Install Krypton + kr

Krypton app

Go to on your iOS or Android device and you will be redirected to the Krypton app download page on the Apple App Store (iOS) or the Google Play Store (Android).

Kr cli

The easiest way to install kr on any supported machine is the following:

$ curl | sh

You can check out the source or download the script locally with curl > kr and inspect it

Note: The rest of this document describes the what the install script does and how to manually install kr from source.

What’s inside the install script?

Below is an explanation of what the install script does on each supported platform.


  • Download the correct homebrew bottle from GitHub and verify its hash
  • Untar and install kr, krd,, and krssh binaries
  • Backup and append to your ~/.ssh/config to point to krd

Equivalent command:

$ brew install kryptco/tap/kr 

Debian Linux (Ubuntu, Kali)

  • Install necessary software for adding new repository: software-properties-common, dirmngr, apt-transport-https
  • Add’s binary signing key from the Ubuntu keyserver (fingerprint C4A05888A1C4FA02E1566F859F2A29A569653940)
  • Add’s apt repository hosted at
  • run apt-get install kr

Equivalent commands:

$ sudo apt-get install software-properties-common dirmngr apt-transport-https -y 
$ sudo apt-key adv --keyserver hkp:// --recv-keys C4A05888A1C4FA02E1566F859F2A29A569653940 
$ sudo add-apt-repository "deb kryptco main" # non-Kali Linux only 
$ sudo printf "deb kryptco main" >> /etc/apt/sources.list # Kali Linux only 
$ sudo apt-get update 
$ sudo apt-get install kr -y 

RPM Linux (RedHat, CentOS, Fedora)

  • Add’s binary signing key from the Ubuntu keyserver (fingerprint C4A05888A1C4FA02E1566F859F2A29A569653940)
  • Add’s yum repository hosted at
  • Run yum install kr

Equivalent commands:

$ sudo yum-config-manager --add-repo # non-fedora only 
$ sudo dnf config-manager --add-repo # fedora only 
$ sudo yum install kr -y 

Installing from source


Golang & Rust are automatically installed by brew

$ brew install --HEAD kryptco/tap/kr



$ export GOPATH=${GOPATH:-$PWD}
$ go get
$ cd $GOPATH/src/ && make install && kr restart

How Kr interfaces with SSH

kr automatically adds the following to your ~/.ssh/config file:

# Added by Krypton
Host * 
    PKCS11Provider /usr/local/lib/ 
    ProxyCommand /usr/local/bin/krssh %h %p 
    IdentityFile ~/.ssh/id_krypton
    IdentityFile ~/.ssh/id_ed25519 
    IdentityFile ~/.ssh/id_rsa 
    IdentityFile ~/.ssh/id_ecdsa 
    IdentityFile ~/.ssh/id_dsa 
  • Krypton’s PKCS11Provider directs SSH to krd as an SSH agent by setting the SSH_AUTH_SOCK environment variable. It also links ~/.kr/original-agent.sock to any already-running SSH agent. This allows krd to fallback to the original agent if necessary.

  • The krssh ProxyCommand detects which host is being connected to and reads the signature returned from the remote server. These are transmitted to krd and eventually verified by the Krypton phone app.

  • The IdentityFile options make sure that the Krypton public key is presented to servers when trying to log in, as well as any default-named SSH keys users already have.

Uninstalling kr

Running kr uninstall will remove kr from your computer. In the event kr uninstall does not succeed, manually remove the above lines from ~/.ssh/config. If you have also used Krypton for code sigining, remove the following lines from ~/.gitconfig:

	program = /.../krgpg
	gpgSign = true