Krypt.co, a new security startup founded by two former MIT students and one of their professors, is launching today with a free product called Kryptonite, designed to help developers protect their private encryption keys, using an app on their smartphones.
It’s a big day for the fledgling company as it also announced a $1.2 million seed round led by Rough Draft Ventures/General Catalyst with participation from Slow Ventures, SV Angel and Akamai Labs. That’s a solid roster of backers for their first swing at funding.
The company came out of research by two former MIT students, Alex Grinman and Kevin King, who shared a common passion for encryption. The two friends believed that they had found a better way to protect encryption keys and they approached their professor David Gifford, who thought it was a good idea and helped them launch the company.
Kryptonite takes advantage of typical public/private key encryption using the Secure Socket Shell (SSH) protocol used by developers to log onto networks remotely. Typically, they store their private keys on a laptop, but the founders saw this as inherently insecure because apps aren’t sandboxed and separated from one another as they are on a smartphone.
They believed that by moving the process to the phone, it would make it more convenient and safer. You simply download the free Kryptonite app, pair it with your computer and use SSH in the normal fashion. As you try to log onto remote services like Github to commit your code, you’ll see a notification on your phone. If it wasn’t you who made that request, your keys might be compromised and you can reject access and revoke the keys. If it is you, you can sign in and continue.
While they acknowledge that people could lose their phones, they say that you could cut off access to services using your private key, and render the key essentially useless to the person who found (or stole) your phone.
While the initial product is free, the company sees this offering as a way to build relationships in the developer community, and eventually add services on top of that free product they can charge for.
The founders are still working on the administrative architecture, but they are envisioning a team administrator, who will have access to a central dashboard to set device policies and view the public keys for all of the developers on the team.
Down the road, they could apply this technology to code signing to avoid fraudulent commits, or even possibly at some point, simplify the use of encrypted emails for all users, not just developers.
For now, they have the money from this seed round to add some more employees and begin to build beyond the free product and see where this takes them.