seems like the project is well and alive. should i package it as a NixPkg for you?

[Neon-44]

like the title said. should i package it as a NixPkg for you?
i would gladly package it as a NixPkg for you (if you are continuing to patch security vulnerabilities, obviously), because i really like the idea.
i just set up GnuPG, when i learned that that's not really a recommended software anymore. after trying age and rage(rewrite in rust), i stumbled across this over on privacyguides.
i really like the idea of having one key for everything. (although it is somewhat of a ecosystem-lock-in, hmmm 🤔 )

[samuel-lucas6]

That would be awesome, thank you!

Yes, the project is still maintained, although I haven't got around to much development lately due to my master's course.

Glad you found Kryptor. May I ask what you mean by one key for everything? You have to generate a separate key pair for signing, which was a deliberate design decision to avoid reusing a key for multiple purposes.

As for ecosystem lock-in, that will unfortunately always be the case with different tools rather than an agreed upon standard, and standards often don't work because there's disagreement on how things should be done and pros/cons to every approach. Take the number of messaging apps for example. Kryptor is certainly not capable of being a standard, and there are things I would change if I could go back and start from scratch. I may eventually write a separate, much simpler tool.

[Neon-44]

alright, i have a problem with packaging it, as it doesn't find the solution file. i have asked on the NixOS subreddit, maybe i'll be able to package it. i'll keep you updated

Yes, the project is still maintained, although I haven't got around to much development lately due to my master's course.

haha, no worries, i just don't wanna be the guy who has to go there next week and be like "hey, remember that package i just submitted? yeah, it has been deprecated. maybe we should remove it again"

Glad you found Kryptor. May I ask what you mean by one key for everything? You have to generate a separate key pair for signing, which was a deliberate design decision to avoid reusing a key for multiple purposes.

oh yes, bad wording on my end, haha. i meant that i only have to interface one key-directory (home/user/.kryptor) and one program.

As for ecosystem lock-in, that will unfortunately always be the case with different tools rather than an agreed upon standard, and standards often don't work because there's disagreement on how things should be done and pros/cons to every approach. Take the number of messaging apps for example. Kryptor is certainly not capable of being a standard, and there are things I would change if I could go back and start from scratch. I may eventually write a separate, much simpler tool.

don't worry, i was mostly just joking. the only thing that i thought about is that with age + minisign i could just switch out age if it had a security flaw and continue signing with the same minisign key. but that seems to be less secure because they're two seperate "modifications" instead of just one.

speaking of it, i have a question:
age + minisign seems to be not recommended to send files, because they are two different "modifications" layered on top of each-other and the top one can just be removed and replaced with one of your own, meaning you could either re-encrypt a signed file for someone the message was not intended for or re-sign an encrypted message that's not yours as yours.

not that it is anywhere close to what i need for my threat model, but i like playing around with cool tools.

Edit: here's the question i posed on Reddit: https://www.reddit.com/r/NixOS/comments/11bfaia/need_help_packaging_dotnet_application_error/

[Neon-44]

alright, i have somewhat given up with building it, and instead am going to just package the binary you built and uploaded to GitHub.
however, i can't run the pre-built binary, as i get an error.this happened with the one i directly downloaded as well as with the one i packaged. i have opened the issue #59.
other than that it is almost completely packaged and can be uploaded to the repository.