Frequently Asked Questions

GPG is solid, but it's a general-purpose, CLI-first tool. VaultSort is built for day-to-day desktop use:

• Simpler UX with a native macOS interface
• Native YubiKey / WebAuthn flow — no terminal commands needed
• Multi-key support for backup and recovery
• Built-in file operations (organize, deduplicate, secure delete) in one app

VaultSort uses its own encryption flow (AES-256) with WebAuthn/FIDO2-backed YubiKey auth.

Multiple YubiKeys are supported via the V2 file format: one random AES key encrypts the file, and that key is independently wrapped for each registered credential. The file header stores an array of wrapped keys — one per YubiKey. On decrypt, VaultSort tries unwrapping with whichever key you tap; only one needs to succeed. Up to 5 keys per file (configurable). V1 single-key files are auto-upgraded to V2 on first decrypt when multiple keys are registered.

The YubiKey never sees the AES key. No IDP is involved — the entire WebAuthn/FIDO2 ceremony happens locally between the Electron renderer and the YubiKey hardware. No network call, no third-party identity service.

Here's the flow: the file's AES-256 key is generated randomly by the app. The YubiKey proves possession via a local public-key challenge-response (FIDO2 assertion). The credential metadata (credential ID, user handle, public key material) is used as input to scrypt to derive a key-wrapping key. That wrapping key encrypts the file's AES key, and the wrapped blob is stored in the file header.

For password-based encryption, scrypt derives a 64-byte key from the password — first 32 bytes for AES, second 32 for HMAC-SHA256 integrity. Each file gets a random 32-byte salt and 16-byte IV.

Apple removed Secure Erase from Disk Utility because traditional overwrite methods don't reliably work on SSDs due to wear-leveling and block remapping.

VaultSort fills this gap with SSD-aware deletion: TRIM-based invalidation, metadata scrubbing, anti-wear-leveling patterns, and cryptographically random overwrites — designed for how flash storage actually works.

For your primary system disk with FileVault, you're already well-protected. VaultSort's shredding is most useful for:

• External drives that were never encrypted
• Shared or re-used drives
• Scenarios where you want to securely clear specific files or free space without reformatting

Yes! The free version includes genuinely useful features:

• Automatic file and folder organization
• Disk and folder analysis
• Large file discovery
• Storage breakdown and directory browsing

Premium unlocks duplicate detection, secure deletion, disk shredding, encryption, and advanced organization with the AI Job Builder.

• macOS 12 (Monterey) or later
• Apple Silicon only (M1, M2, M3, M4)

Intel Macs are not supported.

The AI Job Builder lets you create file organization automations by describing what you want in plain English — for example: "Move all screenshots older than 30 days to ~/Archive/Screenshots, organized by month."

It generates the complete rule set (predicates, logic groups, folder structure) in seconds. You review it, edit if needed, dry-run it, then execute. You bring your own API key (OpenAI, Anthropic, or free Google Gemini).

Hazel is mainly for file automation rules. VaultSort covers organization too, but also adds:

• Undo for all organization runs
• Duplicate file detection and removal
• Secure deletion and disk shredding
• AES-256 encryption with optional YubiKey support
• Storage cleanup, large file finder, and cache cleaning
• AI-powered job builder for plain-English automation

VaultSort is better if you want one utility that covers cleanup + organization + security, rather than just file automation.