Krypter Command Line Reference: Flags, Syntax, and ExamplesKrypter is a fictional (or unspecified) command-line encryption tool in this reference. This guide covers typical command-line options, common syntax patterns, practical examples, and recommended workflows. If you’re using a real product named Krypter, commands and flags may differ — consult that product’s official docs for exact behavior. Below, “krypter” is used as the command name.
Overview
Krypter is designed to encrypt and decrypt files, manage keys, sign and verify data, and integrate with scripts for automation. Typical features include symmetric and asymmetric encryption, password-based encryption, key generation and storage, streaming support for large files, and options for output formatting (binary, base64, armored).
General syntax
Basic structure:
krypter [global options] <command> [command options] [arguments] - Global options apply to all commands (verbosity, config file, profile).
- Commands are primary actions like encrypt, decrypt, gen-key, sign, verify, inspect.
- Command options adjust the behavior of a specific command.
- Arguments are files, directories, or identifiers (key IDs, recipients).
Common global options
--help, -h Show help and exit --version Show version and exit --config <file> Use specified config file --profile <name> Use a named profile from config --verbose, -v Increase verbosity (repeat for more verbose) --quiet, -q Suppress non-error output --no-color Disable colored output Key management commands
gen-key
krypter gen-key [--type rsa|ed25519|x25519|aes] [--size <bits>] [--name <keyname>] [--passphrase] [--output <file>] - –type: choose asymmetric algorithm (rsa, ed25519, x25519) or symmetric (aes).
- –size: key size for RSA (2048, 4096).
- –name: human-friendly name or identifier for the key.
- –passphrase: prompt to protect private key with passphrase.
- –output: write key to file (default: keystore).
import-key
krypter import-key --file <path> [--name <keyname>] [--format pem|pkcs12|kry] [--passphrase <pass>] export-key
krypter export-key --id <key-id|name> [--public|--private] [--output <file>] [--format pem|kry] [--no-passphrase] list-keys
krypter list-keys [--all] [--type public|private|symmetric] delete-key
krypter delete-key --id <key-id|name> [--force] Encrypt / Decrypt
encrypt (asymmetric, for recipients)
krypter encrypt --recipient <id|pubkey-file> [--armor] [--output <file>] [--encrypt-algo aes-256-gcm] <input-file> - –recipient: one or multiple recipients; can be repeated.
- –armor: output ASCII-armored (base64) instead of binary.
- –encrypt-algo: choose symmetric cipher used for data (default: AES-256-GCM).
- If input is omitted or
-is used, reads from stdin.
Example:
krypter encrypt --recipient [email protected] --armor -o secret.txt.kry secret.txt encrypt (password-based)
krypter encrypt --passphrase [--armor] [--output <file>] <input-file> - Prompts for passphrase if none provided; supports env var or stdin passphrase via
--passphrase-file.
decrypt
krypter decrypt [--passphrase] [--output <file>] <input-file> - Automatically selects correct private key if available. Use
--key <id>to specify. - Example:
krypter decrypt -o secret.txt secret.txt.kry
Streaming example (stdin/stdout)
cat secret.txt | krypter encrypt --recipient bob | krypter decrypt --key mykey > secret_out.txt Signing and verification
sign
krypter sign --key <id|name> [--detached] [--output <file>] <input-file> - –detached: create a detached signature file.
- –output: signature filename (default: append .sig).
verify
krypter verify --signature <sig-file> [--key <pubkey-file|id>] <input-file> - Returns exit code 0 for valid signature, non-zero otherwise. Use
--verboseto see signer info.
Example (detached)
krypter sign --key alice@me --detached -o secret.txt.sig secret.txt krypter verify --signature secret.txt.sig --key alice.pub secret.txt Inspecting files and metadata
info
krypter info <encrypted-file> Shows metadata: recipients, cipher, key IDs, creation time, compression used, whether armored, etc.
headers
krypter headers <file> # show low-level packet/header info Advanced options
–compress
–armor-level
–chunk-size
Exit codes and error semantics
- 0 — success
- 1 — general error (invalid args, missing files)
- 2 — key not found
- 3 — decryption failed (bad key/passphrase/auth tag)
- 4 — verification failed (signature invalid)
- >128 — fatal internal error / crash
Examples and use cases
-
Encrypt a file for multiple recipients (binary output)
krypter encrypt --recipient alice --recipient bob -o project.enc project.tar.gz -
Encrypt with a passphrase and ASCII armor (share via email)
krypter encrypt --passphrase --armor -o note.asc note.txt -
Generate an RSA 4096 key and export public key
krypter gen-key --type rsa --size 4096 --name "work-key" krypter export-key --id "work-key" --public --output work-key.pub.pem -
Sign a release tarball with detached signature
krypter sign --key release-key --detached -o release.tar.gz.sig release.tar.gz -
Decrypt streaming data from stdin
curl -s https://example.com/secret.kry | krypter decrypt --key mykey > secret -
Reproducible encrypted output (useful for build systems)
krypter encrypt --recipient ci --mtime 0 --deterministic -o artifact.kry artifact.bin
Scripting tips
- Use exit codes in scripts to branch on success/failure.
- For automation, store private keys in a secure keystore and protect with passphrases or agent-based unlocking.
- Avoid passing passphrases on the command line; use passphrase files with strict permissions or an agent.
- Use
--armorwhen sending over text-only channels; prefer binary for local storage to save size. - Combine
--infowithjq-like parsers if Krypter can emit JSON metadata (krypter info --json file).
Security considerations
- Prefer authenticated encryption modes (AES-GCM, ChaCha20-Poly1305).
- Ensure private keys and passphrase files have restrictive file permissions (chmod 600).
- Use strong, unique passphrases and consider a hardware security module (HSM) or OS keychain for private keys.
- Validate recipient public keys’ fingerprints out of band before trusting them.
- Be cautious with deterministic mode — while useful for reproducibility, it can leak metadata patterns.
Troubleshooting
- “Decryption failed”: check correct private key, passphrase, and whether file is corrupted. Use
krypter infoto inspect. - “Key not found”: run
krypter list-keys --allandkrypter import-key. - “Signature invalid”: verify you used the right public key and that the signature file matches the data (no transfer corruption).
- Permission errors: ensure files (key files, output) are writable and accessible.
Comparison with similar tools
| Feature | Krypter (this guide) | OpenSSL | GPG / OpenPGP |
|---|---|---|---|
| Symmetric & asymmetric | Yes | Yes | Yes |
| Easy recipient model | Yes | No (manual) | Yes |
| ASCII armor | Yes | Yes | Yes |
| Reproducible encryption | Yes (deterministic) | Limited | No (by default) |
| Key management built-in | Yes | Minimal | Complex/robust |
Concluding notes
This reference provides a comprehensive, practical overview of a command-line tool named krypter. Adapt flags and workflows to the real implementation you use. If you want, I can convert these examples into a manpage-style document, generate bash/zsh autocompletion snippets, or produce PowerShell equivalents.
Leave a Reply