{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreignlh3cisj53riqxxrzo6fx4lszffinzrwpexgxpfngl342prj4nq",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mmxvn7hsxed2"
  },
  "path": "/t/should-kryptor-still-be-recommended-on-the-site/30368#post_7",
  "publishedAt": "2026-05-29T05:35:15.000Z",
  "site": "https://discuss.privacyguides.net",
  "tags": [
    "specifically designed",
    "@dngray"
  ],
  "textContent": "I seem to remember age didn’t do the sender authenticity which is what Kryptor was specifically designed to address, so if you’re signing the file you’d still need to use minisign as well.\n\nIn terms of focus/exposure it does **a lot less** than PGP does so, you can expect it to possibly reach a “feature complete” status. Given Samuel’s experience, and the fact that he is still active it may just be very well he hasn’t had to add anything to it. There are not any open issues on this tool or pull requests.\n\njonah:\n\n> I am surprised we don’t recommend age (or minisign) though, I thought we did. This seems to be @dngray’s thing though, so maybe he can elaborate:\n\nThe reason is because we’d need to provide a guide to go along with it, as it’s not an all in one process whereas Kryptor is.\n\nHowever on further look, Kryptor does depend on a vulnerable version of libsodium which will flag CVE analysis tools for CVE-2025-69277. While this may not effect the tool itself, perhaps a guide utilizing age and ssh key signatures is a simpler way to go about it.",
  "title": "Should Kryptor still be recommended on the site?"
}