Introduction
Kurpod
Hide your private files inside ordinary photos and documents. Even if someone finds them, they'll see exactly what you want them to see.
What is Kurpod
A single encrypted blob that stores your files.
Installation
Docker one-liner or 8 MB binary.
Quick Start
Create blob, set password, drag files.
Hidden Volumes
Optional second password, undetectable.
Beta release - expect rough edges.
Hide 1,000 photos inside "vacation.jpg". Store tax records as "music_playlist.mp3". Your secret files, disguised as innocent documents.
Try it in 30 seconds
docker run -p 3000:3000 -v ./data:/app/data ghcr.io/srv1n/kurpod-server:latest
open http://localhost:3000
Or download the binary:
# Auto-install for Linux/macOS
curl -L https://github.com/srv1n/kurpod/releases/latest/download/install.sh | bash
# Then run
kurpod_server
How it works
- Drag your files into KURPOD (photos, documents, anything)
- Name it something innocent → "Grandma's_Recipe.docx"
- Set two passwords:
- 🔓 Fake Password → Shows harmless content (for nosy people)
- 🔒 Real Password → Reveals your actual files (only for you)
Someone forces you to unlock it? Give them the fake password. They see recipes. Your real data stays invisible.
Three things to know
| Keep it | Share it | Deny it |
|---|---|---|
| Private - files encrypted before server sees them | Portable - one blob file to backup/move | Hidden - optional 2nd password, undetectable |
Technical bits
- XChaCha20-Poly1305 (256-bit key, 192-bit nonce)
- Argon2id (64 MiB, 3 passes)
- 8 MB binary, 30 MB Docker image
Beta limitations
- Single-user only
- No built-in HTTPS (use reverse proxy)
- Plausible deniability isn't magic - adversary can still demand multiple passwords
- Not audited yet - expect bugs
Get help
- Installation - More install options
- Hidden volumes - How the 2nd password works
- GitHub - Report bugs
Built in Rust. Uses public crypto: XChaCha20-Poly1305 + Argon2id.
Beta release. Back up your blobs.