KURPOD mobile & desktop apps

Kurpod Logo

What is Kurpod?

Kurpod is an encrypted file storage system with plausible deniability features. It's self-hosted, open source, and currently in beta.

ELI5 version

Imagine you need to hide your private files right now. Tax documents. Personal photos. Medical records.

Usually you'd password-protect folders (suspicious!) or encrypt hard drives (techy & obvious).

What if you could turn those sensitive files into an innocent holiday photo or boring spreadsheet? Something nobody would ever question.

Here’s how it works:

  1. Drag your files into KURPOD (photos, documents, anything private)

  2. Name it something innocent like vacation_photos.jpg or project_report.pdf

  3. Set two passwords:

    • Fake password → Shows harmless content (vacation pics, meeting notes)
    • Real password → Reveals your actual sensitive files

  4. Share or store anywhere - it looks exactly like a normal photo or document file

The Magic Trick: Two Passwords

This is KURPOD's secret weapon. Every file has two hidden compartments:

Real-world example:

family_vacation.jpg  (Actually contains 847 encrypted files)
├── Password "birthday2023" → Opens fake photo album (25 vacation pics)
└── Password "dolphins847" → Opens your real files (crypto wallet, tax docs)

To anyone else: Just a 2.3MB vacation photo.
To you: A portable vault containing everything that matters.

Someone forces you to unlock it? Give them the fake password. They see vacation photos and leave satisfied. Your real data stays completely invisible.

How it works

  1. Run kurpod server (single binary, Docker, hombrew or build from source)
  2. Create encrypted blob with password
  3. Access through web interface
  4. Upload files - they get encrypted and stored
  5. Optional: create second encrypted volume with different password

Technical details

Encryption

  • Password hashing: Argon2id (64MB memory, 3 iterations)
  • File encryption: XChaCha20-Poly1305 (256-bit keys, 192-bit nonces)
  • Built in Rust

Storage

  • Dual-volume blob format
  • Filenames and metadata are encrypted
  • Hidden volume looks like random data

Access

  • Web interface with dark/light themes
  • REST API
  • Works on any device with a web browser

Who might use this?

  • People who need plausible deniability
  • Anyone required to encrypt files
  • Those who don't trust cloud storage
  • People crossing borders with devices

Beta Status: Core functionality works but expect bugs. Single-user only for now.

Compared to alternatives

vs. VeraCrypt: Web interface, remote access, but much newer/less tested vs. Cloud storage: You control the data, but requires self-hosting vs. Password managers: For files, not credentials vs. Other encrypted storage: Has plausible deniability feature

Current limitations

  • No built-in HTTPS (use reverse proxy)
  • Web interface only
  • Beta software - expect bugs

License

Open source under AGPLv3.

Getting started

  1. Install kurpod - Single binary or Docker
  2. Create blob - Pick filename and strong password
  3. Upload files - Drag and drop files
  4. Optional - Create second volume with different password