Home Download Video Gallery Feedback Donate Share Feature-Requests Business DE

Welcome to the official CrococryptFile Homepage:
An Open-source File encryption


CrococryptFile Offline Training Course as free Windows Software available

Added on 05/26/2017 by Frank Hissen

HissenIT published the existing and freely available online video training course "File Encryption Basics and Practices with CrococryptFile" now also as offline version as a portable Windows software - using its in-house application framwork. Since it contains HD video, the portable extractor setup is ~125MB in size and the extracted application needs ~250MB of disk space. continue

Open-source File encryption software CrococryptFile 1.5 released - New crypto suites and crypto settings

Added on 01/13/2017 by Frank Hissen

HissenIT released a new version of the file archive encryption tool CrococryptFile. Three new crypto suites using Twofish, Serpent, and Camellia are included. Moreover, the hash iteration count in case of password-based encryption following PBKDF2 is now selectable by the user (which is backward compatible). continue

German PCWorld counterpart recommends CrococryptFile in online article

Added on 09/18/2016 by Frank Hissen

In the article called "Security Tools: Secure Windows 10", CrococryptFile is shortly described and recommended. continue


CrococryptFile is a file encryption tool which creates encrypted archives of arbitrary files and folders.


The encryption features of CrococryptFile can be compared to a ZIP utility that uses ZIP's AES encryption. However, there are significant differences. CrococryptFile...

A *.croco file solely shows that it is indeed a CrococryptFile archive and which crypto suite (e.g., password-based AES-256 encryption) is used.

Moreover, headerless or cloaked files are supported. Using a freely selectable iteration count in case of password-based encryption, this is especially useful for, e.g., file backups or file archives stored in Cloud storage.


CrococryptFile and all its clients are open-source. The GitHub repository can be checked out here.

CrococryptFile is based on the Java technology to enable maximum flexibility for arbitrary platform use cases including clients and servers.

Use Cases

Please see the gallery for the best way to start getting an impression of the functions of CrococryptFile.

CrococryptFile currently runs under Windows (XP and up), Linux, Mac (untested) and offers a Web-based decryption application.

Moreover, CrococryptFile has a commandline interface that can be used without any GUI, to trigger the GUI or to be used in scripts. CrococryptFile does not need a GUI operating system. Its API or commandline interface can also be used on servers or in applications.

Windows: Explorer integration

By using the Windows-Setup CrococryptFile becomes integrated into the Windows Explorer context menu (vgl. Screenshots). Multiple files and directories can be selected at once and by using the context menu option Send to... can be save to a single archive by CrococryptFile. It ships also with an uninstaller which cleans your Windows installation from CrococryptFile if you wish.


The Web-based decryption application in its default set-up is running on a free instance of Google's App Engine (GAE):
CrococryptFile WebDecrypt.

The WebDecryptor is stateless, does not cache files, has no database and is no file exchange platform. It is simply a web-based version of the decryption mechanism of CrococryptFile. It can be used to send encrypted archives to other people and offer an easy way to decrypt these. At the moment, only password-based encryption suites are supported for the WebDecryptor. The GAE version limits uploaded files to 10MB.

If you are a company or don't trust this installation, you can download a standalone-version of WebDecrypt which is based on the Jetty Webserver. Don't forget to enable TLS/SSL. Moreover, you can use the open-source WebDecrypt Java servlet package to integrate it into your own application.

Note: The GAE installation is unfortunately a bit slow regarding cryptographic operations.


The architecture of CrococryptFile does not limit the trust anchor technology to just password protected files. In fact, any trust source can be implemented and used. For instance under Windows, X.509 RSA certificates if featured in the Windows keystore can be used to create an encrypted archive. In the future, other technologies might be integrated, like PKCS #11. Although the default encryption algorithm is AES, CrococryptFile is not limited to use only AES in future versions.

When password-based encryption is used, the default implementation uses PKCS #5 (PBKDF2) with a SHA512-HMAC and currently strong 100000 iterations as default setting. However, the user is able to choose the number of iterations as well. The iteration count is not hard-coded in the software but written into the archive. Hence, future changes allow for enhanced or user-based iteration counts by still being downward compatible.

If you are interested in details about the encryption scheme, please take a look at the sources. The short description would be the following. Every .croco-archive is (currently) encrypted using AES-256. The file index and all included files/folders are completely encrypted using AES in CBC mode. For each new archive, a new AES key is generated. This key is then encrypted using a trust anchor, like a PBE or an RSA certificate (Windows). So basically, a .croco-archive starts with a plain header (info about the file and the crypto suite, e.g., PBE), an encrypted header (including the AES key), the encrypted dump of files, and the encrypted index.

Crypto Suites

The following crypto suites are currently included:

We have written a short article to describe how cloaked files work.

Potential Features / Roadmap

The following features are possible for future versions:


Further Documentation

We created a free Video-based Training Course about the usage of CrococryptFile and a little background on encryption basics.

Commercial Support

Are you seeking commercial support? Feel free to contact us and talk about corresponding possibilities for your case: Contact.