Frank Miller
George Orwell

Frequently Asked Questions

Text Search: [CTRL]+[f]


  1. The software deserved an appropriate name. The most important property is One-Time Pad Encryption which can't be broken
    Non OTP encryption algorithms will be broken over time. OTP encryption truly is final. Therefor it was named FinalCrypt

  2. Imagine strangers invading your house, closely observing you and your family members in detail, searching through all your papers and correspondence
    In real life this would never be tolerated, but on our computers and cell phones we have no clue. Big Tech knows that you don't know and gets away with it

    In most countries privacy is a constitutional right, because it is a very reasonable Human Right by Article 8

  3. Because Creative Commons License - Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)
    legally protects FinalCrypt from people building in back-doors and release a malicious version of FinalCrypt to the public

    The more popular GPL3 license does not protect software and users against malicious changes being released to the public

    Changing the FinalCrypt source code for personal use is allowed of course

  4. No, that's private, but FinalCryot's IP address and User Agent String is logged on every Check Update
    When FinalCrypt checks for updates it fetches the VERSION2 file just like every Browser would do that
    This is how we know how many users there are and what FinalCrypt Version runs on what Operating System
    Further than that nothing else is gathered or uploaded

  5. FinalCrypt is a fulltime job with years of research and development on a Non-Profit Basis
    On top of that supporting individual users takes many more hours of my time also Non-Profit
    I'm not complaining and glad I can help people, but I've got no finacial means to advertise
    Searching words like "Free Encryption Software" on Search Enigines poorly matches FinalCrypt
    Sharing FinalCrypt with others helps people finding FinalCrypt to protect their privacy

  6. Yes, all FinalCrypt releases are uploaded to VirusTotal to be scanned for malicious software at 70 anti-virus companies
    Please feel free to check FinalCrypt your self for spyware or malware any way you wish or Test FinalCrypt Checksums here

  7. Yes absolutely, there are a number of voluntary roles available:

    Web Hosters to host and mirror the FinalCrypt website
    Translators to translate FinalCrypt to other languages
    Ambassadors to promote and create public attention for FinalCrypt
    Test Engineers to test FinalCrypt on different systems (where possible)
    Security Engineers to find possible exploits and vulnerabilities in FinalCrypt
    Support Engineers to support FinalCrypt users on different systems (where possible)

    Please contact me if you wish to volunteer: Email | Telegram

  8. Every “thank you” is really appreciated, but FinalCrypt depends on users spreading the word as I don’t have the financial means to advertise
    I don't accept donations, but please thank me by sharing online. FinalCrypt is also a public protest telling “Big Brother” enough is enough!


  1. All the major Operating Systems are supported

    Microsoft Windows: XP, Vista, 7, 8, 10 etc.
    Apple OSX 10.7.3 or higher
    Linux (many distribution)
    BSD: FreeBSD, GhostBSD (OpenJFX)
    Solaris x64
    Solaris Sparc
    HPUX (best effort)
    AIX (best effort)

    The major Mobile Operating Systems are not supported

    Apple IOS
    Google Android
    Windows Mobile

    The non major Mobile Operating Systems are best effort supported

    Librem PureOS
    Plasma Mobile

    If anyone has the opportunity and wants to test FinalCrypt on PureOS or Plasma Mobile then you're more than welcome to ask for support

  2. The short answer is in the Key Directory (selected on the right panel)
    Just remember: Key File = [Key Directory] + [Full Path Encrypted File]

    Here is an example:

    Encrypted File: C:\Users\steve\Documents\My secret loveletter.doc.bit
    Key Directory : D:\KF\
    Auto Key File : D:\KF\C\Users\steve\Documents\My secret loveletter.doc.bit

    Click the Key Match or Key Write num field to print the correlated key file

    If your target files moved to another location (for whatever reason) and FinalCrypt can't match any keys then there's a trick to find the expected key location
    Copy an unencrypted file (with a File Manager) to FinalCrypt's Target Directory (left side) and select it as a target and verify youy Key Directory (right side)
    Click on the Key Write number showing [1]. to print the path of the key that will be created for this file. That's where the keys of the encrypted files should be

  3. Your Key Directory holds your One Time Pad Key Files which are automatically created and selected
    The first time you use FinalCrypt you can select any empty directory as your (Auto) Key Directory
    It's highly recommended that your Key Directory of choice is stored on a fast external USB drive
    Every time you start FinalCrypt you go into that same Key Directory (on the external USB drive)

    More information on: how Automatic Keys works

    It is highly recommended that you also set a password when encrypting in case your key files are lost / stolen.

    Backup your encrypted files AND key files together on an external (USB) drive
    For more info please see: "How do I best backup my encrypted files and key files ?"

  4. Please don't use the Manual Create Key Mode anymore as Automatic Key Mode has become the standard for some time now
    From version 5.6.2 the Create Key Button was removed to prevent confusion on how to use FinalCrypt's Automatic Keys

    An invisible link appears when hovering over the "Select One-Time Pad Key Dir" Label to create manual keys (if needed)

    Create Manual Key
    Here is some history on FinalCrypt Keys:

    Initially FinalCrypt started without Key Generator, allowing users to select personal images and videos as key files
    The idea was that even supercomputers couldn't guess (render) all combinations until it bit accurately got a picture of me and my cat

    Crypto experts then said that FinalCrypt was actually a sort of One-Time Pad Encryption breaking OTP rules because of two reasons:

    1. Personal images or videos are NOT truly random
    2. Re-use of keys (1 key encrypting multi files) causes drastic deduction of random key patterns making encrypted files vulnerable

    In version 2.6.0 I added the Create Key button with a cryptographically strong random number generator to comply with One-Time Pad security
    In version 5.0.0 I added Automatic Key generation, which allowed FinalCrypt to (batch) encrypt all files with One-Time Pad security by default

  5. FinalCrypt uses the Oracle java.security.SecureRandom class as its cryptographic random number generator
    Oracle's java.security.SecureRandom is FIPS140-2 & RFC1750 compliant and generates non deterministic output
    However, in every external dependency hides a potential uncertainty, which is why extra precautions have been taken
    FinalCrypt extra seeds and encrypts two SecureRandom streams with each other to generate even more secure random output
    This costs 25% in performance, but the product of these extra precautions add an extra layer of random security to the keys
    In 2013 it was confirmed that the NSA inserted a backdoor in the NIST certified cryptographically secure pseudorandom number generator
    Breaking encryption is the NSA's core business, therefor (as a cryptographic software developer) you can never be too cautious!

  6. Using a password is optional, but highly recommended in case your key-files are lost or stolen
    The optional password effectively encrypts your files twice (multi key encryption) in addition to OTP key encryption

    When someone finds your encrypted files (encrypted without password), together with your key files then they could simply decrypt them
    When you encrypt your files with an optional password then your encrypted files still can't be decrypted with only your lost / stolen key-files

  7. Yes FinalCrypt can decrypt across different Operating Systems and File Systems

    However, UNIX systems (such as Apple OSX and Linux) mount file-systems at different locations
    which causes the directory structure of encrypted files to change, going from one system to another
    FinalCrypt then can't find the keys anymore as it expects encrypted file paths to be identical to the key file paths underneeth the Key Directory

    Here is an example:

    Operating System

    Encrypted File

    Key Directory

    Key File

    MS Windows initial key path




    -GNU/Linux -faulty key path




    -GNU/Linux correct key path




    Correcting the key directory structure (from red to green) puts the Key Files where FinalCrypt expects them
    The only thing you need to keep in mind is: Key File = [Key Directory] + [Encrypted File Full Path]
    Correct the key directories while you check the Key Match field to see if the key files match up again

    If you're having difficulty realigning the key directory structure then there's a little trick you can do to make it a bit easier:

    Copy an unencrypted file (with a File Manager) to your (root) Target Directory (left side) and select it as a target and select your Key Directory (right side)
    Click on the Key Write number showing [1]. to print the path of the key that would be created for this file. That path is where your Key Directory is expected

    In Juli 2019 FinalCrypt was Cross OS & FS tested with FAT32 & ZFS data-files and NTFS, EXT4 & ZFS key-files
    First encrypted on Windows 10 and then decrypting on Linux (Ubuntu 18.04) and FreeBSD 13 / GhostBSD 19.04

  8. Yes FinalCrypt (like most applications) has no notion of any underlying disk encryption
    FinalCrypt just creates files and writes file-data to any physical or logical file-system
    This has been tested on LUKS and VeraCrypt successfully (with different file-systems)

  9. Make sure that at every backup you also backup your key files together with your encrypted files as pairs
    Decrypting your files also deletes the correlating key files. When re-encrypting then new keys are created
    It is for this reason that re-encrypted files can not be decrypted with previous versions of key files

    Backups of encrypted file - key pairs can be quite simple
    Just schedule 1 backup that has 2 includes:

    Include 1: My Documents (holding your encrypted files)
    Include 2: Key Directory (holding your (My Documents) key files)

    The backup output (on USB drive) will usually be a directory name with a (backup) date
    Every time you backup, a new backup directory with a new date will be added.

    Good backup solutions make sure that unchanged files (between the last backup and the current backup) are hard linked before it synchronizes the changes
    That way backups only grows when files change, but it only works on file systems that support hard links like NTFS for Windows 10 and all other UNIX file systems

    Linux has Back in Time & Apple has Time Machine for hard linked backups, so you only need to find equivalents for Windows

  10. Most likely you're using a texteditor like notepad or wordpad to open up a .bit file
    Encrypted file data is virtually all random binary data comming from random key data
    Text editors don't know what text encoding to use on random data and use default encoding
    Modern computers use UTF8 encoding (large variety of international characters and symbols)

  11. FinalCrypt does not recognise encrypted files by the .bit extension
    FinalCrypt looks inside the file to see if it has a Message Authentication Code (MAC)

    The MAC consists of 2 x 70 bytes located at the beginning of the data. You can use a hex-editor to see the MAC

    The 1st 70 bytes is fixed plain text: "FinalCrypt - File Encryption Program - Plain Text Auth Token Version 2"
    The 2nd 70 bytes is the encrypted version of the plain text. This is how FinalCrypt can authenticate with a key

  12. Your (Auto Key) key files have identical names of their encrypted files and also have a .bit extension
    Doing a search for .bit files would also match all your encrypted files, so how can you tell them apart
    FinalCrypt also can't tell if a file is a Key File, without having the encrypted file and the password

    But there's a trick that might help by doing the following: (FinalCrypt does not traverse Linked directories)

    Download JAVA8 U 221 to the “Downloads“ directory
    Download finalcrypt.jar to your “Downloads“ directory.
    Open a Files-Manager and go to your “Downloads” directory and Install JAVA8

    Start a DOS Shell: (Windows) Open StartMenu and search for "cmd" and open it and type:.

    java -cp Downloads\finalcrypt.jar rdj/CLUI --decrypt --test -w "*.bit" -k . -t Documents\

    Scanning files...finished

    No decryptable targets found

    Wrong key / password?

    Scanning results:

    C. Continue test
    1. print 51 decrypted files (409,5 MiB)
    2. print 51 encryptable files (409,5 MiB)
    3. print 68341 encrypted files (94,0 GiB)
    4. print 0 decryptable files (0,0 Bytes)
    5. print 0 empty files
    6. print 0 symlink files
    7. print 0 unreadable files (0,0 Bytes)
    8. print 0 unwritable files (0,0 Bytes)
    9. print 99 hidden files (12,8 MiB)
    10. print 0 unencryptable (0,0 Bytes)
    11. print 68341 undecryptable (94,0 GiB)
    12. print 0 key matched files (0,0 Bytes)
    13. print 51 key write files (409,5 MiB)

    What list would you like to see ? 1

    Now print num 1 the decrypted files

  13. FinalCrypt 5.6.6 solved the Apple OSX file-manager focus-flashing problem, please update to the latest version and let me know if it happens again
    If flashing happens on Apple OSX it can be stopped by clicking the Log Tab followed by clicking the Encrypt Tab again in the upper left corner

  14. FinalCrypt 5.6.6 solved the Apple OSX hang problem, please update to the latest version and let me know if it happens again
    The previous FinalCrypt GUI could hang sometimes on Apple OSX after encrypting / decrypting, but usually after finishing en/decryption
    The FinalCrypt log files /Users/$USER/.finalcrypt/log/ allow you to check whether FinalCrypt properly finished en/decryption

  15. No, it's not a security bug or flaw. You might be able to recover deleted files with special file recovery tools (Recuva)
    Before FinalCrypt deletes the original file, it writes the encrypted data to the original file (also called Shredding)
    If you would recover the Old File and read it with a Hex-Editor (e.g. Free Hex Editor) you would see only encrypted data
    Shredding during decryption has a reverse effect, so there is no encrypted data to be found on old recoverable files

    Here is an example of an original securely deleted, but recovered file (on the left) and its encrypted counterpart on the right having identical data


  16. Yes, but only for UNIX/Linux as a shell script called: FinalCrypt_Compare_Logs.bash

    The way it works is as follows:

    You start FinalCrypt and encrypt a set of files and after finishing close FinalCrypt
    You again start FinalCrypt and decrypt the same set of files and close FinalCrypt
    You can do that in the encrypt - decrypt order or in the decrypt - encrypt order
    Then after a full cycle of back and forth encryption you can use the script

    You can find the FinalCrypt logfiles in your homedir here: ~/.finalcrypt/log/
    The script checks the function performed in the logfiles you parse on the command line
    The log filenames below are just examples, you can use the original log filenames


    ./FinalCrypt_Compare_Logs.bash [-v] encrypt.log decrypt.log
    ./FinalCrypt_Compare_Logs.bash [-v] decrypt.log encrypt.log

    It can even cross compare all function combinations like:

    ./FinalCrypt_Compare_Logs.bash [-v] decrypt.log decrypt.log
    ./FinalCrypt_Compare_Logs.bash [-v] decrypt.log encrypt.log
    ./FinalCrypt_Compare_Logs.bash [-v] encrypt.log decrypt.log
    ./FinalCrypt_Compare_Logs.bash [-v] encrypt.log encrypt.log

    The script knows which checksums should be identical and print differences
    That's how I do massive 100% integrity tests on 90 GiB of test data / files

  17. Maybe you could try the new FinalCrypt v5.6.0 Brute Force Password Dictionary Scan function
    It only works from the command line interface, which requires you to prepare the following:

    Download a password dictionary file to the Downloads directory
    Download JAVA8 U 221 to the “Downloads“ directory.
    Download FINALCRYPT JAR to your “Downloads“ directory.
    Open a Files-Manager and go to your “Downloads” directory.
    Install JAVA8 and extract the Password Dictionary (rename it dictionary.txt)

    Open a DOS Prompt "cmd" / shell (UNIX) and type:

    java -cp Downloads\finalcrypt.jar rdj/CLUI --scan --password-dictionary "Downloads\dictionary.txt" -k "mykeydir" -t "myfile"

    Best is to pick one target file to Brute Force and of course correct "mykeydir" and "myfile" in the above example
    FinalCrypt prints 1 second interval progress trying all passwords and stops when it finds your lost / forgotten password
    Beware that brute-forcing passwords comes without guarantees. It all depends on how hard your password is to guess

  18. No, sorry, this is why you need to make backups!


  1. Ron de Jong

    My name is Ron de Jong born in 1969 currently living in Zaandijk (close to Amsterdam) The Netherlands. At 13 I started programming Basic on an Atari 600XL
    At 15 I dropped out of school when my father suddenly died and was unemployed or busting my ass like a donkey as a truck driver, bus cleaner or in factories
    Later I picked up and finished Telematics & LAN Management education and worked for 15 years as a UNIX Systems & Software Engineer mostly for large companies
    After 2008 things went down hill and I ended my paid career being unable to function without stress in bright light, noisy, social and commercial environments
    In 2014 I was diagnosed with Autism (Asperger). After some years I wanted to do something back for society in an autism friendly way (from home) helping people
    Combining my IT knowledge and experience and my autistic worldview I decided to develop Free OpenSource (Digital Human Rights) Software for the ordinary people

  2. In my career encryption always played a part, but more as something you'd use, assuming that encryption algorithms were as secure as the authorities claimed
    Encryption really became interesting to me when I came to realise that Mass Surveillance was silently and globally implemented starting from arround the year 2000

  3. After my autism diagnosis I tried to understand my social limitation in an attempt to understand what social behavior really is, but couldn’t find objective answers
    Reading the book "On the origin of the human mind" and further philosophizing about Human Evolution regarding Social Behavior I came to some interesting conclusions
    Social behavior is about group hunting competences, (teamwork) cooperation & communication, behavioral observation (espionage), planning, deception & attack
    These lucrative competences are deeply embedded in our human instinct, allowing us to overthrow opponents and enemies, keeping us on top of the food chain
    We humans also use these competences against each other to dominate and exploit, mostly for economic reasons. The pieces of the puzzle then fitted together

    Over the years more and more news came out that vulnerabilities of crypto algorithms were deliberately exploited to expand Big Brother espionage on civilians
    Thanks to honorable people like Edward Snowden homeJulian Assange wikileaksShoshana Zuboff homeBruce Schneier homeChelsea (Bradley) Manning home
    we now know we can’t trust Big Tech, the national security agencies, the military and governments to respect our human rights and personal privacy
    I came to realize that after so many lies standard encryption can't be trusted either. Only One-Time Pad Encryption is irreversible and unbreakable
    The public & private sector spy for economic reasons and power. Therefor good One-Time Pad Encryption software had to be developed from the ground up

    Disk Encryption can't be trusted because spyware (running in the background) simply scans & reads all your files as soon as you unlock your drive
    The only way to prevent file espionage is to constantly block access to all personal files with good unbreakable One-Time Pad Encryption Software

  4. That's a horrible thought, but do we blame BMW when someone kills another person with a BMW ? Should we then disallow everyone from driving a BMW ?
    FinalCrypt isn't build for people to harm others! It's also build for governments and industries, so their secrets can't be stolen by other nations
    If FinalCrypt is used to harm others, then these people should be brought to justice and lawfully force them to surrender their keys and passwords
    Terrorists are also created by military aggression, putting dictators in power for cheap oil contracts, allowing bad regimes to torture their people

    FinalCrypt serves a greater purpose. Capitalism causes far greater suffering and death toll, where the upper class suppresses and exploit the lower class
    Where capitalists financially influence politics by negotiatiating to limit the legal rights of the working class in order to maximize profits
    Governments and employers spy on civilians mostly for economic reasons, demanding full transparency, but refuse to be transparent them selves

    If one group has the advantage of operating in secrecy over another group (without equal rights) then dominance and exploitation will happen
    Peace can only happen when the right to privacy is equally devided, so everyone is transparant or no one is and not just the working class
    When nations can't measure each other's strengths and weaknesses (due to mutual secrecy), then respecting each other is the only option

    If rulers demand transparency of the masses, but refuse to be transparent them selves then the masses should protect their privacy
    The ultimate goal shouldn't be profit optimisation, but suffering minimisation and therefor defend against exploitation