Krypton is a modern password-based encryption toolkit written in Rust using Argon2id for key derivation and XChaCha20-Poly1305 for authenticated encryption.
It is designed as a misuse-resistant encryption engine with a versioned binary envelope format and streaming encryption support.
Krypton intentionally avoids legacy cryptographic primitives such as AES-CBC and PBKDF2.
Currently supported:
| Version | Supported |
|---|---|
| 0.x | ✅ Yes |
Until a stable 1.0 release, the project is considered security-focused but evolving.
Krypton relies exclusively on well-established modern primitives:
| Component | Algorithm |
|---|---|
| Key Derivation | Argon2id |
| Encryption | XChaCha20 |
| Authentication | Poly1305 |
| Mode | AEAD |
| Streaming Mode | Chunk-authenticated AEAD |
| Nonce Strategy | Random per message / per chunk |
No custom cryptographic primitives are implemented.
All cryptographic operations are delegated to audited RustCrypto crates.
Krypton is designed to provide:
Encrypted data cannot be read without the correct password.
Any modification of ciphertext is detected during decryption.
Only holders of the correct password-derived key can decrypt messages successfully.
Argon2id protects against offline brute-force attacks.
Large files are encrypted using independently authenticated chunks to prevent corruption propagation.
Krypton protects against attackers who:
- obtain encrypted files
- modify ciphertext
- attempt offline password guessing
- attempt replay or truncation attacks on encrypted streams
Krypton assumes attackers do not control the runtime environment.
The following threats are explicitly out of scope:
Security depends on password strength.
Krypton cannot protect users choosing weak passwords.
If the operating system is compromised:
- memory contents may leak
- passwords may be captured
- decrypted plaintext may be exposed
Timing attacks, cache attacks, and power-analysis attacks are outside the scope of this project.
Krypton reduces exposure from residual secret material by zeroizing sensitive buffers after use, but it does not claim full protection against a compromised host, live memory inspection, or swap capture.
Each encrypted file contains:
- magic identifier
- version byte
- cipher identifier
- KDF identifier
- salt
- nonce(s)
- authenticated ciphertext
- authentication tag
This structure ensures:
- forward compatibility
- algorithm agility
- tamper detection
- format validation prior to decryption
Streaming encryption uses:
- independent per-chunk nonces
- independent authentication tags
- chunk boundary verification
This ensures:
- safe multi-GB encryption
- corruption isolation
- truncation detection
- replay resistance within stream structure
Krypton uses randomly generated nonces per encryption operation and per streaming chunk.
Nonce reuse is avoided by design.
XChaCha20's extended nonce size significantly reduces misuse risk.
Krypton depends on:
- RustCrypto AEAD crates
- Argon2 reference implementation (RustCrypto)
- rand_core secure randomness
These libraries are widely used and actively maintained.
Users should:
- choose strong passwords
- protect decrypted plaintext
- avoid storing passwords in plaintext scripts
- use environment-variable secrets for automation
- rotate encrypted files if compromise is suspected
Sensitive buffers including:
- password material
- derived symmetric keys
- streaming chunk buffers
are cleared from memory using the zeroize crate after use to reduce exposure risk from memory disclosure attacks.
If you discover a security issue, please report it privately.
Preferred disclosure method:
GitHub Security Advisory (recommended)
or open an issue labeled:
security
Please include:
- description of the issue
- reproduction steps
- expected vs observed behavior
- environment details
Responsible disclosure is appreciated.
Planned improvements include:
- memory zeroization hardening
- envelope fuzz testing
- streaming format verification tests
- key-based encryption API
- optional hardware-backed key support
- formal cryptographic review preparation
- deterministic envelope validation harness
Krypton has not yet undergone formal third-party cryptographic audit.
It is intended as a security engineering project demonstrating modern cryptographic design practices.