Deterministic syncable/diffable encryption, for files or pipes.

crype is a tool providing rsyncable deterministic-encryption (like rsyncrypto for pipes). It encrypts data using a common decision function over plaintext, allowing rsync-like tools to still work efficiently over the encrypted data. It uses HMAC-SHA1-PBKDF2 and the ChaCha stream cipher.

Compression is also implemented, as this improves both portabiity and rsyncability compared to a separate gzip --rsyncable pass.

See crype --help for usage instructions. Binaries are provided for 32-bit Windows, 32-bit Cygwin, and 64-bit Debian 7.


Source code is made available freely under the terms of the ISC license. The source code distribution includes library code under {public-domain, BSD, Unlicense} licenses.

The provided binaries are likewise freely redistributable for any purpose.


  • Reduce peak memory usage by using stream functions for decompression
  • Parallel compression/encryption
  • Distro packages, static binaries


2014-05-24: r59

  • Add file header for version compatibility detection
  • Add plaintext comment to file header
  • Allow configuring compression level
  • Support Debian 7 (amd64)
  • Support Cygwin (i386)
  • Security: Improve security by switching chunk IVs based on truncated plaintext HMAC (incompatible change)
  • Security: Read encryption passwords from file
  • Security: Warn when reading encryption password from argument
  • ⬇️ (205.77 KiB)

2014-05-14: r30