your encrypted file is randomly re-written in-place, you must NOT interrupt the change process. Do not leave Krypton, do not lock your screen or power-off your Macintosh. Doing so will almost certainly lead to irrecoverable data loss.
After a change passcode action successfully completes, cloud-based Krypton items are automatically pushed up to iCloud Drive or Dropbox.
The shredder runs as a background thread, dutifully destroying plaintext data, either yours or intermediate temporary files.
When Krypton shreds an item it first overwrites the file with a pattern of all ones, followed by a second pass of all zeros, before deleting the file. Any files that escape shredding at App termination, for whatever reason, are shredded the next time Krypton runs.
Crypto best practices are constantly evolving, and occassionally Krypton's cipher (encryption algorithm) is strengthened accordingly. Once Krypton has incorporated another cipher all newly encrypted documents are generated in this format, such that, over time, your collection of encrypted documents may encompass several ciphers.
Krypton distinguishes these ciphers using a small LED in the ciphertext item's deposit box. For vault items that are in the cloud and not resident on device the LED is unlit and not visible. Otherwise the LED is lit, and for vault items with the current cipher the light glows green — for vault items encrypted with older ciphers the LED glows orange. Although Krypton will continue to decrypt all past and current ciphers, it is in your best interest to re-encrypt older plaintext with the latest cipher.
iCloud Drive support is controlled by macOS in System Settings... / Apple ID / iCloud Drive. Dropbox support is controlled by Krypton in Krypton / Settings....
Krypton documents on iCloud Drive (or Dropbox) must first be imported before they can be decrypted and viewed. After touching Action and selecting Import From iCloud Drive (or Import From Dropbox)
the item is marked busy until the download completes and the ciphertext is stored in the vault. At that point you use the item as you normally would. If you
delete the vault copy of an iCloud Drive-backed (or Dropbox-backed) document only the vault item is removed. But if you delete the iCloud Drive (or Dropbox) item then the ciphertext is
removed from your device, iCloud Drive (or Dropbox) and all synchronized devices.
To move an item from the vault to iCloud Drive (or Dropbox) touch Action and select Export To iCloud Drive (or Export To Dropbox).
Krypton handles iCloud Drive (and Dropbox) version conflicts simply: the last document pushed to iCloud Drive (or Dropbox) wins. So, if you create encrypted
documents having identical names on two offline devices, then as each device goes online it stores its version of the document on iCloud Drive (or Dropbox); consequently, the
second copy overwrites the first and becomes the true copy.
Krypton distinguishes vault items that have duplicate names by displaying a tiny overlay indicating the item's cloud repository source.
Terminology
The Vault
Import Plaintext and Ciphertext
Vault Actions
The Shredder
Ciphers
iCloud Drive and Dropbox Documents
What's New?
iOS 14.0 - 26.2
iPadOS 14.0 - 26.2
macOS 11.0 - 26.2
visionOS 1.0 - 26.2
26.2 - 2026.01.02
8.2 - 2022.02.25
8.1 - 2021.02.13
8.0 - 2020.09.19
5.2 - 2020.06.09
5.1 - 2019.12.01
5.0 - 2019.11.08
4.7 - 2019.03.22
4.6 - 2018.09.14
4.5 - 2018.01.13
4.4 - 2017.07.23
4.3 - 2017.07.11
4.2 - 2017.05.29
4.1
4.0
3.1
3.0
2.1
2.0
Copyright (©) 2009 - 2026 BigCatOS. All rights reserved. | Contact