| Concept & Brand | Interface Overview |
|---|---|
 |
 |
| brand & animation | File Management |
| Advanced Security | Deep Customization |
|---|---|
 |
 |
| Multiple encryption algorithms | Themes & Personalization |
CrytoTool respects the people behind the screen. It's a four-in-one, client-side encrypted file manager, gallery, music player, and document viewer where your privacy comes first: no tracking, no ads, no data collection.
File names, tags, and metadata are encrypted — not just file contents. It works independently of the operating system, fully sandboxed.
CrytoTool is compliant with the Protocol-3305 and respects all its principles.
CrytoTool uses a 100% client-side architecture with 4 layers of encryption:
| Layer | What it does | Key detail |
|---|---|---|
| 1. Database Encryption | Auto-encrypts every file in IndexedDB | AES-256-GCM, keys from Master Password via Argon2id |
| 2. File & Folder Encryption | Manual encryption with 6 algorithms | AES-GCM, XChaCha20-Poly1305, ChaCha20-Poly1305, AES-CTR, Salsa20-Poly1305, AES-GCM-Stream |
| 3. Encrypted Backup | Creates secure backups of all data | PBKDF2-SHA256 + AES-256-GCM, unique 26-char key |
| 4. Streaming Encryption | Handles large files on any device | 4MB chunks, AES-GCM per chunk, safe for low-RAM devices |
For full technical details, consult the Technical Architecture.
The main problem that CrytoTool solves is that most file managers do not provide real security, everything is a facade, only with the system password can you access the most sensitive data. CrytoTool solves this problem through an isolated system and multiple layers of security.
The second problem it solves is that most people are tired of having different apps for everything, especially in a file manager where you should have everything, look here we come — we offer gallery, music, documents and others in the future.
The third and last problem we solve is that most file managers do not give you the option to choose from multiple encryption algorithms. CrytoTool gives you the option to choose from six encryption algorithms.
Security
- Master Password (30+ characters): Secure your entire vault with a strong master password (minimum 30 characters).
- Progressive Lockout: The app automatically locks for increasing durations after multiple failed password attempts.
- Settings Password: A separate, dedicated password with capability to protect sensitive settings this option is optional
- Self-Destruct: self-destruction of the database after incorrect attempts of the Master password configurable this option is optional
- Auto-Lock & Visual Obfuscation: The app can automatically lock and blur the screen after a period of inactivity.
- Unique Key Per File/Folder: Each file and folder is encrypted with its own unique encryption key, stored securely in the vault with progressive lockout protection.
- PIN Blacklist: Common and weak PINs are blocked from use, preventing easy-to-guess combinations.
- Encrypted Backup Key: Backups are protected with a unique, separate encryption key
Recovery
- 10 Recovery Codes: Generate 10 unique, single-use codes for emergency vault access.
- Unique Reset Token: A single-use recovery token that allows you to reset your master password without losing your data.
- Encrypted Backups: Create fully encrypted backups of all your data.
file management
- IndexedDB Encryption: Files are automatically encrypted using AES-256-GCM with keys derived from your Master Password via Argon2id. For more details, see the Technical Architecture (Section 1).
- Metadata Encryption: File names, tags, artist, album, and other sensitive metadata fields are encrypted using AES-256-GCM with the vault key. Metadata is stored as a single encrypted JSON blob alongside each file entry. See metadataCrypto.ts.
Manual & Streaming Encryption
- Multi-Algorithm Support: Encrypt files manually with 6 algorithms — AES-GCM, XChaCha20-Poly1305, ChaCha20-Poly1305, AES-CTR + HMAC, Salsa20-Poly1305, and AES-GCM-Stream for large files.
- Vault Key Storage: Store generated encryption keys in an encrypted vault, categorized for easy access.
- Streaming Encryption: Handles large files (600 MiB+) in 4 MB chunks with AES-GCM per chunk — safe for low-RAM devices.
Deep Customization
- Theme Gallery & Accent Colors: Personalize the app's appearance with a rich theme gallery and a custom accent color picker.
- Multi-Language Support: The interface is available in over 50 languages to provide a native experience for people worldwide.
Explore these guides to understand our project's principles, technical design, and how you can get involved.
- Code of Conduct Our pledge to maintain a harassment-free and inclusive community.
- Contributing Guide Instructions on how to contribute to the project.
- License AGPL-3.0 license under which this software is provided.
- Security Documentation Threat model, attack surface, and audit guidelines.
- Technical Architecture A deep dive into the technical design and encryption model.
- UI/UX Design Standards Design rules, terminology (people not users), visual language, accessibility, and i18n standards.
- API Documentation Public APIs for crypto services, database, and utilities.
- Development Guide Setup, workflows, and coding standards for developers.
- Release Guide How to create releases for web, desktop, and mobile.
- Changelog History of versions and changes.
Thanks to everyone who has contributed to making CrytoTool better.
Want to see your name here? Check the Contributing Guide to get started.
CrytoTool is built on the shoulders of giants. We are deeply grateful for these open-source projects and standards:
- Web Crypto API — AES-256-GCM encryption, random IV generation, and CryptoKey management. The heart of every encryption operation in CrytoTool. Built into the browser — no third-party code needed for the most critical operations.
- hash-wasm — Argon2id implementation for master key derivation (128 MB memory, 4 iterations)
- libsodium-wrappers — Audited ChaCha20, XChaCha20, Salsa20, and BLAKE2b primitives
- NIST SP 800-38D — The AES-GCM standard that governs our encryption
- Tauri — Secure, lightweight desktop backend (Rust + WebView)
- React — UI library
- TypeScript — Type safety across the entire codebase
- Vite — Build tool and dev server
- Tailwind CSS — Utility-first CSS framework
- Framer Motion — Animation library
- Lucide — Beautiful icon set
- Heroicons — Icon set by the Tailwind team
- Fontsource — Self-hosted open-source fonts (20 font families)
- Protocol-3305 — The foundational protocol guiding our privacy-first principles
We do not need your money. We need your voice.
Our mission is to build software that respects people, and that mission can only succeed if people know there is a better way. If you believe in this project, the most valuable contribution you can make is to share it.
Talk about it. Write about it. Show it to your friends. Help us prove that a private, secure, and respectful internet is not only possible—it's necessary.
🇷🇴 Made with ❤️ in România
AGPL-3.0 License