Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
any later version published by the Free Software Foundation; modifications shall not include
Front-Cover Texts, or Invariant Sections, or Back-Cover Texts.
A copy of the license is available at: https://www.gnu.org/copyleft/fdl.html.
Kryptmin is hosted at https://sourceforge.net/projects/kryptmin/
The documentation uses DocumationMagic, hosted at
https://sourceforge.net/p/simpletextformatter/wiki/DocumationMagic/.
The pdf version of this document may be downloaded from https://sourceforge.net/projects/kryptmin/files/Kryptmin.pdf/download
Kryptmin requires 7-Zip. 7-Zip is copyrighted by Igor Pavlov and is available from https://www.7-zip.org/. Both Kryptmin and 7-ZIP are free software and are available to anyone for use as long as they don't sell it for profit. Kryptmin is released under the GNU LGPL license. 7-Zip is mostly released under the GNU LGPL license. See the 7-Zip web site for details.
Kryptmin was written to make it easy to encrypt documents and avoid common pitfalls that can arise. For example, using most encryption managers, double clicking on a file name opens it for editing. This is very convenient, but in order to do so the manager must first decrypt the file to a temporary location. Most managers are good at deleting or updating the edited file, but sometimes a copy is left unencrypted in an undisclosed location. To me this constitutes a security flaw. Also to use an Encryption Manager it is necessary to keep track of passwords. Unless you are very diligent, sometimes things get confused and data can be lost (No password, no data.)
Kryptmin manages passwords for you and also decrypts (for viewing or editing) to a specified Folder. This way things don't get lost.
Because of the software design, it was easy to extend Kryptmin to also manage web passwords and to do a few other things. Kryptmin web password management is normally used for sensitive sites, where you want explicit control. Browser managers are very convenient, but I like to know explicitly where my passwords are stored and to be able to display them if I need to. So Kryptmin provides an alternative that stores your data in encrypted format on your PC. Kryptmin also supports keeping notes with the site-address/password/username. This can be very convenient. Browsers also store your passwords on your PC, but they do not always support viewing your passwords en masse or storing them in a separate encrypted file as a backup.
It should be noted that disk encryption programs protect your data when the physical disk is stolen, they do not protect your data against malware after you have unlocked your disk for use. For this reason, it is still a good idea to encrypt sensitive files.
Lastly Kryptmin stores all your data, passwords, notes, etc. in an encrypted file, called your profile. It is possible to exert explicit control over Kryptmin's actions, or to just take reasonable defaults. The introduction begins here with paragraph 1, basic use is described in paragraph 2. The first part of this document describes basic usage; the next part goes into more advanced use; the last part discusses the design decisions and philosophy behind Kryptmin.
Barry Stanly
Henderson NV, 2018
Kryptmin (Version: 2.0.1.1-Beta)
Kryptmin is currently undergoing Beta testing, If you notice any anomalies, please file a ticket at:
https://sourceforge.net/p/kryptmin/tickets
1 Introduction
1.1 First Use
1.2 Installation
2 Basic Use
2.1 Usage Options
2.2 Controls
2.3 Entry Fields
2.4 Drag And Drop
2.5 Copy/Paste
2.6 Usage Examples
2.6.1 Encrypting a File
2.6.2 Encrypting a Folder
2.6.3 Decrypting Files and Folders
2.6.4 Decrypting Between Kryptmin and Windows
2.6.5 Kryptmin as an Encryption/Decryption Engine
2.7 Using Multiple Folders
2.7.1 Using the Folder Editor
2.8 Passwords Revisited
2.8.1 Override Passwords
2.8.2 Switching Password Algorithms
2.8.3 System Password
2.9 Using the Launcher Mode
2.9.1 Pasting Web Passwords
3 Security
3.1 The Kryptmin Profile
3.2 Editing the Profile
3.3 Controls
3.4 Using Your Own Password Algorithm
3.5 Using KScript to Manage Passwords
3.5.1 KScrypt Syntax
3.5.2 Parse
3.5.3 Pop
3.5.4 GetSubDir
3.5.5 Index
3.5.6 Substr
3.5.7 KScript Log
3.5.8 KScript Modularity
3.5.9 Invoking KScript
3.5.10 The KScript Editor
3.5.11 Sample Script
3.6 Backups
4 Examples
4.1 Kryptmin Directory Structure
4.2 Encrypting Folders.
4.3 Encrypting Files
4.4 Decrypting Files and Folders
4.5 Viewing Files and Folders
4.6 Deleting files and Folders
4.7 Moving Versus Copying Files and Folders
4.8 Overwriting Files
5 Notes
5.1 Backups
5.2 Customizing Windows
5.3 Managing Passwords
5.4 Note on Encryption
5.5 System Password
5.6 7-Zip Interface
5.6.1 Screen Scraping
5.6.2 Manually Decrypting Files
5.7 Checking for Updates
5.8 Registry
5.9 troubleshooting
5.10 Design Notes
5.11 Exchanging Files
5.11.1 Sending Files
5.11.2 Receiving Files
5.11.3 Using the Channel Wizard
5.11.4 Integrating with Linux
5.11.5 Integrating with Android
Table 3.1-I Profile Format
Table 3.5-II KScript Predefined Symbols Table
Table 3.5.1-III KScript Decision Making Commands
Table 3.5.1-IV KScript Operator Table
Table 3.5.7-V KScript Log Control
Table 6-I Change Log
Figure 1.2-1 Installing Kryptmin
Figure 1.2-2 Installation
Figure 2-3 First Use
Figure 2-4 Basic Use
Figure 2.2-5 Typical PDF Viewing Controls
Figure 2.7-6 Selecting Directories
Figure 2.7-7 Editing Folders
Figure 2.8.1-8 Site Editor
Figure 2.8.1-9 Creating a Default Password
Figure 2.9-10 Launcher Mode Activated
Figure 2.9-11 Defining Web Sites
Figure 2.9-12 Detail Editor
Figure 3.2-13 Controlling the Profile
Figure 3.3-14 Login Screen
Figure 3.5.11-15 Accessing the Password Manager
Figure 3.5.11-16 KScript Editor
Figure 3.6-17 Profile Drop-Down Menu
Figure 4.1-18 For files and directories
Figure 4.1-19 For encrypted files and directories
Figure 4.1-20 For viewing
Figure 4.1-21 For commands and programs
Figure 5.2-22 Clicking Windows View
Figure 5.2-23 Windows Options
Figure 5.11-24 Document Exchange -- Setting up Folders
Figure 5.11-25 Document Exchange -- Defining Passwords
Figure 5.11.3-26 E-mail Channel Wizard
Kryptmin is an Encryption/Decryption manager that uses program 7-zip to encrypt and decrypt files.
So install 7-zip before first use from: https://www.7-zip.org/
The first time Kryptmin is called it will ask for a basic password(1).
The password is saved in your profile: C:\Users\'you'\.nic\Kryptmin\Profile.txt You may edit this file as desired. If your profile is deleted it will automatically be recreated. First use is shown in figure 2-3.
To install Kryptmin, Extract Kryptmin.zip to a temporary folder. This can be done by right-clicking on Kryptmin.zip, and selecting 7-Zip -> Extract Here. This will create folder Kryptmin. Double click on Folder Kryptmin to open it. It should display as shown in figure 1.2-1.
This only has to be done on the first install. Updates do not require it.
After that, click on Kryptmin in the start menu or task bar to execute it. My preference is to use the task bar, located at the bottom of the screen. Just click on the Kryptmin icon, a large K, and it will launch.
Move files to be encrypted into Documents\Protected, this is the default folder to hold decrypted files. The folder is automatically created on first use. See figure 4.1-18.
Select files in the Unencrypted folder and click button [Encrypt] to encrypt them (See figure 2-4.) The files will be encrypted and stored
in the Encrypted folder. To decrypt, select the file(s) in the Encrypted folder and press button [Decrypt]. The file(s) will
be decrypted and stored back in to the Unencrypted folder.
A context menu is also available by right-clicking on a file name. This causes a pop-up menu to appear showing actions that may be performed on the selected files. Select files, then right-click on a file and choose Encrypt, to encrypt, Decrypt, to decrypt, etc. The indicated operation will be performed on the selected files.
If you change the password, all previous files will be indecipherable until it is changed back. Use the [Password Override]
text box to temporarily change the password. For example, if a friend sends you an encrypted file using a different password, use Password Override to decrypt the file. Another case is when you send a file to someone else, you might not want to use your regular password, so set Password Override to a temporary password prior to encrypting the file. Then you can send the file without compromising your system. A typical screen is shown in figure 2-4
[ ] Move means to delete the old file when encrypting or decrypting.
[ ] Overwrite means to automatically overwrite an existing file when encrypting or decrypting.
[ ] Allow Encrypted View means to support double clicking on an encrypted file to view it.The way encrypted view works
is the encrypted file is decrypted to a view folder and then it is passed to the appropriate viewing program (usually a word processor or an editor.) Kryptmin deletes all the files in the view folder when it exits. However if the decrypted file is currently open in, say, a word processor, then it cannot be deleted. So checking Encrypted View means you assume the responsibility that unencrypted files may be left in the view folder.
It should be noted that all encryption managers have to create an unencrypted file for viewing or editing. The location of this temporary view is frequently difficult to find. So if unencrypted files are accidentally left in this temporary view folder it constitutes a security flaw. By specifying the view folder explicitly, Kryptmin reduces this vulnerability.
[ ] Show PW means to display Temp Root and Password Override passwords.
[ ] Multi-Select means to support Windows listbox extended select mode. This allows selecting a range of files by dragging the mouse over them. Multi-Select is normally turned off when Drag-And-Drop is used.
Last PW. Clicking Show PW causes this item to display the last password used. Normally it displays the kind of password that was last used, such as "System PW" (for system password), or "Default" for the default password.
View. The view options are All, Files, and Folders. These specify what types of items are to be displayed. Folders are preceded with [F] to distinguish them from files.
The following buttons appear on the main screen:
The [Encrypt] button encrypts the selected files in the unencrypted folder and stores/moves them to the encrypted folder.
The [Decrypt] button decrypts the selected files in the encrypted folder and stores/moves them to the unencrypted folder.
The [Set] button is used to specify temporary encryption and decryption folders. Pressing [Set] opens a dialog to choose(and/or create) the specified folder. The default unencrypted folder is the protected folder, located inside of your documents folder. The default encrypted
folder is folder Kryptmin inside of the protected folder. The view folder is inside of the Temp folder:
- Unencrypted Folder: C:\Users\'you'\Documents\Protected;
- Encrypted Folder: C:\Users\'you'\Documents\Protected\Kryptmin;
- View Folder: C:\Users\'you'\Temp\View.
The Ext(s) field (See figure 2-4.) specifies the type of files to process. The default is all files. Use a list to see patterns of files. For example .doc*,.rtf displays only documents and rtf format files.
The [Del] button deletes all selected files. To select a file, left click on it.
The [Clear] button unselects all files.
The [Setup] button configures Kryptmin. It can be used to define passwords and other behavior.
The [Exit] button exits Kryptmin. Clicking the upper right corner close button (the "X") also exits Kryptmin.
The [License] button displays the copyright and licensing information. This program may be given freely as long as it is not for profit. The full terms are specified in the GNU Lesser General Public License as published by the Free Software Foundation (www.fsf.org) and essentially state that if you modify the program, you must keep the copyright intact and it cannot be sold for profit.
double clicking with the left mouse button views the selected file.
The [Help] button displays this help text. Help may also be invoked by pressing function key [F1]. Hovering over a control with the mouse pointer displays a short description of the function of the control.
The typical PDF viewer has some adjustments that make viewing easier, these are indicated in figure 2.2-5.
If the PDF help file cannot be located, the Wiki help file (from the Kryptmin web site will be used.) The two versions are similar. The PDF version is slightly clearer (IMHO).) Pressing [Ctrl]+ makes the Wiki screen larger(2); pressing [ctrl]- makes it smaller. If an image is hard to view, increase the magnification to be able to read it clearly.
Kryptmin supports the following data entry fields:
[Unencrypted Files] -- this points to the unencrypted folder. It may be changed at any time.
[Encrypted Files] -- this points to the encrypted folder. It may be changed at any time.
[Ext's] -- this specifies the type(s) of files to display. The default is blank, i.e. all files will be displayed.To limit the display to multiple types of files, separate the extensions with commas. For example, specifying .Doc*,.rtf displays only documents and rtf files.
[Password Override] -- this specifies an arbitrary password. For example setting Password Override to, say, 'Frederick The Great', will encrypt/decrypt using that exact password.
Kryptmin supports drag and drop between the Encrypt and Decrypt windows and between the Encrypt and Decrypt windows and the Windows file manager (Windows Explorer.)
If [ ] Move Files is checked, then the default drag operation is to move the highlighted files; otherwise the default drag operation is to copy the files. Kryptmin supports the following modifiers for drag and drop. The modifier keys override the default set by Move Files:
<Ctrl> - if the control key is depressed prior to starting a drag and drop operation, then the files are copied irrespective of the state of Move Files.
<Shift> - if the shift key is depressed prior to starting a drag and drop operation, then the files are moved irrespective of the state of Move Files.
When dragging files to the Windows File Manager, it is necessary to click on the destination window after dragging to see the results. This is because Windows displays the results after the window has focus. Clicking on the window after the operation sets the focus to the destination window and the results are displayed. This is important in doing a move operation between Kryptmin and Windows Explorer in that Kryptmin waits for notification that the move is complete. If notification is not received within 60 seconds, Kryptmin aborts the operation. So remember to click on the destination folder when doing a move operation from Kryptmin to Windows.
Kryptmin also supports Copy/Paste between the Encrypt and Decrypt windows and between the the Encrypt and Decrypt windows and the Windows file manager (Windows Explorer.)
Copy, Cut, and Paste operate as per Windows standard:
First select the files to act upon.
Choose the action. This may be done by right-clicking and selecting Copy (Or Cut).
Click on the window to receive the files. This selects the window.
Right-click and Select Paste. This copies the selected files if copy was chosen, or moves them if paste was selected.
An alternate method is to use the keyboard. Press <Ctrl>C, for copy, <Ctrl>X for cut, and <Ctrl>V for paste.
Kryptmin encrypts unencrypted files that are pasted into the Encryption window and decrypts encrypted files that are pasted into the Decryption window. Files that already are encrypted are left unchanged when pasting into the Encryption window. Similarly files that already are decrypted are left unchanged when pasting into the Decryption window.
Copy (or move) a file into the Protected folder (in your documents folder.)
Launch Kryptmin (click on the Kryptmin icon in the task bar at the bottom of the screen, or press the Window key and click Kryptmin in the Start Menu. This was set up as part of Kryptmin installation.) The main screen should appear with your file in the unencrypted window.
To encrypt your file, first make sure Move is set, then highlight it (i.e. left click on it.), and then click the [Encrypt] button. The file will appear in the encrypted window with an extension of .7z. The .7z extension indicates that the file is encrypted.
Alternately you may drag directly from a Windows File Manager window directly into the Encrypted window. The file will be encrypted. When using drag and drop, it is a good idea to hold down the control key to force a copy or hold down the shift key to force a move when copy or move is desired.
Not setting Move first means that there will be two copies of the file, one encrypted, one unencrypted.
Copy/Move a folder into the Protected folder (in your documents folder.)
Choose View option All or Folders to ensure folders are displayed.
Normally select Move Files.
Highlight the folder (i.e. left click on it.), and then click the [Encrypt] button. The folder will appear in the encrypted window with an extension of .7z.
Alternately as before, you may directly drag a folder to the encrypted window and it will be encrypted.Not clicking Move first means that there will be two copies of the folder, one encrypted, one unencrypted. The encrypted folder may be moved around, e-mailed, etc. When it is decrypted, it will appear back in the unencrypted window. Select All or Folders View option to display the result. Once it is decrypted, you can drag the now decrypted folder where you want it.
Highlight the files to be decrypted in the encrypted window; then click [Decrypt]. The file(s)/folder(s) will appear in the unencrypted window. Remember to select the correct View option to display the results.
To encrypt a Windows' file or folder, drag it to the encrypted window and the file or folder will be encrypted. To decrypt the file or folder, select it and drag it to the decrypted window (or click [Decrypt].) Then drag the now decrypted file or folder back to Windows. Don't forget to click the destination window to register the move.
You can use Kryptmin as an Encryption/Decryption engine. The way this works is you use Explorer to highlight the files (and/or folders) you wish to encrypt and the drag them to the Encrypted window. This encrypts the files. Similarly if you drag the now encrypted files from Kryptmin to a Windows folder, the encrypted file is copied/moved (and remains encrypted.)
To Decrypt a file, drag the encrypted files from the windows folder to the unencrypted window. This decrypts them. Then drag them back and you have the unencrypted version back in your folder.
Kryptmin is not restricted to encrypting/decrypting files/folders between the default folders (Protected and Kryptmin). However it is necessary to tell Kryptmin that multiple folders are in use. To do that, click [Setup]. This opens opens the Setup screen (see figure 3.2-13). There are many options that can be specified in the Setup screen. Right now we are only interested in one, namely, multiple folder mode. To set this mode, click [ ]Multiple Folder Mode in the Setup screen and then click [Exit].
As before, the [Set] button specifies a temporary pair of folders to use. However, if the entry field Unencrypted files is clicked, a drop down list will display. At the bottom of this list is an Edit entry. Selecting Edit invokes the folder editor that saves the choice so that it can be selected for next time. You can also right-click on the Unencrypted files and a context menu will appear. Select Edit Folder Paths and the editor will be invoked. See figure 2.7-6.
Inside the editor, click on the folder that is closest to the folder that you want to select and then click on [New Protected]. This opens a search dialog to locate the specified folder. You can also create new folders using this process. Both the protected and encrypted folders are set to the selected folder by default. If you prefer a separate encryption folder, click [New Encrypted] and choose the correct folder to hold the encrypted
files(3).
Use Add to add the selected folders; then exit with Save. Exiting using Cancel discards all changes made with the Folder editor.
Once Encryption/Decryption pairs have been specified in the Folder editor, they may be selected as shown in figure 2.7-6.
Kryptmin supports several ways of specifying passwords. These are named:
Root:FN -- for the Root password concatenated to the file name to form the final password. This causes passwords to vary within the file structure. But it has the side effect that you cannot rename an encrypted file because the the file name is part of the password.
Override Passwords -- This specifies a constant password that stays in effect until changed.
MyPW -- This specifies a Windows command file, MyPW.bat, that can be used to implement arbitrary password algorithms. See 3.4 for details.
KScript -- This specifies KScript, a scripting engine internal to Kryptmin. The advantage of KScript over MyPW is that MYPW has to be decripted in order for it to be used, where as KScript, being internal, is very difficult for Malware to snoop. See 3.5 for details.
If an override password is specified, it is used to Decrypt/Encrypt files instead of the default password. A temporary override password may be specified by just typing in the password in the Password Override field. Named override passwords are specified using the Site Editor. The Site Editor is shown in figure 2.8.1-8.
The Site Editor is invoked by clicking the [Edit] button next the Password Override field. Type in the Password name, a mnemonic used to refer to the password; and then type in the password. Click [Add] to add the password to the editor list. Click [Update] to save your changes; click [Cancel] to discard your changes. [ ]Extended Edit is used to add information to the password. For example, you can add notes. To remove a password, select the name in the Site Editor and click [Delete].
Choosing another override password,
Selecting a folder that has the same name as an override password, this causes the associated password to used, or
Typing in an override password.For example, Specifying a Default password of, say, MmYyPpAaSsSsOoRrDd will cause that password to be used to encrypt files unless another password is explicitly chosen. See figure 2.8.1-9.
Setup may be used to switch between password algorithms. Click button [Setup]. Then click [Manage Passwords] this This brings up the password manager. Be sure and decrypt your files before changing algorithms or you will have to enter the correct password manually to access them.
The third method of specifying passwords, MyPW, is invoked Creating MyPW.bat in the password manager. This creates MyPW.bat in your profile directory. It is set initially to duplicate the Root:FN password algorithm. You may edit this file as desired to implement any desired password algorithm(4).
A forth method of specifying passwords, KScript, is invoked Choosing to edit KScript in the password manager. This creates a Kryptmin script that specifies the password based on user whim, the file name and the file system. See 3.5 for details.
The system password is used to encrypt all files inside of the Profile directory. The default system password is constructed from the PC hardware signature and is unique to the PC. Choosing to specify the system password in the password manager, creates a login password that becomes the system password. (Either right-click or use the Manage Passwords drop-down menu.) The Login password is not saved and must be entered each time Kryptmin is invoked. If your PC is physically secure, then logging in to your PC unlocks the profile by using the default system password. Specifying a login password adds another layer of security.
Kryptmin can manage passwords for web sites as well as for file encryption. There are two advantages to using Kryptmin as a web password manager: 1) Kryptmin can save notes along with the password. 2) Kryptmin maintains your passwords in an encrypted file on your PC. Browser based password managers are very convenient, but they maintain passwords somewhere off in the cloud. This bothers me for sensitive passwords. Accordingly I use both Kryptmin and Firefox as password managers. Firefox for sites I don't really care about and Kryptmin for sensitive passwords.
To add the Launcher Mode, click on Setup, then click [ ] Launcher Mode, then click [Exit]. Clicking [ ]Launcher Active switches Kryptmin from an encryption manager to a web Password Manager. Unclicking it, switches back.
Launcher Mode is shown in figure 2.9-10.
Notice that Password Override has changed to Go To Site: and that the button has changed from [Edit] to [Go].
The first thing to do in using the launcher is to stock it with web sites, User names, Passwords, and, optionally notes on each site. To do that, click [Clear] to clear the current site and then click [Go]. Since there is no site specified, [Go] invokes the site editor so you can define some. A typical screen looks like figure 2.9-11.
The Name and Password fields have been blanked, because the data is real. To edit a site, click the name and the data will populate the edit fields. Make changes as desired and click [Add]
Adding an entry of the same name as an existing entry replaces the entry. To rename, click on the existing entry. Then change the name. Then click [Add]. Then delete the original entry.
Clicking on [Extended Edit] invokes the detail editor. Setting a value for "Tag" makes the site part of a group. Selecting that tag causes only sites with that tag to display. This makes it easier to select common sites, such as Stores, Banks, or health, etc. At present tags are case sensitive, i.e. "Store" and "store" are two different tags.
See figure 2.9-12.
Many web sites inhibit the pasting of passwords, which makes Kyrptmin's support of copying (and then pasting) user names and passwords less useful. For Firefox, a method to enable copy/paste for websites is to modify Firefox's configuration to enable pasting. This is described at https://www.cpureport.com/enable-copypaste-option-firefox/ and summarized below:
Open Firefox and enter "about:config" into the address bar.
Click I Accept the Risk (If it displays).
In the Firefox preferences search bar, enter the following: dom.event.clipboardevents.enabled and double click the Value that appears. Its value should then be "False".
Paste is now enabled for user names and passwords.
Kryptmin has two configuration options. These allow the user to control the level of security provided by Kryptmin. The different security modes and their meaning are as follows:
Default -- this is the default mode. Normally the configuration file (Profile.txt) is encrypted so that unauthorized programs cannot snoop and read it. A system password is used to encrypt Profile.txt. The system password is constructed based on your PC's hardware signature and is unique for every PC. If you are using the default mode, your profile must be decrypted before you can transfer it to another PC.
Login -- This mode allows the user to specify the system password. The password is not saved, so the security level is theoretically higher than the default mode. This mode is triggered by a file (Login.txt) saved in the home directory C:\Users\'You'\.nic\Kryptmin\Login.txt. The file content is not used, it is only required that the file (Login.txt) exist. This mode requires the user to login to the program and specify the system password. See figure 3.3-14 for the sequence to establish a login password.
The Kryptmin profile is stored in C:\Users\'you'\.nic\Kryptmin\Profile.txt Since Profile.txt is usually encrypted, it usually appears as Profile.7z. The profile uses a very simple structure: The first column is a code that indicates what the rest of line means. Shown below is
a typical profile. In the following table, the tab character (x09) is replaced with a space and the line separation character in notes (x01) is represented as a circumflex (^):
Profile Entry |
---|
#Profile |
The options reflect the current screen settings. For example, the "Extensions:" tag refers to the file extensions to display. An inspection of the option reveals that it is set to display document (.doc*) and RTF files (.rtf).
The easy way to edit the profile is to use the [Setup] button. This invokes screen shown in figure 3.2-13.
Profile.txt -- the unencrypted version of the profile.
Profile.7z -- the encrypted version of the profile.
Errors.7z -- Last session's error file.
Errors.txt -- Current session's error file.
KryptminInterlock.txt -- Temporary file that indicates a Kryptmin session is running.
Login.txt -- The file that specifies to require the user to login.
Trace.7z -- Last session's trace file.
Trace.txt -- Current session's trace file.
MyPW.bat -- User specified password algorithm command
MyPW.7z -- Encrypted user specified password algorithm command
Double clicking on Profile.txt or Profile.7z will open the profile in a text editor. However changes are not incorporated. Use this to view, not change the profile. Double clicking the other files opens them in a text editor for viewing. These files are for viewing only so changes do not affect Kryptmin operation.
To edit the profile, click Save. This copies Profile.7z to the encrypted folder(5) The profile may then be edited by decrypting it and then double clicking on it. To install a profile, click Install. This will install the Profile and exit Kryptmin. First Profile.7z is searched for in the Encrypted folder, then Profile.txt is searched for in the unencrypted folder. When Kryptmin is restarted, the new profile will be in effect.
There are no seat belts in editing the profile, so be careful when making changes.
The following options cannot be set via the program itself and must be controlled by hand using Regedit or a text editor: HelpPath (Path to help file), and EncryptedExtension (Default encrypted extension). Their use is as follows:
HelpPath identifies the location of the help file.
EncryptedExtension specifies the file extension used to identify encrypted files. It's use is to identify encrypted files. Kryptmin uses an extension of .7z to identify encrypted files.
See 5.8 for information on how to use Regedit.
Any file may be deleted. However to refresh the profile, use the Reset button.
Prior to making configuration changes, save the profile by using the [Save] button (under Setup]).
The Profile may be modified using the button commands or via the Manage Profile drop-down menu, or by using the right-click menu, i.e. right-click inside of the profile and a menu appears. (The right-click menu and the drop-down menu are equivalent.) The drop-down menu is shown in figure 3.6-17. The controls are as follows:
Menu Item: Format Profile -- This button creates a formatted version of the profile in the default Protected folder. This copy may be printed or processed with a word processor. If it is desired to save the copy, it should be encrypted to preserve system integrity.
Menu Item: Manage Passwords -- The password manager lets you choose which password algorithm to use and also lets you start over from scratch.
Menu Item: Remote Save -- This option shares site definitions and passwords across multiple PC's. To use it you need a network drive. A network drive may be a standalone Network Storage Device (NAS) or a USB drive plugged into theshare port of your router.
Menu-Item and button: [Create Encrypted Channel] -- This is used when sharing encrypted e-mail.
Button: [Delete] -- This button deletes the selected file. Do not delete your profile, use the password manager to command a reset.
Button: [Save] -- This button saves the full profile in the encrypted folder. Normally part of the profile is defined in the registry and part in Profile.txt. Pressing [Save] saves the entire profile in editable format. It is a good idea to save the profile after changing it.
Button: [Install] -- This button installs the profile from the encrypted or unencrypted folders. It is used to restore the profile if it gets damaged, or to install a new profile after it is edited. The Profile is searched for first in the encrypted folder, then in the unencrypted folder. If one is found, it is installed and Kryptmin exits. The new peofile will be in effect on the next start up.
Menu-Item and button: [Copy] -- This saves the highlighted file to the Protected folder. It is a good idea to then encrypt or delete the copy when not in use.
Check Box: Launcher Mode -- enables or disables the web site launcher.
Check Box: Multiple Folder Mode -- enables or disables the site editor. The site editor is used to define additional encryption/decryption folders.
Check Box: Check for Updates -- enables or disables checking the cloud for updates on startup.
Button: [Trace] -- Trace causes Kryptmin to record its operations to Trace.txt. This is useful in debugging. Because passwords may be exposed, Trace is automatically turned off on exit. To see the trace results, double click on Trace.txt under setup. You may also view any detected errors by double clicking Errors.txt under setup.
If MyPW.bat exists in the profile folder, it is used to specify an arbitrary password based on whatever algorithm the user desires. The password specified by MyPW is retrieved by searching the output from MyPW for PW:"password", where 'password' is the specified
password(6). Because MyPW is a windows bat-command file, any program desired may be invoked to create the password. This gives the user complete flexibility in specifying passwords. Use the password manager to edit/create/delete MyPW.bat.
During Login, all files in the profile folder that begin with "MyPW" are automatically decrypted using the system password; similarly all files are encrypted during shutdown.
KScript is a scripting processor internal to Kryptmin. Its purpose is to provide some variability to passwords in such a way that only the owner is aware of how it works. The advantage of KScript over MYPW is, it is very difficult for Malware to snoop on KScript and determine your password algorithms.
KScript creates a symbol table and manipulates the symbols according to the script. On start up, KScript adds the following symbols to the symbol table:
Symbol |
Operand |
Description |
---|---|---|
Curent file name |
Name of active file |
The only required command is "Return". This specifies the password. Example:
Return 'String-expression', as in
Return constant-password
This specifies a constant password, the default. Another example is:
Return root:^FN^
This specifies a variable password consisting of a constant part ('root') and the file name. Notice that to reference a symbol, the name is preceeded by a caret('^') and terminated by a caret or space.
Another example is, say a policy change. You wish to change passwords across a set of files. You can manually write a script to decrypt using the old password and then re-encrypt using the new one, or you may opt to change passwords based on the file creation date (or both.) The way to change passwords based on a date, say May 5, 2020 in KScript is as follows:
If If1 CDate > "20200505" |
The properties of KScript are discussed in the following paragraphs.
Symbols are represented by alpha-numeric names. The first character must be alphabetic. ('$', and '_' count as alphabetic.) KScript commands and symbol names are case insensitive. Lines that are less than 3 characters long or that begin with a pound sign ('#') are comments. Before each line is interpreted, symbols that are preceeded with a caret ('^') are dereferenced, i.e. replaced with their value. Tokens are strings of one or more characters separated by spaces. A token may be a symbol name, a character string, or an integer number.
Symbols are assigned values via commands. The basic assignment commands are the Set and Setm commands. These have the following format:
Set Symbol-name String expression
Setm Symbol-name Numeric expression ("m" stands for math mode.)
Where a string expression consists of character strings, optionally enclosed in quotation marks, and dereferenced symbols. To include a quotation mark in a string, precede it with a backslash ('\'). To include a backslash, use two backslashes ('\\'). To dereference a symbol, Start the symbol name with a caret ('^') and end the name with another caret or a space. The name will be replaced by its value.
Example:
set ABC Now is the time
Symbol ABC will have the value of "Now is the time".
Reusing ABC,
set ABC ^ABC for all good men
And symbol ABC now has the value of: "Now is the time for all good men".
A numeric expression uses a simple format or an extended format. The simple format looks like:
operand operator operand
Example:
Setm ABC 5 + 3
Symbol ABC will be set to 8. Suppose symbol ABC is 8 and DEF is 4, then
setm abc ^ABC * ^DEF
Symbol ABC will be set to 32. Actually the Setm commnd knows that the operands must reduce to integer numbers, so it is not necessry to dereference the symbols, the symbol table will automatically be checked anyway.
The numeric operators are '+', '-', '*', '/', and '%' for addition, subtraction, multiplication, division, and remainder.
The extended format looks like:
setm symbol-name (expression) operator (epression) ...
The expression consists of operands separated by operators. Example:
setm N (3 + 5) * (2)
Symbol N will be set to 16, as opposed to writing it as:
setm N (3 + 5 * 2)
in this case N will also be set to 16, which illustrates that expressions are evaluated left to right without regards to operator precedence.. Another example is:
setm N (2 * 3 + 5) + (10)
This evaluates to: (11) + (10) = 21.
The following table lists the KScript control structures. Brackets ('[]') indicate optional characters. An 'm' as the last letter indicates math mode, i.e. the operands are numbers rather than character strings.
Decision making expressions consist of operands (Symbol names, Character strings, or integers), separated by comparison operators. There is a short form and an extended form. The short form format is as follows:
Operand1 op Operand2
The extended form format is
(Oper11 op1 Oper12) rop1 (Oper21 op2 Oper22) ... ropn (Oper1n opn Oper2n)
Examples:
If Mif sym1 GT sym2
...
ELif Mif sym3 > sym4
...
Else Mif
...
Endif Mif
Or the same example in math mode:
IFm Mif sym1 GT sym2
...
ElIFm Mif sym3 > sym4
...
Else Mif
...
Endif Mif
Silmilarly here is an example in the extended format:
While MyLoop (A > B) || (C <= D)
...
Wend
Or in math mode:
Whilem MyLoop (A GT B) OR (C LT D)
...
Wend
Comparisons are case insensitive, unless the operator has an ending "s", in which case the comparisons are case sensitive.
The operators are as follows:
Operator |
Description |
Alias |
---|---|---|
Greater Than |
>[s] |
Either the operator or its alias may be used. Expressions are evaluated from left to right without regard to operator precedence.
KScript also supports parsing commands. These are discussed in the following paragraphs.
The parse command parses a path and sets symbols identifying its parts.
Syntax Parse Root Path
Inputs:
Root -- Label used to group the symbols
Path -- File path to be parsed
Outputs:
FN -- File name
Ext -- File extension
Parent -- Folder holding the file name
Path -- Full path
Drive -- Drive letter
CDate -- Date file was last modified (usually the creation date.)
NumSub -- Number of sub directories in the path
Example:
Parse Root C:\Users\Me\U\TestIt.txt
Results:
Root.FN = TestIt
Root.Ext = .txt
Root.Path = C:\Users\Me\U\TestIt.txt
Root.Parent = C:\Users\Me\U
Root.CDate = 20200522
Root.NumSub = 4
The pop command parses a path and sets symbols to a specified sub directory
Syntax Pop Root Path
Inputs:
Root -- Label used to group the symbols
Path -- File path to be parsed
Outputs:
Drive -- Drive letter
First -- First folder in path
Last -- Last folder in path
Parent -- Folder containing file name
NumSD -- Number of subdirectories in path
Example:
Pop Root C:\Users\Me\U\TestIt.txt
Results:
Root.Drive = C
Root.First = Users
Root.Last = TestIt.txt
Root.Parent = C:\Users\Me\U
Root.NumSD = 5
The getsubdir command parses a path and returns the nth sub directory of the path.
Syntax: getsubdir Root n Path
Inputs:
Root -- Label used to group the symbols
N -- Number of sub directory to be extracted. (Counting from zero.)
Path -- File path to be parsed
Outputs:
SubDir -- The requested sub directory
Length -- number of characters in SubDir
Example:
GetSubDir SD 3 C:\Users\Me\Trial\Test\TestIt.txt
Results:
The index command returns the location of a sub-string inside a larger string. The first position is zero. If the string is not found it returns -1.
Syntax: Index Root BigString SmallString
Inputs:
Root -- Label used to group the symbols
BigString -- The string to be searched
SmallString -- The string to located inside of BigString
Outputs:
Position -- The position of the smaller string in BigString
Length -- number of characters in Position
Examples:
set TF Now is the time
Index SRCH TF "the"
Results:
SRCH = 7
SRCH.Length = 1---
Index SRCH TF "duh"
Results:
SRCH = -1
SRCH.Length = 2---
Index SRCH TF "the time"
Results:
SRCH = 7
SRCH.Length = 1---
Index SRCH TF "THE TIME"
Results:
SRCH = -1
SRCH.Length = 2
Syntax: Substr Root String Start [Length], where string is a symbol name or string
Inputs:
Root -- Label used to group the symbols
Start -- The starting position in the string
Length -- Optional number of characters to return. If omitted the substring from the starting position is returned.
String -- The string to be parsed
Outputs:
Root -- The desired substring
Length -- Number of characters in Root
Examples:
set Level 4
set TF Now is the time for all
substr Part tf 4 10
Part set to 'is the tim'
Part.Length set to '10'
substr Part tf 4
Part set to 'is the time for all'
Part.Length set to '19'
KScript maintains a diagnostic log that can be viewed in test mode or in the trace log if trace is activated(7). Each line in the log is labeled according to the input line that generated the log line(s). Thus a "View" statement on input line 023 would result in multiple output lines, each labeled 023.
The following commands write to the log:
Log String -- writes string to the log
View -- writes the current symbol table to the log
View SYMBOL1 SYMBOL2 ... SYMBOLn -- writes indicated symbols to the log.
Symbols Level and ProcLevel control the amount of output each command generates to the log. Level controls the output level outside of procs, ProcLevel controls the output level inside of procs. The values are as follows:
Level |
Meaning |
---|---|
Only write the generated password (default) |
KScript supports three types of program blocks: If, While, and Proc. Each block type is identified by a label. Thus Wexit (while exit) refers to the Wend (While end) that has the same label. That way While blocks can be nested. The same logic applies to If statements. The third type of program block is the Proc. Procs act like subroutines and support parameter passing. Procs are located at the end of the script and are preceded by a Procs statement.
The Procs statement divides the script into procs and non-procs. All While and If blocks must be closed before the Procs statement is encountered. Statements outside of a proc after the procs satement is encountered are mostly ignored(8)
The proc definition is a proc statement:
Proc name [parameters] -- defines a proc
Pexit name -- optionally exits a proc ahead of the Pend statement
Pend [name] -- ends the proc. Procs cannot be nested, however a proc may call another proc. Proc parameters are positional and are separated by spaces.
Currently there are no defaults. If a Proc statement defines 3 parameters, then exactly 3 parameters must be passed to the proc when it is invoked. Procs are invoked by a Call statement. The format is:
Call Proc-name P1 P2 P3
The Proc-name is the same name as is on the Proc statement. The parameters have the proc name prepended. Example:
Call MyProc A B C |
The results were:
MyProc: One = A, Two = B, Three = C
SecondProc: One = OnlyOne
KScript is accessed via the Manage Passwords option of the Setup Menu as shown in figure 3.5.11-15 invokes the KScript editor shown in figure 3.5.11-16
The Editor supports the following buttons:
Syntax -- Display a KScript syntax summary.
Load Test Script -- Load the current test script.
Save Test Script -- Save the current script as the test script.
List -- Display a listing of the current script.
Test -- Execute the current script and display the results.
'Print-Level-control' -- set the print level for test purposes.
Save Kryptmin Script -- Save the current script as the live Kryptmin script.
Load Kryptmin Script -- Load the live kryptmin script for testing or viewing.
Exit -- Exit the editor.
As an example consider the case where you are working on several projects, each one with its own associated password. A KScript script to implement this is as follows:
Assume a directory structure of
C:\Users\Me\Projects\Project1
...
C:\Users\Me\Projects\ProjectN
Then we want to identify when the current directory is part of the Projects branch and then choose a password based on the project name. This password should apply to all files and subdirectories in the project.
The starting logic determines the branch and if the branch is "Projects", then a proc is called to isolate the logic of returning the desired password.
# Get the branch name |
It is strongly suggested that you save the profile (by using the [Save] button in the setup window) after making changes that you want preserved. Then if your profile gets corrupted, you can restore it.
It is also suggested that you use an off-site backup program that backs up your Documents folder, this also backs up Kryptmin, since the Protected and Kryptmin folders are located in Documents.
Normal files and folders go in the Protected folder (see figure 4.1-18. Notice that files and folders may be encrypted.
An encrypted folder is stored as a single file no matter how many files and subfolders it contains. This can be useful in managing collections of files.
For example you could store and encrypt a folder, say, Tax2017. Which holds all your 2017 tax information. This would encrypt to a single file: Tax2017.7z. When you unencrypt it, the full folder structure is restored. Set the View to display Folders. Click on the folder names that you want to encrypt and click button [Encrypt].
Set the View to display Files. Then select the files you want to encrypt and click button [Encrypt]. See figure 2-4
figure 2-4 also shows the Encrypted files. Notice that both files and folders have the same format. To decrypt a file or folder, select it from the encrypted window and click button [Decrypt]. If the encrypted file was for a folder, make sure the View is set to show folders.
Kryptmin has a view feature. Double clicking on a file or folder will view it (See figure 2-4). This applies to both unencrypted and encrypted files and folders. To view an unencrypted file or folder, double click on it. To view an encrypted file or folder, click the Allow Encrypted View check box and double click on the file name. Files are decrypted to the view folder shown in figure 4.1-20). View files and folders are deleted when Kryptmin exits. However there is always a possibility that a file is locked in an editor or otherwise locked, so it is a good idea to check the view folder to make sure all files were deleted.
Kryptmin may be used to delete files and folders in the encrypted and unencrypted folders. Just select files or folders to be deleted and click the [Del] button (or right-click and select Delete.)
If check box Move Files is checked, then encrypting and decrypting move their corresponding files rather than copying them. See figure 2-4.
If checkbox Overwrite Files is not checked, then a message will be displayed asking for permission before overwriting an existing file. See figure 2-4.
Selected topics of interest.
Whenever you make important changes to your profile, it is a good idea to back it up. You can do this by clicking [Setup] and then clicking [Save]. This creates a backup copy of your profile in the Encrypted folder. You cannot just copy Profile.7z as stored in the Profile folder because it is encrypted using the system password and is deliberately not portable -- use [Save] to copy it to the Encrypted folder. (Use the [Install] button under Setup to install an archived or modified Profile from either the decrypted or encrypted folders.)
You should have a backup system that automatically backs up your Documents folder (which includes your Protected and Encrypted folders.) If you don't have an online backup system in place, here is a survey of good backup systems(9): https://www.pcmag.com/article2/0,2817,2288745,00.asp.
MS Windows defaults to not displaying common file extensions. It is easy to get confused when doing encryption if the file extension is not displayed. So I recommend doing the following windows customization to display file extensions:
Open the file manager (Click the folder icon at the bottom of the screen.)
Click View at the top of the window. See 5.2-22.
Click options, then click View (again, different 'View'). See 5.2-23.
Unclick Hide extensions for known file types.
Here are a few tricks:
Defining an override password with a name of "Default", causes that password to be used whenever a password is not explicitly stated, i.e. it becomes the default and overrides the "Root:Filename" method of specifying passwords.
Choosing an override password name that is the same as an alternate path (folders in the drop down list under UnEncrypted) causes that password to be used whenever the corresponding folder is selected.
Power users can specify any password algorithm by using the "MyPW" mechanism under [Setup]. Click Setup], then select Create My PW from the Manage-Profile menu. This creates MyPW.bat in your profile folder. MyPW.bat is a windows command file that is given three parameters:
a. The Root password
b. The file name
c. The file path
MyPW is invoked whenever normal passwords are required (i.e. password override and temp password are not specified.) MyPW then has the responsibility of displaying the desired password as PW:"password"(10). Because MyPW.bat is a command file, it can launch any program or other command file, which gives it total flexibility. As an example of use, suppose you are changing passwords. And files older than a certain date should be Decrypted using password 1 and everything else should use password 2. MyPW.bat allows you to implement the password change seamlessly.
Portable devices use full disk encryption. That way if you lose your laptop or smart phone, no one can read anything without your system password. The reason for encrypting sensitive files, even when the disk is encrypted is to prevent malware (or a casual observer) from reading your data after you have unlocked your disk. For that reason, you still want to encrypt sensitive files (IMHO.)
Kryptmin, by default constructs a system password based on your PC's hardware signature. (You can see it by selecting Format Profile in [Setup].) This can be overridden by specifying your own login password. The system password is used to encrypt all files in the the Profile folder. This means that if you take the defaults, you have to use the [Save] button to copy files to your Encrypted folder to back it up.
If the hardware configuration changes, the the default system password may also change. This is another reason to back up your profile.
Relying on the default system password implies that your system is physically secure, i.e. your PC login password is deemed good enough security. If it is not, then use your own Kryptmin login password.
Program 7-Zip is used to encrypt and decrypt files. 7-Zip is invoked dynamically using its built-in command line interface (CLI). The CLI is unlikely to change in that changing it would break lots of software in cyber space. So this is a relatively safe procedure. The return code returned by 7-Zip is examined to see if the operation was successful. In the event the return code indicates failure, a dialog is displayed warning the user that the operation (encrypt/decrypt) was not successful. (This usually means that the password was incorrect.)
There is a second form of communication used to talk to 7-Zip. This is sometimes referred to as screen scraping. Kryptmin commands 7-Zip to display information about a file to be decrypted to see if the file is a directory or an ordinary file. The screen image is captured (and not displayed) and Kryptmin parses the image to see if the file is a directory or not. 7-Zip has been stable for several years now, but if changes are made to 7-Zip, this process could fail requiring a corresponding update to Kryptmin. If the 7-Zip display does change and Kryptmin fails to parse the new screen image correctly, then the Move function for folders (directories) would fail and the user will have to manually delete the original file when folders are decrypted.
The following will manually decrypt a file encrypted using Kryptmin:
Using Explorer, the Windows' file manager, right-click on the file name.
Select 7-zip
Select Extract Here
Enter the password at the promptThe file (or folder) will be decrypted to a file/folder of the same name as the encrypted file.
Kryptmin reads the version file directly from the Wiki site (https://sourceforge.net/p/kryptmin/wiki/Version/). This file is checked for the following strings:
(Version: 1.1.1.1) -- Version number of the current version of Kryptmin.
(Pending:1.1.1.1~1.2.2.2~...~1.n.1.1) -- List of active versions.
(News: 1) -- number of current news blurb.If the Kryptmin version number is contained in Version or Pending then no message is displayed; otherwise the new version dialog is displayed warning the user that a new version is available.
If the current news number is less than the news blurb number, the news is displayed.
The Profile screen may be used to disable the checking (and speed up start up slightly.)
Single value configuration items are saved in the Windows Registry using key:
Computer\HKEY_CURRENT_USER\Software\NIC\Kryptmin. These values may be edited using the Windows utility: Regedit. To see the registry values, press <Alt>R and enter regedit. Then type the above key in the Regedit address field (or copy the key from help and paste it into Regedit.)
Sometimes it is difficult to see just what is happening. The Trace option of [Setup] writes a log of the external commands used by Kryptmin to accomplish its tasks and records in detail what Kryptmin is doing.
The log is recorded in your Profile folder:
C:\Users\'you'\.nic\Kryptmin\Trace.txt. This contains a record of the external commands issued by Kryptmin over the course of a session. It's principal use is to debug the program, but it can be illuminating. A word of caution though, Trace records the commands used to encrypt and decrypt files, including the passwords used. For this reason, Trace.txt is encrypted at the end of the session. Trace is activated by clicking on [ ]Trace after clicking the [Setup] button. Trace is not remembered across sessions, see Figure 3.2-13.
A simple button based interface was decided upon to make basic use intuitive. This seems to have worked out well (IMHO). However it did cause a problem with the Profile editor. There were just too many buttons, so it got confusing. So I decided on a hybrid interface: Part button, part menu. This seems to be reasonable. Accordingly the Profile has a drop-down menu and a right-click menu. Both menus are equivalent.
As an example of exchanging files between people, suppose Fred and George want to set up an encrypted e-mail channel to exchange files. To do this they have to make several decisions. The first decision is the choice of method. Two common methods are:
PGP (Pretty Good Privacy) for UNIX/Linux, or GPG (GNU Pretty Good Privacy) for Windows. Both PGP and GPG are equivalent Public Key Encryption systems. As far as I know this is the most secure method of exchanging files. It also requires some effort to setup.
AES-256 bit encryption. Kryptmin is a management layer over program 7-Zip, which implements the AES-256 bit algorithm. There are other encryption systems. The weakness of using Kryptmin is that two people have to agree on a password in advance. The strength of PGP/GPG is that everybody publishes a public encryption key. Any data encrypted using the public key can only be decrypted using the private key. The private key is kept secret so only the recipient can read the data.
Since this help file is about using Kryptmin, the interested reader is referred to the literature for more information on PGP/GPG.
Assuming Fred and George agree to use a common password, say Snarflubber01, the following is a way to set up a usable e-mail channel between Fred and George using Kryptmin(11).
George creates a directory named C:\Users\George\Documents\Fred\ToFred to keep files sent to Fred; and a directory named C:\Users\George\Documents\Fred\FromFred to hold Fred's replies. George decided to locate the folders (Directories) inside of his Documents folder. This is because his backup system automatically backs up the Documents folder.
Then George launches Kryptmin and clicks on the Unencrypted files drop-down list and selects Edit(12).
He pastes "C:\Users\George\Documents\Fred\ToFred" in the New Protected field and also in the New Encrypted field because he is going to hold both encrypted and decrypted files in the same folder. See figure 5.11-24
He repeats the process for folder C:\Users\George\Documents\Fred\FromFred and clicks Save.
Then he defines the passwords By clicking button Edit next to password override and enters a new name of "ToFred" and the corresponding password of Snarflubber01 as shown in figure 5.11-25. He then clicks button [Add].
He repeats the process for folder ...FromFred. He now has password Snarflubber01 associated with folders ToFred and FromFred. (Remember passwords and associations are case sensitive so that TOFRED is different from ToFred.)
Then he clicks button [Update] to save his work.
He is now ready to exchange files with Fred. Fred does something similar, only he names his folders 'George' instead of 'Fred'.
When George sends a file to Fred, he:
Creates the file, say, Stuff.docx in C:\Users\George\Documents\Fred\ToFred
Then George launches Kryptmin and
a. Unclicks the Launcher Active check box if it is set.
b. Sets the unencrypted folder to C:\Users\George\Documents\Fred\ToFred by selecting it from the unencrypted folder dropdown list. This changes the active unencrypted folder to ...\ToFred and also sets the encrypted folder to the same thing, since that is what George defined it to be previously. It also sets the default password to Snarflubber01 because there is a password named ToFred with that as its value.
c. Then George clicks on Stuff.docx and clicks the [Encrypt] button.
d. Stuff.7z appears in the encrypted window.
e. George sends Stuff.7z as an attachment to Fred.
Upon receiving George's e-mail, Fred launches Kryptmin and does the following:
Unclicks the Launcher Active check box if it is set.
Saves the Stuff.7z attachment in C:\Users\Fred\Documents\George\FromGeorge
Sets the unencrypted folder to C:\Users\Fred\Documents\George\FromGeorge by selecting it from the unencrypted folder dropdown list. This changes the active encrypted folder to ...\FromGeorge and also sets the unencrypted folder to the same thing, since that is what Fred defined it to be previously. It also sets the default password to Snarflubber01 because there is a password named FromGeorge with that as its value.
Fred then clicks on Stuff.7z and clicks button [Decrypt].
Stuff.docx appears in the unencrypted window.
Fred doubleclicks Stuff.docx to read it(13).
There is a Wizard to setup encrypted e-mail channels. Click on button [Profile], then click on button [Create Encrypted Channel]. This opens the Wizard, see figure 5.11.3.
Typical channel locations are: C:\Users`you'\Documents\Channels and C:\Users\'you'\Channels. The advantage of locating e-mail channels inside of the Documents folder is that Documents are usually backed up by the backup app automatically; the advantage of locating the channels in your main directory is the resulting file names are less long. Choose the location, the channel name, and the password. Then click button [Validate]. Check the to/From folders and adjust them if you prefer, and click button [Create Channel]. Kryptmin will create the channel for you. Usage is as described previously.
What if Fred's system is Linux based? There are many ways to communicate with a Linux based system. What I would do is write two Nautilus scripts. One titled EncryptForGeorge, the other DecryptFromGeorge. The encryption script would invoke 7-Zip similarly to:
7z a $ARC -y -p"Snarflubber01" -mhe $FILE
where $ARC is the archive to contain the encripted version of the file, and $FILE is the file.
The decryption script for files would invoke 7-Zip similarly to:
7z e $ARC -y -p"Snarflubber01" -o"$OUT"
where $ARC is the archive being decrypted and $OUT is the output folder.
The decryption command for directories is similar to:
7z x $ARC -y -p"Snarflubber01" -o$OUT "$FOLDER/*"
where $ARC and $OUT are as before, and $FOLDER is the folder name.
Alternately, you can right-click on an encrypted file and choose extract to here. Then type in the password when requested to do so, etc.
Because AES-256 bit encryption is defined in a government standard (see Advanced Encryption Standard), encrypted files may be decrypted by any app that follows the standard so long as the correct password is used. For example, ZArchiver understands 7-Zip encrypted files and may be used to pass encrypted files between Kryptmin and Android phones. ZArchiver is available from the Google play store. Two good ways to exchange files with an Android phone are: via e-mail or via a shared cloud disk.
Date |
Change |
Notes |
Version |
---|---|---|---|
7/14/2018 |
Pre-release copy |
Preview released |
1.1.1.0 |
|
Fixed 'Default' for Password Override |
Avoid collisions |
1.1.2.0 |
7/20/2020 |
Final-release copy |
Program Reboot |
1.2.0.0-0.0 |
(1) There are multiple password options -- for example, see 2.8
(2) On many keyboards, you must also press [shift] to access the plus (+) key.
(3) It is not necessary to use separate folders, a single folder for both encrypted and decrypted files works fine
(4) Complicated algorithms are usually implemented by invoking Windows Power Shell from inside MyPW.bat.
(5) More specifically it first decrypts Profile.7z to Profile.txt using the system password, then it encrypts the profile to Profile.7z in the encrypted folder using the currently specified password.
(6) Quotation marks are optional and quotation marks (") are automatically deleted after detecting the password.
(7) Trace is an option under setup
(8) Block labels are recognized, everything else is ignored.
(9) I personally use I-Drive, but they are all good.
(10) The quotation marks are optional.
(11) There is a Wizard to do the setup, see 5.11.3-26
(12) you can also right-click to invoke the editor
(13) Actually Fred could just doubleclick on Stuff.7z, and Kryptmin will automatically decrypt it to the view folder.