Menu

Kryptmin

Kryptmin -- A File Encryption Manager and a Web Password Manager

Written by

Barry Stanly

Printed on November 01, 2020

Copyright 2018 by Barry Stanly

Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
any later version published by the Free Software Foundation; modifications shall not include
Front-Cover Texts, or Invariant Sections, or Back-Cover Texts.
A copy of the license is available at: https://www.gnu.org/copyleft/fdl.html.

For more information, see Nuances In Computing

Kryptmin is hosted at https://sourceforge.net/projects/kryptmin/
The documentation uses DocumationMagic, hosted at
https://sourceforge.net/p/simpletextformatter/wiki/DocumationMagic/.
The pdf version of this document may be downloaded from https://sourceforge.net/projects/kryptmin/files/Kryptmin.pdf/download

Kryptmin requires 7-Zip. 7-Zip is copyrighted by Igor Pavlov and is available from https://www.7-zip.org/. Both Kryptmin and 7-ZIP are free software and are available to anyone for use as long as they don't sell it for profit. Kryptmin is released under the GNU LGPL license. 7-Zip is mostly released under the GNU LGPL license. See the 7-Zip web site for details.

Preface

Kryptmin was written to make it easy to encrypt documents and avoid common pitfalls that can arise. For example, using most encryption managers, double clicking on a file name opens it for editing. This is very convenient, but in order to do so the manager must first decrypt the file to a temporary location. Most managers are good at deleting or updating the edited file, but sometimes a copy is left unencrypted in an undisclosed location. To me this constitutes a security flaw. Also to use an Encryption Manager it is necessary to keep track of passwords. Unless you are very diligent, sometimes things get confused and data can be lost (No password, no data.)

Kryptmin manages passwords for you and also decrypts (for viewing or editing) to a specified Folder. This way things don't get lost.

Because of the software design, it was easy to extend Kryptmin to also manage web passwords and to do a few other things. Kryptmin web password management is normally used for sensitive sites, where you want explicit control. Browser managers are very convenient, but I like to know explicitly where my passwords are stored and to be able to display them if I need to. So Kryptmin provides an alternative that stores your data in encrypted format on your PC. Kryptmin also supports keeping notes with the site-address/password/username. This can be very convenient. Browsers also store your passwords on your PC, but they do not always support viewing your passwords en masse or storing them in a separate encrypted file as a backup.

It should be noted that disk encryption programs protect your data when the physical disk is stolen, they do not protect your data against malware after you have unlocked your disk for use. For this reason, it is still a good idea to encrypt sensitive files.

Lastly Kryptmin stores all your data, passwords, notes, etc. in an encrypted file, called your profile. It is possible to exert explicit control over Kryptmin's actions, or to just take reasonable defaults. The introduction begins here with paragraph 1, basic use is described in paragraph 2. The first part of this document describes basic usage; the next part goes into more advanced use; the last part discusses the design decisions and philosophy behind Kryptmin.

Barry Stanly
Henderson NV, 2018

Kryptmin (Version: 2.0.1.1-Beta)
Kryptmin is currently undergoing Beta testing, If you notice any anomalies, please file a ticket at:
https://sourceforge.net/p/kryptmin/tickets

C O N T E N T S

Preface

1 Introduction
1.1 First Use
1.2 Installation

2 Basic Use
2.1 Usage Options
2.2 Controls
2.3 Entry Fields
2.4 Drag And Drop
2.5 Copy/Paste
2.6 Usage Examples
2.6.1 Encrypting a File
2.6.2 Encrypting a Folder
2.6.3 Decrypting Files and Folders
2.6.4 Decrypting Between Kryptmin and Windows
2.6.5 Kryptmin as an Encryption/Decryption Engine
2.7 Using Multiple Folders
2.7.1 Using the Folder Editor
2.8 Passwords Revisited
2.8.1 Override Passwords
2.8.2 Switching Password Algorithms
2.8.3 System Password
2.9 Using the Launcher Mode
2.9.1 Pasting Web Passwords

3 Security
3.1 The Kryptmin Profile
3.2 Editing the Profile
3.3 Controls
3.4 Using Your Own Password Algorithm
3.5 Using KScript to Manage Passwords
3.5.1 KScrypt Syntax
3.5.2 Parse
3.5.3 Pop
3.5.4 GetSubDir
3.5.5 Index
3.5.6 Substr
3.5.7 KScript Log
3.5.8 KScript Modularity
3.5.9 Invoking KScript
3.5.10 The KScript Editor
3.5.11 Sample Script
3.6 Backups

4 Examples
4.1 Kryptmin Directory Structure
4.2 Encrypting Folders.
4.3 Encrypting Files
4.4 Decrypting Files and Folders
4.5 Viewing Files and Folders
4.6 Deleting files and Folders
4.7 Moving Versus Copying Files and Folders
4.8 Overwriting Files

5 Notes
5.1 Backups
5.2 Customizing Windows
5.3 Managing Passwords
5.4 Note on Encryption
5.5 System Password
5.6 7-Zip Interface
5.6.1 Screen Scraping
5.6.2 Manually Decrypting Files
5.7 Checking for Updates
5.8 Registry
5.9 troubleshooting
5.10 Design Notes
5.11 Exchanging Files
5.11.1 Sending Files
5.11.2 Receiving Files
5.11.3 Using the Channel Wizard
5.11.4 Integrating with Linux
5.11.5 Integrating with Android

6 Change log

Index

T A B L E S

Table 3.1-I Profile Format
Table 3.5-II KScript Predefined Symbols Table
Table 3.5.1-III KScript Decision Making Commands
Table 3.5.1-IV KScript Operator Table
Table 3.5.7-V KScript Log Control
Table 6-I Change Log

F I G U R E S

Figure 1.2-1 Installing Kryptmin
Figure 1.2-2 Installation
Figure 2-3 First Use
Figure 2-4 Basic Use
Figure 2.2-5 Typical PDF Viewing Controls
Figure 2.7-6 Selecting Directories
Figure 2.7-7 Editing Folders
Figure 2.8.1-8 Site Editor
Figure 2.8.1-9 Creating a Default Password
Figure 2.9-10 Launcher Mode Activated
Figure 2.9-11 Defining Web Sites
Figure 2.9-12 Detail Editor
Figure 3.2-13 Controlling the Profile
Figure 3.3-14 Login Screen
Figure 3.5.11-15 Accessing the Password Manager
Figure 3.5.11-16 KScript Editor
Figure 3.6-17 Profile Drop-Down Menu
Figure 4.1-18 For files and directories
Figure 4.1-19 For encrypted files and directories
Figure 4.1-20 For viewing
Figure 4.1-21 For commands and programs
Figure 5.2-22 Clicking Windows View
Figure 5.2-23 Windows Options
Figure 5.11-24 Document Exchange -- Setting up Folders
Figure 5.11-25 Document Exchange -- Defining Passwords
Figure 5.11.3-26 E-mail Channel Wizard



1 Introduction

Kryptmin is an Encryption/Decryption manager that uses program 7-zip to encrypt and decrypt files.
So install 7-zip before first use from: https://www.7-zip.org/


1.1 First Use

The first time Kryptmin is called it will ask for a basic password(1).
The password is saved in your profile: C:\Users\'you'\.nic\Kryptmin\Profile.txt You may edit this file as desired. If your profile is deleted it will automatically be recreated. First use is shown in figure 2-3.


1.2 Installation

To install Kryptmin, Extract Kryptmin.zip to a temporary folder. This can be done by right-clicking on Kryptmin.zip, and selecting 7-Zip -> Extract Here. This will create folder Kryptmin. Double click on Folder Kryptmin to open it. It should display as shown in figure 1.2-1.


Figure 1.2-1 Installing Kryptmin


Double-click on Install.bat and it will install Kryptmin to folder:
C:\Users\Public\Cmds
Then inside of folder C:\Users\Public\Cmds, right-click on Kryptmin.exe and select Pin to Start or Pin to Taskbar (or both) as shown in figure 1.2-2.


Figure 1.2-2 Installation

This only has to be done on the first install. Updates do not require it.

After that, click on Kryptmin in the start menu or task bar to execute it. My preference is to use the task bar, located at the bottom of the screen. Just click on the Kryptmin icon, a large K, and it will launch.


2 Basic Use


Figure 2-3 First Use

Move files to be encrypted into Documents\Protected, this is the default folder to hold decrypted files. The folder is automatically created on first use. See figure 4.1-18.

Select files in the Unencrypted folder and click button [Encrypt] to encrypt them (See figure 2-4.) The files will be encrypted and stored
in the Encrypted folder. To decrypt, select the file(s) in the Encrypted folder and press button [Decrypt]. The file(s) will
be decrypted and stored back in to the Unencrypted folder.

A context menu is also available by right-clicking on a file name. This causes a pop-up menu to appear showing actions that may be performed on the selected files. Select files, then right-click on a file and choose Encrypt, to encrypt, Decrypt, to decrypt, etc. The indicated operation will be performed on the selected files.

If you change the password, all previous files will be indecipherable until it is changed back. Use the [Password Override]
text box to temporarily change the password. For example, if a friend sends you an encrypted file using a different password, use Password Override to decrypt the file. Another case is when you send a file to someone else, you might not want to use your regular password, so set Password Override to a temporary password prior to encrypting the file. Then you can send the file without compromising your system. A typical screen is shown in figure 2-4


Figure 2-4 Basic Use



2.1 Usage Options

  • [ ] Move means to delete the old file when encrypting or decrypting.

  • [ ] Overwrite means to automatically overwrite an existing file when encrypting or decrypting.

  • [ ] Allow Encrypted View means to support double clicking on an encrypted file to view it.The way encrypted view works
    is the encrypted file is decrypted to a view folder and then it is passed to the appropriate viewing program (usually a word processor or an editor.) Kryptmin deletes all the files in the view folder when it exits. However if the decrypted file is currently open in, say, a word processor, then it cannot be deleted. So checking Encrypted View means you assume the responsibility that unencrypted files may be left in the view folder.

It should be noted that all encryption managers have to create an unencrypted file for viewing or editing. The location of this temporary view is frequently difficult to find. So if unencrypted files are accidentally left in this temporary view folder it constitutes a security flaw. By specifying the view folder explicitly, Kryptmin reduces this vulnerability.

  • [ ] Show PW means to display Temp Root and Password Override passwords.

  • [ ] Multi-Select means to support Windows listbox extended select mode. This allows selecting a range of files by dragging the mouse over them. Multi-Select is normally turned off when Drag-And-Drop is used.

  • Last PW. Clicking Show PW causes this item to display the last password used. Normally it displays the kind of password that was last used, such as "System PW" (for system password), or "Default" for the default password.

  • View. The view options are All, Files, and Folders. These specify what types of items are to be displayed. Folders are preceded with [F] to distinguish them from files.


2.2 Controls

The following buttons appear on the main screen:

  • The [Encrypt] button encrypts the selected files in the unencrypted folder and stores/moves them to the encrypted folder.

  • The [Decrypt] button decrypts the selected files in the encrypted folder and stores/moves them to the unencrypted folder.

  • The [Set] button is used to specify temporary encryption and decryption folders. Pressing [Set] opens a dialog to choose(and/or create) the specified folder. The default unencrypted folder is the protected folder, located inside of your documents folder. The default encrypted
    folder is folder Kryptmin inside of the protected folder. The view folder is inside of the Temp folder:

   - Unencrypted Folder: C:\Users\'you'\Documents\Protected;

   - Encrypted Folder: C:\Users\'you'\Documents\Protected\Kryptmin;

   - View Folder: C:\Users\'you'\Temp\View.

  • The Ext(s) field (See figure 2-4.) specifies the type of files to process. The default is all files. Use a list to see patterns of files. For example .doc*,.rtf displays only documents and rtf format files.

  • The [Del] button deletes all selected files. To select a file, left click on it.

  • The [Clear] button unselects all files.

  • The [Setup] button configures Kryptmin. It can be used to define passwords and other behavior.

  • The [Exit] button exits Kryptmin. Clicking the upper right corner close button (the "X") also exits Kryptmin.

  • The [License] button displays the copyright and licensing information. This program may be given freely as long as it is not for profit. The full terms are specified in the GNU Lesser General Public License as published by the Free Software Foundation (www.fsf.org) and essentially state that if you modify the program, you must keep the copyright intact and it cannot be sold for profit.

  • double clicking with the left mouse button views the selected file.

  • The [Help] button displays this help text. Help may also be invoked by pressing function key [F1]. Hovering over a control with the mouse pointer displays a short description of the function of the control.
    The typical PDF viewer has some adjustments that make viewing easier, these are indicated in figure 2.2-5.
    If the PDF help file cannot be located, the Wiki help file (from the Kryptmin web site will be used.) The two versions are similar. The PDF version is slightly clearer (IMHO).) Pressing [Ctrl]+ makes the Wiki screen larger(2); pressing [ctrl]- makes it smaller. If an image is hard to view, increase the magnification to be able to read it clearly.

    Figure 2.2-5 Typical PDF Viewing Controls



2.3 Entry Fields

Kryptmin supports the following data entry fields:

  • [Unencrypted Files] -- this points to the unencrypted folder. It may be changed at any time.

  • [Encrypted Files] -- this points to the encrypted folder. It may be changed at any time.

  • [Ext's] -- this specifies the type(s) of files to display. The default is blank, i.e. all files will be displayed.To limit the display to multiple types of files, separate the extensions with commas. For example, specifying .Doc*,.rtf displays only documents and rtf files.

  • [Password Override] -- this specifies an arbitrary password. For example setting Password Override to, say, 'Frederick The Great', will encrypt/decrypt using that exact password.


2.4 Drag And Drop

Kryptmin supports drag and drop between the Encrypt and Decrypt windows and between the Encrypt and Decrypt windows and the Windows file manager (Windows Explorer.)
If [ ] Move Files is checked, then the default drag operation is to move the highlighted files; otherwise the default drag operation is to copy the files. Kryptmin supports the following modifiers for drag and drop. The modifier keys override the default set by Move Files:

  • <Ctrl> - if the control key is depressed prior to starting a drag and drop operation, then the files are copied irrespective of the state of Move Files.

  • <Shift> - if the shift key is depressed prior to starting a drag and drop operation, then the files are moved irrespective of the state of Move Files.
    When dragging files to the Windows File Manager, it is necessary to click on the destination window after dragging to see the results. This is because Windows displays the results after the window has focus. Clicking on the window after the operation sets the focus to the destination window and the results are displayed. This is important in doing a move operation between Kryptmin and Windows Explorer in that Kryptmin waits for notification that the move is complete. If notification is not received within 60 seconds, Kryptmin aborts the operation. So remember to click on the destination folder when doing a move operation from Kryptmin to Windows.


2.5 Copy/Paste

Kryptmin also supports Copy/Paste between the Encrypt and Decrypt windows and between the the Encrypt and Decrypt windows and the Windows file manager (Windows Explorer.)

Copy, Cut, and Paste operate as per Windows standard:

  1. First select the files to act upon.

  2. Choose the action. This may be done by right-clicking and selecting Copy (Or Cut).

  3. Click on the window to receive the files. This selects the window.

  4. Right-click and Select Paste. This copies the selected files if copy was chosen, or moves them if paste was selected.
    An alternate method is to use the keyboard. Press <Ctrl>C, for copy, <Ctrl>X for cut, and <Ctrl>V for paste.

Kryptmin encrypts unencrypted files that are pasted into the Encryption window and decrypts encrypted files that are pasted into the Decryption window. Files that already are encrypted are left unchanged when pasting into the Encryption window. Similarly files that already are decrypted are left unchanged when pasting into the Decryption window.


2.6 Usage Examples


2.6.1 Encrypting a File

  1. Copy (or move) a file into the Protected folder (in your documents folder.)

  2. Launch Kryptmin (click on the Kryptmin icon in the task bar at the bottom of the screen, or press the Window key and click Kryptmin in the Start Menu. This was set up as part of Kryptmin installation.) The main screen should appear with your file in the unencrypted window.

  3. To encrypt your file, first make sure Move is set, then highlight it (i.e. left click on it.), and then click the [Encrypt] button. The file will appear in the encrypted window with an extension of .7z. The .7z extension indicates that the file is encrypted.

  4. Alternately you may drag directly from a Windows File Manager window directly into the Encrypted window. The file will be encrypted. When using drag and drop, it is a good idea to hold down the control key to force a copy or hold down the shift key to force a move when copy or move is desired.
    Not setting Move first means that there will be two copies of the file, one encrypted, one unencrypted.


2.6.2 Encrypting a Folder

  1. Copy/Move a folder into the Protected folder (in your documents folder.)

  2. Choose View option All or Folders to ensure folders are displayed.

  3. Normally select Move Files.

  4. Highlight the folder (i.e. left click on it.), and then click the [Encrypt] button. The folder will appear in the encrypted window with an extension of .7z.

  5. Alternately as before, you may directly drag a folder to the encrypted window and it will be encrypted.Not clicking Move first means that there will be two copies of the folder, one encrypted, one unencrypted. The encrypted folder may be moved around, e-mailed, etc. When it is decrypted, it will appear back in the unencrypted window. Select All or Folders View option to display the result. Once it is decrypted, you can drag the now decrypted folder where you want it.


2.6.3 Decrypting Files and Folders

Highlight the files to be decrypted in the encrypted window; then click [Decrypt]. The file(s)/folder(s) will appear in the unencrypted window. Remember to select the correct View option to display the results.


2.6.4 Decrypting Between Kryptmin and Windows

To encrypt a Windows' file or folder, drag it to the encrypted window and the file or folder will be encrypted. To decrypt the file or folder, select it and drag it to the decrypted window (or click [Decrypt].) Then drag the now decrypted file or folder back to Windows. Don't forget to click the destination window to register the move.


2.6.5 Kryptmin as an Encryption/Decryption Engine

You can use Kryptmin as an Encryption/Decryption engine. The way this works is you use Explorer to highlight the files (and/or folders) you wish to encrypt and the drag them to the Encrypted window. This encrypts the files. Similarly if you drag the now encrypted files from Kryptmin to a Windows folder, the encrypted file is copied/moved (and remains encrypted.)

To Decrypt a file, drag the encrypted files from the windows folder to the unencrypted window. This decrypts them. Then drag them back and you have the unencrypted version back in your folder.


2.7 Using Multiple Folders

Kryptmin is not restricted to encrypting/decrypting files/folders between the default folders (Protected and Kryptmin). However it is necessary to tell Kryptmin that multiple folders are in use. To do that, click [Setup]. This opens opens the Setup screen (see figure 3.2-13). There are many options that can be specified in the Setup screen. Right now we are only interested in one, namely, multiple folder mode. To set this mode, click [ ]Multiple Folder Mode in the Setup screen and then click [Exit].

As before, the [Set] button specifies a temporary pair of folders to use. However, if the entry field Unencrypted files is clicked, a drop down list will display. At the bottom of this list is an Edit entry. Selecting Edit invokes the folder editor that saves the choice so that it can be selected for next time. You can also right-click on the Unencrypted files and a context menu will appear. Select Edit Folder Paths and the editor will be invoked. See figure 2.7-6.


Figure 2.7-6 Selecting Directories


The editor is shown in figure 2.7-7.


Figure 2.7-7 Editing Folders



2.7.1 Using the Folder Editor

Inside the editor, click on the folder that is closest to the folder that you want to select and then click on [New Protected]. This opens a search dialog to locate the specified folder. You can also create new folders using this process. Both the protected and encrypted folders are set to the selected folder by default. If you prefer a separate encryption folder, click [New Encrypted] and choose the correct folder to hold the encrypted
files(3).
Use Add to add the selected folders; then exit with Save. Exiting using Cancel discards all changes made with the Folder editor.

Once Encryption/Decryption pairs have been specified in the Folder editor, they may be selected as shown in figure 2.7-6.


2.8 Passwords Revisited

Kryptmin supports several ways of specifying passwords. These are named:

  1. Constant Password. This is the default method.

  2. Root:FN -- for the Root password concatenated to the file name to form the final password. This causes passwords to vary within the file structure. But it has the side effect that you cannot rename an encrypted file because the the file name is part of the password.

  3. Override Passwords -- This specifies a constant password that stays in effect until changed.

  4. MyPW -- This specifies a Windows command file, MyPW.bat, that can be used to implement arbitrary password algorithms. See 3.4 for details.

  5. KScript -- This specifies KScript, a scripting engine internal to Kryptmin. The advantage of KScript over MyPW is that MYPW has to be decripted in order for it to be used, where as KScript, being internal, is very difficult for Malware to snoop. See 3.5 for details.


2.8.1 Override Passwords

If an override password is specified, it is used to Decrypt/Encrypt files instead of the default password. A temporary override password may be specified by just typing in the password in the Password Override field. Named override passwords are specified using the Site Editor. The Site Editor is shown in figure 2.8.1-8.
The Site Editor is invoked by clicking the [Edit] button next the Password Override field. Type in the Password name, a mnemonic used to refer to the password; and then type in the password. Click [Add] to add the password to the editor list. Click [Update] to save your changes; click [Cancel] to discard your changes. [ ]Extended Edit is used to add information to the password. For example, you can add notes. To remove a password, select the name in the Site Editor and click [Delete].

Figure 2.8.1-8 Site Editor


If an override password name is the same as a decrypted folder name, the password will be automatically applied to that folder. Choosing a password name of "Default" causes that password to be used unless it is overridden by:

  1. Choosing another override password,

  2. Selecting a folder that has the same name as an override password, this causes the associated password to used, or

  3. Typing in an override password.For example, Specifying a Default password of, say, MmYyPpAaSsSsOoRrDd will cause that password to be used to encrypt files unless another password is explicitly chosen. See figure 2.8.1-9.


Figure 2.8.1-9 Creating a Default Password



Once an override password is defined, you can select it using the Password Override drop down list. When using the Site Editor, leave the URL field blank, or you will be associating the password with a web site rather than with file encryption.


2.8.2 Switching Password Algorithms

Setup may be used to switch between password algorithms. Click button [Setup]. Then click [Manage Passwords] this This brings up the password manager. Be sure and decrypt your files before changing algorithms or you will have to enter the correct password manually to access them.

The third method of specifying passwords, MyPW, is invoked Creating MyPW.bat in the password manager. This creates MyPW.bat in your profile directory. It is set initially to duplicate the Root:FN password algorithm. You may edit this file as desired to implement any desired password algorithm(4).

A forth method of specifying passwords, KScript, is invoked Choosing to edit KScript in the password manager. This creates a Kryptmin script that specifies the password based on user whim, the file name and the file system. See 3.5 for details.


2.8.3 System Password

The system password is used to encrypt all files inside of the Profile directory. The default system password is constructed from the PC hardware signature and is unique to the PC. Choosing to specify the system password in the password manager, creates a login password that becomes the system password. (Either right-click or use the Manage Passwords drop-down menu.) The Login password is not saved and must be entered each time Kryptmin is invoked. If your PC is physically secure, then logging in to your PC unlocks the profile by using the default system password. Specifying a login password adds another layer of security.


2.9 Using the Launcher Mode

Kryptmin can manage passwords for web sites as well as for file encryption. There are two advantages to using Kryptmin as a web password manager: 1) Kryptmin can save notes along with the password. 2) Kryptmin maintains your passwords in an encrypted file on your PC. Browser based password managers are very convenient, but they maintain passwords somewhere off in the cloud. This bothers me for sensitive passwords. Accordingly I use both Kryptmin and Firefox as password managers. Firefox for sites I don't really care about and Kryptmin for sensitive passwords.

To add the Launcher Mode, click on Setup, then click [ ] Launcher Mode, then click [Exit]. Clicking [ ]Launcher Active switches Kryptmin from an encryption manager to a web Password Manager. Unclicking it, switches back.
Launcher Mode is shown in figure 2.9-10.
Notice that Password Override has changed to Go To Site: and that the button has changed from [Edit] to [Go].

Figure 2.9-10 Launcher Mode Activated

The first thing to do in using the launcher is to stock it with web sites, User names, Passwords, and, optionally notes on each site. To do that, click [Clear] to clear the current site and then click [Go]. Since there is no site specified, [Go] invokes the site editor so you can define some. A typical screen looks like figure 2.9-11.
The Name and Password fields have been blanked, because the data is real. To edit a site, click the name and the data will populate the edit fields. Make changes as desired and click [Add]

Figure 2.9-11 Defining Web Sites


and [Update].

Adding an entry of the same name as an existing entry replaces the entry. To rename, click on the existing entry. Then change the name. Then click [Add]. Then delete the original entry.

Clicking on [Extended Edit] invokes the detail editor. Setting a value for "Tag" makes the site part of a group. Selecting that tag causes only sites with that tag to display. This makes it easier to select common sites, such as Stores, Banks, or health, etc. At present tags are case sensitive, i.e. "Store" and "store" are two different tags.
See figure 2.9-12.


Figure 2.9-12 Detail Editor



Make any changes and click save. You can also copy the username or password and click Launch. Launch opens the default web browser at the specified site (e.g. URL). Copy the user name first, and paste it in to the site login screen. Then click on the Kryptmin screen and click on Copy PW to copy the password. Click back on the browser and paste in the password (usually right-click and select paste) and hit Enter or click Login on the site screen. Make any desired notes in the notes section of Kryptmin. Save any changes prior to exiting the Detail Editor. The detail Editor may also be invoked from the Main Screen when in launch mode - see figure 2.9-10. Select the desired site and click Edit, or select a site and right-click on the site name and choose Launch With Edit. The detail Editor will be invoked.


2.9.1 Pasting Web Passwords

Many web sites inhibit the pasting of passwords, which makes Kyrptmin's support of copying (and then pasting) user names and passwords less useful. For Firefox, a method to enable copy/paste for websites is to modify Firefox's configuration to enable pasting. This is described at https://www.cpureport.com/enable-copypaste-option-firefox/ and summarized below:

  1. Open Firefox and enter "about:config" into the address bar.

  2. Click I Accept the Risk (If it displays).

  3. In the Firefox preferences search bar, enter the following: dom.event.clipboardevents.enabled and double click the Value that appears. Its value should then be "False".
    Paste is now enabled for user names and passwords.


3 Security

Kryptmin has two configuration options. These allow the user to control the level of security provided by Kryptmin. The different security modes and their meaning are as follows:

  • Default -- this is the default mode. Normally the configuration file (Profile.txt) is encrypted so that unauthorized programs cannot snoop and read it. A system password is used to encrypt Profile.txt. The system password is constructed based on your PC's hardware signature and is unique for every PC. If you are using the default mode, your profile must be decrypted before you can transfer it to another PC.

  • Login -- This mode allows the user to specify the system password. The password is not saved, so the security level is theoretically higher than the default mode. This mode is triggered by a file (Login.txt) saved in the home directory C:\Users\'You'\.nic\Kryptmin\Login.txt. The file content is not used, it is only required that the file (Login.txt) exist. This mode requires the user to login to the program and specify the system password. See figure 3.3-14 for the sequence to establish a login password.


3.1 The Kryptmin Profile

The Kryptmin profile is stored in C:\Users\'you'\.nic\Kryptmin\Profile.txt Since Profile.txt is usually encrypted, it usually appears as Profile.7z. The profile uses a very simple structure: The first column is a code that indicates what the rest of line means. Shown below is
a typical profile. In the following table, the tab character (x09) is replaced with a space and the line separation character in notes (x01) is represented as a circumflex (^):

Table 3.1-I Profile Format

                                             Profile Entry

#Profile
# - Comment
#Format = 'Cmd':'Value'
#Commands are case insensitive
#A or AllowEncryptedView - Allow Encrypted View (T/F)
#C or CheckForUpdate - Check to see if later version has been released (T/F)
#D or DecryptionPath - Default decryption path
#E or EncryptionPath - Default encryption path
#F or AdditionalPaths -Alternate Encryption/Decryption path pairs
#G or DefaultViewPath - Where to View Files
#H or HelpPath- Path to help file
#L or Launch - Come up in launch mode (T/F)
#M or Move - Move files (Vs copy) (T/F)
#O or Overwrite - Overwrite existing (T/F)
#R or DefaultRoot - Root PW
#S or Site - Define Site - format=Site:Name,Username,Password,URL,Profile,Tag,Notes
# Notes - lines separated by <x01> instead of <NL>
#U or ManagedMode - Managed Mode (T/F)
#V or LauncherMode - Launcher Mode (T/F)
##W-MultiSelect - Usually off for Drag And Drop (T/F)
##W-EncryptedChannelLocation - default folder
#X or Extensions - Default document extension
#Z or EncryptedExtension - Default encrypted extension
AllowEncryptedView:T
DecryptionPath:C:\Users\moi\Documents\Protected
EncryptionPath:C:\Users\moi\Documents\Protected\Kryptmin
DefaultViewPath:C:\Users\moi\Documents\Protected\Kryptmin\View
HelpPath:C:\Users\Public\Cmds\Kryptmin.pdf
CheckForUpdate:T
Launch:F
Move:F
Overwrite:T
DefaultRoot:rrrrrrrrrr
ManagedMode:T
LauncherMode:T
Extensions:.doc*,.rtf
EncryptedExtension:.7z
AdditionalPaths:C:\Users\me\Documents\Protected/C:\Users\moi\Documents\Protected\Kryptmin
AdditionalPaths:C:\Users\moi\Xtra\Test1/C:\Users\moi\Xtra\Test1
AdditionalPaths:C:\Users\moi\Xtra\Test2/C:\Users\moi\Xtra\Test2
W-EncryptedChannelLocation:C:\Users\me\Documents\Channels
Site:Amazon SSSSSSSSSS01 me@cox.net https://www.amazon.com/ 2 Amazon
Site:WellsFargo WELwwwwwwww mememe https://www.wellsfargo.com/ 2 Bank Routing Number: 12345678,^Checking: 12345678,^Savings: 12345678^^What is the name of your favorite charity: OhBoy^^In what city did you meet your spouse?: Paradise Indiana^^What is the name of your favorite childhood superhero?: Frederick the Great
Site:Fred's PW FFFFFFFFFFFFFFFF Fred's PW 0
Site:gogo GGGGGGGGGGGGGGGG gogo 0
Site:Morton's PW MMMMMMMMMMMM Morton's PW 1
Site:Test2 TTTTTTTTTTTTTTTTTTTTTTTTTTTTTT Test2 1
KScript:Return Fancy-Password
KTScript:Set Level 2^Call TryMe


The options reflect the current screen settings. For example, the "Extensions:" tag refers to the file extensions to display. An inspection of the option reveals that it is set to display document (.doc*) and RTF files (.rtf).


3.2 Editing the Profile

The easy way to edit the profile is to use the [Setup] button. This invokes screen shown in figure 3.2-13.


Figure 3.2-13 Controlling the Profile


The legend at the top of the window specifies the type of files expected in the profile folder. These are:

  • Profile.txt -- the unencrypted version of the profile.

  • Profile.7z -- the encrypted version of the profile.

  • Errors.7z -- Last session's error file.

  • Errors.txt -- Current session's error file.

  • KryptminInterlock.txt -- Temporary file that indicates a Kryptmin session is running.

  • Login.txt -- The file that specifies to require the user to login.

  • Trace.7z -- Last session's trace file.

  • Trace.txt -- Current session's trace file.

  • MyPW.bat -- User specified password algorithm command

  • MyPW.7z -- Encrypted user specified password algorithm command
    Double clicking on Profile.txt or Profile.7z will open the profile in a text editor. However changes are not incorporated. Use this to view, not change the profile. Double clicking the other files opens them in a text editor for viewing. These files are for viewing only so changes do not affect Kryptmin operation.

To edit the profile, click Save. This copies Profile.7z to the encrypted folder(5) The profile may then be edited by decrypting it and then double clicking on it. To install a profile, click Install. This will install the Profile and exit Kryptmin. First Profile.7z is searched for in the Encrypted folder, then Profile.txt is searched for in the unencrypted folder. When Kryptmin is restarted, the new profile will be in effect.
There are no seat belts in editing the profile, so be careful when making changes.

The following options cannot be set via the program itself and must be controlled by hand using Regedit or a text editor: HelpPath (Path to help file), and EncryptedExtension (Default encrypted extension). Their use is as follows:

  1. HelpPath identifies the location of the help file.

  2. EncryptedExtension specifies the file extension used to identify encrypted files. It's use is to identify encrypted files. Kryptmin uses an extension of .7z to identify encrypted files.
    See 5.8 for information on how to use Regedit.

Any file may be deleted. However to refresh the profile, use the Reset button.


3.3 Controls

Prior to making configuration changes, save the profile by using the [Save] button (under Setup]).
The Profile may be modified using the button commands or via the Manage Profile drop-down menu, or by using the right-click menu, i.e. right-click inside of the profile and a menu appears. (The right-click menu and the drop-down menu are equivalent.) The drop-down menu is shown in figure 3.6-17. The controls are as follows:

  • Menu Item: Format Profile -- This button creates a formatted version of the profile in the default Protected folder. This copy may be printed or processed with a word processor. If it is desired to save the copy, it should be encrypted to preserve system integrity.

  • Menu Item: Manage Passwords -- The password manager lets you choose which password algorithm to use and also lets you start over from scratch.

  • Menu Item: Remote Save -- This option shares site definitions and passwords across multiple PC's. To use it you need a network drive. A network drive may be a standalone Network Storage Device (NAS) or a USB drive plugged into theshare port of your router.

  • Menu-Item and button: [Create Encrypted Channel] -- This is used when sharing encrypted e-mail.

  • Button: [Delete] -- This button deletes the selected file. Do not delete your profile, use the password manager to command a reset.

  • Button: [Save] -- This button saves the full profile in the encrypted folder. Normally part of the profile is defined in the registry and part in Profile.txt. Pressing [Save] saves the entire profile in editable format. It is a good idea to save the profile after changing it.

  • Button: [Install] -- This button installs the profile from the encrypted or unencrypted folders. It is used to restore the profile if it gets damaged, or to install a new profile after it is edited. The Profile is searched for first in the encrypted folder, then in the unencrypted folder. If one is found, it is installed and Kryptmin exits. The new peofile will be in effect on the next start up.

  • Menu-Item and button: [Copy] -- This saves the highlighted file to the Protected folder. It is a good idea to then encrypt or delete the copy when not in use.

  • Check Box: Launcher Mode -- enables or disables the web site launcher.

  • Check Box: Multiple Folder Mode -- enables or disables the site editor. The site editor is used to define additional encryption/decryption folders.

  • Check Box: Check for Updates -- enables or disables checking the cloud for updates on startup.

  • Button: [Trace] -- Trace causes Kryptmin to record its operations to Trace.txt. This is useful in debugging. Because passwords may be exposed, Trace is automatically turned off on exit. To see the trace results, double click on Trace.txt under setup. You may also view any detected errors by double clicking Errors.txt under setup.

    Figure 3.3-14 Login Screen




3.4 Using Your Own Password Algorithm

If MyPW.bat exists in the profile folder, it is used to specify an arbitrary password based on whatever algorithm the user desires. The password specified by MyPW is retrieved by searching the output from MyPW for PW:"password", where 'password' is the specified
password(6). Because MyPW is a windows bat-command file, any program desired may be invoked to create the password. This gives the user complete flexibility in specifying passwords. Use the password manager to edit/create/delete MyPW.bat.

During Login, all files in the profile folder that begin with "MyPW" are automatically decrypted using the system password; similarly all files are encrypted during shutdown.


3.5 Using KScript to Manage Passwords

KScript is a scripting processor internal to Kryptmin. Its purpose is to provide some variability to passwords in such a way that only the owner is aware of how it works. The advantage of KScript over MYPW is, it is very difficult for Malware to snoop on KScript and determine your password algorithms.

KScript creates a symbol table and manipulates the symbols according to the script. On start up, KScript adds the following symbols to the symbol table:

Table 3.5-II KScript Predefined Symbols Table

Symbol

Operand

Description

FN
Ext
Parent
Path
CDate
CurrentDate
Forever
Level
ProcLevel

Curent file name
Current file extension
Lowest folder
Full file path
File modification date
Today's date
1 > 0
0
0

Name of active file
Active file extension
Folder in which file is located
Complete path to encrypted file
Date file was last modified: YYYYMMDD
YYYYMMDD
A shorthand for a continuous loop
Print level. Increase the Level and the amount of printing increases
Print level inside of procs.

The only required command is "Return". This specifies the password. Example:
Return 'String-expression', as in
Return constant-password

This specifies a constant password, the default. Another example is:
Return root:^FN^
This specifies a variable password consisting of a constant part ('root') and the file name. Notice that to reference a symbol, the name is preceeded by a caret('^') and terminated by a caret or space.

Another example is, say a policy change. You wish to change passwords across a set of files. You can manually write a script to decrypt using the old password and then re-encrypt using the new one, or you may opt to change passwords based on the file creation date (or both.) The way to change passwords based on a date, say May 5, 2020 in KScript is as follows:

If If1 CDate > "20200505"
   Return NewPW
Else If1
   Return OldPW
endif If1

The properties of KScript are discussed in the following paragraphs.


3.5.1 KScrypt Syntax

Symbols are represented by alpha-numeric names. The first character must be alphabetic. ('$', and '_' count as alphabetic.) KScript commands and symbol names are case insensitive. Lines that are less than 3 characters long or that begin with a pound sign ('#') are comments. Before each line is interpreted, symbols that are preceeded with a caret ('^') are dereferenced, i.e. replaced with their value. Tokens are strings of one or more characters separated by spaces. A token may be a symbol name, a character string, or an integer number.

Symbols are assigned values via commands. The basic assignment commands are the Set and Setm commands. These have the following format:

Set Symbol-name String expression
Setm Symbol-name Numeric expression ("m" stands for math mode.)

Where a string expression consists of character strings, optionally enclosed in quotation marks, and dereferenced symbols. To include a quotation mark in a string, precede it with a backslash ('\'). To include a backslash, use two backslashes ('\\'). To dereference a symbol, Start the symbol name with a caret ('^') and end the name with another caret or a space. The name will be replaced by its value.

Example:

set ABC Now is the time

Symbol ABC will have the value of "Now is the time".
Reusing ABC,

set ABC ^ABC for all good men

And symbol ABC now has the value of: "Now is the time for all good men".

A numeric expression uses a simple format or an extended format. The simple format looks like:

operand operator operand

Example:

Setm ABC 5 + 3

Symbol ABC will be set to 8. Suppose symbol ABC is 8 and DEF is 4, then

setm abc ^ABC * ^DEF

Symbol ABC will be set to 32. Actually the Setm commnd knows that the operands must reduce to integer numbers, so it is not necessry to dereference the symbols, the symbol table will automatically be checked anyway.

The numeric operators are '+', '-', '*', '/', and '%' for addition, subtraction, multiplication, division, and remainder.

The extended format looks like:

setm symbol-name (expression) operator (epression) ...
The expression consists of operands separated by operators. Example:

setm N (3 + 5) * (2)
Symbol N will be set to 16, as opposed to writing it as:

setm N (3 + 5 * 2)
in this case N will also be set to 16, which illustrates that expressions are evaluated left to right without regards to operator precedence.. Another example is:

setm N (2 * 3 + 5) + (10)
This evaluates to: (11) + (10) = 21.

The following table lists the KScript control structures. Brackets ('[]') indicate optional characters. An 'm' as the last letter indicates math mode, i.e. the operands are numbers rather than character strings.

Table 3.5.1-III KScript Decision Making Commands

Construct

Description

Comment

IF[m] label
ELIF[m] label
Else label
Endif label
IExit label
While[m] label
WContinue label
Wexit label
Wend label

Expression
Expression
 
 
 
Expression
 
 
 

if the expression is true, the following statements are executed.
if the preceding test is false and the expression is true, the following statements are executed.
If none of the previous expressions were true, then the else statements are executed.
Ends the IF control statement. IF statements may be nested.
The corresponding IF-Block is exited past the EndIf statement.
The statements following the While statement are executed as long as the expression is true. While statements may be nested.
Skip to corresponding Wend statement.
The corresponding while loop is exited.
Ends the While Loop.

Decision making expressions consist of operands (Symbol names, Character strings, or integers), separated by comparison operators. There is a short form and an extended form. The short form format is as follows:

Operand1 op Operand2

The extended form format is

(Oper11 op1 Oper12) rop1 (Oper21 op2 Oper22) ... ropn (Oper1n opn Oper2n)

Examples:

If Mif sym1 GT sym2
 ...
ELif Mif sym3 > sym4
 ...
Else Mif
...
Endif Mif

Or the same example in math mode:

IFm Mif sym1 GT sym2
 ...
ElIFm Mif sym3 > sym4
 ...
Else Mif
 ...
Endif Mif

Silmilarly here is an example in the extended format:

While MyLoop (A > B) || (C <= D)
 ...
Wend

Or in math mode:

Whilem MyLoop (A GT B) OR (C LT D)
 ...
Wend

Comparisons are case insensitive, unless the operator has an ending "s", in which case the comparisons are case sensitive.
The operators are as follows:

Table 3.5.1-IV KScript Operator Table

Operator

Description

Alias

GT[s]
GE[s]
EQ[s]
NE[s]
LT[s]
LE[s]
AND
OR

Greater Than
Greater Than or Equal
Equal
Not Equal
Less Than
Less Than or Equal
And
Or

>[s]
>=[s]
=[s], ==[s]
<>[s], !=[s]
<[s]
<=[s]
&, &&
|, ||

Either the operator or its alias may be used. Expressions are evaluated from left to right without regard to operator precedence.

KScript also supports parsing commands. These are discussed in the following paragraphs.


3.5.2 Parse

The parse command parses a path and sets symbols identifying its parts.

Syntax Parse Root Path

Inputs:

  1. Root -- Label used to group the symbols

  2. Path -- File path to be parsed
    Outputs:

  3. FN -- File name

  4. Ext -- File extension

  5. Parent -- Folder holding the file name

  6. Path -- Full path

  7. Drive -- Drive letter

  8. CDate -- Date file was last modified (usually the creation date.)

  9. NumSub -- Number of sub directories in the path
    Example:
    Parse Root C:\Users\Me\U\TestIt.txt
    Results:

  10. Root.FN = TestIt

  11. Root.Ext = .txt

  12. Root.Path = C:\Users\Me\U\TestIt.txt

  13. Root.Parent = C:\Users\Me\U

  14. Root.CDate = 20200522

  15. Root.NumSub = 4


3.5.3 Pop

The pop command parses a path and sets symbols to a specified sub directory

Syntax Pop Root Path

Inputs:

  1. Root -- Label used to group the symbols

  2. Path -- File path to be parsed
    Outputs:

  3. Drive -- Drive letter

  4. First -- First folder in path

  5. Last -- Last folder in path

  6. Parent -- Folder containing file name

  7. NumSD -- Number of subdirectories in path
    Example:
    Pop Root C:\Users\Me\U\TestIt.txt
    Results:

  8. Root.Drive = C

  9. Root.First = Users

  10. Root.Last = TestIt.txt

  11. Root.Parent = C:\Users\Me\U

  12. Root.NumSD = 5


3.5.4 GetSubDir

The getsubdir command parses a path and returns the nth sub directory of the path.

Syntax: getsubdir Root n Path

Inputs:

  1. Root -- Label used to group the symbols

  2. N -- Number of sub directory to be extracted. (Counting from zero.)

  3. Path -- File path to be parsed
    Outputs:

  4. SubDir -- The requested sub directory

  5. Length -- number of characters in SubDir
    Example:

GetSubDir SD 3 C:\Users\Me\Trial\Test\TestIt.txt

Results:

  1. SD.SubDir = Trial

  2. SD.Length = 5


3.5.5 Index

The index command returns the location of a sub-string inside a larger string. The first position is zero. If the string is not found it returns -1.

Syntax: Index Root BigString SmallString

Inputs:

  1. Root -- Label used to group the symbols

  2. BigString -- The string to be searched

  3. SmallString -- The string to located inside of BigString
    Outputs:

  4. Position -- The position of the smaller string in BigString

  5. Length -- number of characters in Position
    Examples:
    set TF Now is the time
    Index SRCH TF "the"
    Results:

  6. SRCH = 7

  7. SRCH.Length = 1---
    Index SRCH TF "duh"
    Results:

  8. SRCH = -1

  9. SRCH.Length = 2---
    Index SRCH TF "the time"
    Results:

  10. SRCH = 7

  11. SRCH.Length = 1---
    Index SRCH TF "THE TIME"
    Results:

  12. SRCH = -1

  13. SRCH.Length = 2


3.5.6 Substr

Syntax: Substr Root String Start [Length], where string is a symbol name or string

Inputs:

  1. Root -- Label used to group the symbols

  2. Start -- The starting position in the string

  3. Length -- Optional number of characters to return. If omitted the substring from the starting position is returned.

  4. String -- The string to be parsed
    Outputs:

  5. Root -- The desired substring

  6. Length -- Number of characters in Root
    Examples:
    set Level 4
    set TF Now is the time for all
    substr Part tf 4 10
    Part set to 'is the tim'
    Part.Length set to '10'

substr Part tf 4
Part set to 'is the time for all'
Part.Length set to '19'


3.5.7 KScript Log

KScript maintains a diagnostic log that can be viewed in test mode or in the trace log if trace is activated(7). Each line in the log is labeled according to the input line that generated the log line(s). Thus a "View" statement on input line 023 would result in multiple output lines, each labeled 023.

The following commands write to the log:

  1. Log String -- writes string to the log

  2. View -- writes the current symbol table to the log

  3. View SYMBOL1 SYMBOL2 ... SYMBOLn -- writes indicated symbols to the log.
    Symbols Level and ProcLevel control the amount of output each command generates to the log. Level controls the output level outside of procs, ProcLevel controls the output level inside of procs. The values are as follows:

    Table 3.5.7-V KScript Log Control

Level

Meaning

0
1
2
3
4

Only write the generated password (default)
List the script as it is executed
Also show the results of symbol replacement
Also show intermediate results
Write everything available


3.5.8 KScript Modularity

KScript supports three types of program blocks: If, While, and Proc. Each block type is identified by a label. Thus Wexit (while exit) refers to the Wend (While end) that has the same label. That way While blocks can be nested. The same logic applies to If statements. The third type of program block is the Proc. Procs act like subroutines and support parameter passing. Procs are located at the end of the script and are preceded by a Procs statement.
The Procs statement divides the script into procs and non-procs. All While and If blocks must be closed before the Procs statement is encountered. Statements outside of a proc after the procs satement is encountered are mostly ignored(8)

The proc definition is a proc statement:

Proc name [parameters] -- defines a proc
Pexit name -- optionally exits a proc ahead of the Pend statement
Pend [name] -- ends the proc. Procs cannot be nested, however a proc may call another proc. Proc parameters are positional and are separated by spaces.

Currently there are no defaults. If a Proc statement defines 3 parameters, then exactly 3 parameters must be passed to the proc when it is invoked. Procs are invoked by a Call statement. The format is:
Call Proc-name P1 P2 P3
The Proc-name is the same name as is on the Proc statement. The parameters have the proc name prepended. Example:

Call MyProc A B C
Call SecondProc OnlyOne
Procs
Proc MyProc One Two Three
  log One = ^MyProc:One^, Two = ^MyProc:two^, Three = ^MyProc:three^
Pend
 
Proc SecodProc One
  log One = ^SecondProc:One^
Pend

The results were:

MyProc: One = A, Two = B, Three = C
SecondProc: One = OnlyOne


3.5.9 Invoking KScript

KScript is accessed via the Manage Passwords option of the Setup Menu as shown in figure 3.5.11-15 invokes the KScript editor shown in figure 3.5.11-16


3.5.10 The KScript Editor

The Editor supports the following buttons:

  1. Syntax -- Display a KScript syntax summary.

  2. Load Test Script -- Load the current test script.

  3. Save Test Script -- Save the current script as the test script.

  4. List -- Display a listing of the current script.

  5. Test -- Execute the current script and display the results.

  6. 'Print-Level-control' -- set the print level for test purposes.

  7. Save Kryptmin Script -- Save the current script as the live Kryptmin script.

  8. Load Kryptmin Script -- Load the live kryptmin script for testing or viewing.

  9. Exit -- Exit the editor.


3.5.11 Sample Script

As an example consider the case where you are working on several projects, each one with its own associated password. A KScript script to implement this is as follows:
Assume a directory structure of
C:\Users\Me\Projects\Project1
...
C:\Users\Me\Projects\ProjectN
Then we want to identify when the current directory is part of the Projects branch and then choose a password based on the project name. This password should apply to all files and subdirectories in the project.
The starting logic determines the branch and if the branch is "Projects", then a proc is called to isolate the logic of returning the desired password.

# Get the branch name
GetSubDir Branch 3 ^Path
log Display initial symbol table
View
if Mif Branch.Subdir == "Projects"
   Call GetProjectPW
else Mif
   Return (^FN^)-(^Fn^)
Endif Mif
 
Procs
Proc GetProjectPW
  GetSubDir Project 4 ^Path
  log Project = Project.Subdir
  if Mif2 Project.Subdir == "Project1"
     Return Project1
  ELIF Mif2 Project.Subdir == "Project2"
     Return ^Project.Subdir^-(^FN^)
  else Mif2
     Return ^Project.Subdir^-(^FN^)
  Endif Mif2
Pend GetProjectPW


Figure 3.5.11-15 Accessing the Password Manager


Figure 3.5.11-16 KScript Editor



3.6 Backups

It is strongly suggested that you save the profile (by using the [Save] button in the setup window) after making changes that you want preserved. Then if your profile gets corrupted, you can restore it.

It is also suggested that you use an off-site backup program that backs up your Documents folder, this also backs up Kryptmin, since the Protected and Kryptmin folders are located in Documents.


Figure 3.6-17 Profile Drop-Down Menu



4 Examples


4.1 Kryptmin Directory Structure

Normal files and folders go in the Protected folder (see figure 4.1-18. Notice that files and folders may be encrypted.
An encrypted folder is stored as a single file no matter how many files and subfolders it contains. This can be useful in managing collections of files.


Figure 4.1-18 For files and directories


Figure 4.1-19 For encrypted files and directories


Figure 4.1-20 For viewing


Figure 4.1-21 For commands and programs



4.2 Encrypting Folders.

For example you could store and encrypt a folder, say, Tax2017. Which holds all your 2017 tax information. This would encrypt to a single file: Tax2017.7z. When you unencrypt it, the full folder structure is restored. Set the View to display Folders. Click on the folder names that you want to encrypt and click button [Encrypt].


4.3 Encrypting Files

Set the View to display Files. Then select the files you want to encrypt and click button [Encrypt]. See figure 2-4


4.4 Decrypting Files and Folders

figure 2-4 also shows the Encrypted files. Notice that both files and folders have the same format. To decrypt a file or folder, select it from the encrypted window and click button [Decrypt]. If the encrypted file was for a folder, make sure the View is set to show folders.


4.5 Viewing Files and Folders

Kryptmin has a view feature. Double clicking on a file or folder will view it (See figure 2-4). This applies to both unencrypted and encrypted files and folders. To view an unencrypted file or folder, double click on it. To view an encrypted file or folder, click the Allow Encrypted View check box and double click on the file name. Files are decrypted to the view folder shown in figure 4.1-20). View files and folders are deleted when Kryptmin exits. However there is always a possibility that a file is locked in an editor or otherwise locked, so it is a good idea to check the view folder to make sure all files were deleted.


4.6 Deleting files and Folders

Kryptmin may be used to delete files and folders in the encrypted and unencrypted folders. Just select files or folders to be deleted and click the [Del] button (or right-click and select Delete.)


4.7 Moving Versus Copying Files and Folders

If check box Move Files is checked, then encrypting and decrypting move their corresponding files rather than copying them. See figure 2-4.


4.8 Overwriting Files

If checkbox Overwrite Files is not checked, then a message will be displayed asking for permission before overwriting an existing file. See figure 2-4.


5 Notes

Selected topics of interest.


5.1 Backups

Whenever you make important changes to your profile, it is a good idea to back it up. You can do this by clicking [Setup] and then clicking [Save]. This creates a backup copy of your profile in the Encrypted folder. You cannot just copy Profile.7z as stored in the Profile folder because it is encrypted using the system password and is deliberately not portable -- use [Save] to copy it to the Encrypted folder. (Use the [Install] button under Setup to install an archived or modified Profile from either the decrypted or encrypted folders.)

You should have a backup system that automatically backs up your Documents folder (which includes your Protected and Encrypted folders.) If you don't have an online backup system in place, here is a survey of good backup systems(9): https://www.pcmag.com/article2/0,2817,2288745,00.asp.


5.2 Customizing Windows

MS Windows defaults to not displaying common file extensions. It is easy to get confused when doing encryption if the file extension is not displayed. So I recommend doing the following windows customization to display file extensions:

  1. Open the file manager (Click the folder icon at the bottom of the screen.)

  2. Click View at the top of the window. See 5.2-22.

  3. Click options, then click View (again, different 'View'). See 5.2-23.

  4. Unclick Hide extensions for known file types.

    Figure 5.2-22 Clicking Windows View


Figure 5.2-23 Windows Options



5.3 Managing Passwords

Here are a few tricks:

  1. Defining an override password with a name of "Default", causes that password to be used whenever a password is not explicitly stated, i.e. it becomes the default and overrides the "Root:Filename" method of specifying passwords.

  2. Choosing an override password name that is the same as an alternate path (folders in the drop down list under UnEncrypted) causes that password to be used whenever the corresponding folder is selected.

  3. Power users can specify any password algorithm by using the "MyPW" mechanism under [Setup]. Click Setup], then select Create My PW from the Manage-Profile menu. This creates MyPW.bat in your profile folder. MyPW.bat is a windows command file that is given three parameters:

   a. The Root password

   b. The file name

   c. The file path
MyPW is invoked whenever normal passwords are required (i.e. password override and temp password are not specified.) MyPW then has the responsibility of displaying the desired password as PW:"password"(10). Because MyPW.bat is a command file, it can launch any program or other command file, which gives it total flexibility. As an example of use, suppose you are changing passwords. And files older than a certain date should be Decrypted using password 1 and everything else should use password 2. MyPW.bat allows you to implement the password change seamlessly.


5.4 Note on Encryption

Portable devices use full disk encryption. That way if you lose your laptop or smart phone, no one can read anything without your system password. The reason for encrypting sensitive files, even when the disk is encrypted is to prevent malware (or a casual observer) from reading your data after you have unlocked your disk. For that reason, you still want to encrypt sensitive files (IMHO.)


5.5 System Password

Kryptmin, by default constructs a system password based on your PC's hardware signature. (You can see it by selecting Format Profile in [Setup].) This can be overridden by specifying your own login password. The system password is used to encrypt all files in the the Profile folder. This means that if you take the defaults, you have to use the [Save] button to copy files to your Encrypted folder to back it up.

If the hardware configuration changes, the the default system password may also change. This is another reason to back up your profile.

Relying on the default system password implies that your system is physically secure, i.e. your PC login password is deemed good enough security. If it is not, then use your own Kryptmin login password.


5.6 7-Zip Interface

Program 7-Zip is used to encrypt and decrypt files. 7-Zip is invoked dynamically using its built-in command line interface (CLI). The CLI is unlikely to change in that changing it would break lots of software in cyber space. So this is a relatively safe procedure. The return code returned by 7-Zip is examined to see if the operation was successful. In the event the return code indicates failure, a dialog is displayed warning the user that the operation (encrypt/decrypt) was not successful. (This usually means that the password was incorrect.)


5.6.1 Screen Scraping

There is a second form of communication used to talk to 7-Zip. This is sometimes referred to as screen scraping. Kryptmin commands 7-Zip to display information about a file to be decrypted to see if the file is a directory or an ordinary file. The screen image is captured (and not displayed) and Kryptmin parses the image to see if the file is a directory or not. 7-Zip has been stable for several years now, but if changes are made to 7-Zip, this process could fail requiring a corresponding update to Kryptmin. If the 7-Zip display does change and Kryptmin fails to parse the new screen image correctly, then the Move function for folders (directories) would fail and the user will have to manually delete the original file when folders are decrypted.


5.6.2 Manually Decrypting Files

The following will manually decrypt a file encrypted using Kryptmin:

  • Using Explorer, the Windows' file manager, right-click on the file name.

  • Select 7-zip

  • Select Extract Here

  • Enter the password at the promptThe file (or folder) will be decrypted to a file/folder of the same name as the encrypted file.


5.7 Checking for Updates

Kryptmin reads the version file directly from the Wiki site (https://sourceforge.net/p/kryptmin/wiki/Version/). This file is checked for the following strings:

  1. (Version: 1.1.1.1) -- Version number of the current version of Kryptmin.

  2. (Pending:1.1.1.1~1.2.2.2~...~1.n.1.1) -- List of active versions.

  3. (News: 1) -- number of current news blurb.If the Kryptmin version number is contained in Version or Pending then no message is displayed; otherwise the new version dialog is displayed warning the user that a new version is available.

If the current news number is less than the news blurb number, the news is displayed.

The Profile screen may be used to disable the checking (and speed up start up slightly.)


5.8 Registry

Single value configuration items are saved in the Windows Registry using key:
Computer\HKEY_CURRENT_USER\Software\NIC\Kryptmin. These values may be edited using the Windows utility: Regedit. To see the registry values, press <Alt>R and enter regedit. Then type the above key in the Regedit address field (or copy the key from help and paste it into Regedit.)


5.9 troubleshooting

Sometimes it is difficult to see just what is happening. The Trace option of [Setup] writes a log of the external commands used by Kryptmin to accomplish its tasks and records in detail what Kryptmin is doing.

The log is recorded in your Profile folder:
C:\Users\'you'\.nic\Kryptmin\Trace.txt. This contains a record of the external commands issued by Kryptmin over the course of a session. It's principal use is to debug the program, but it can be illuminating. A word of caution though, Trace records the commands used to encrypt and decrypt files, including the passwords used. For this reason, Trace.txt is encrypted at the end of the session. Trace is activated by clicking on [ ]Trace after clicking the [Setup] button. Trace is not remembered across sessions, see Figure 3.2-13.


5.10 Design Notes

A simple button based interface was decided upon to make basic use intuitive. This seems to have worked out well (IMHO). However it did cause a problem with the Profile editor. There were just too many buttons, so it got confusing. So I decided on a hybrid interface: Part button, part menu. This seems to be reasonable. Accordingly the Profile has a drop-down menu and a right-click menu. Both menus are equivalent.


5.11 Exchanging Files

As an example of exchanging files between people, suppose Fred and George want to set up an encrypted e-mail channel to exchange files. To do this they have to make several decisions. The first decision is the choice of method. Two common methods are:

  1. PGP (Pretty Good Privacy) for UNIX/Linux, or GPG (GNU Pretty Good Privacy) for Windows. Both PGP and GPG are equivalent Public Key Encryption systems. As far as I know this is the most secure method of exchanging files. It also requires some effort to setup.

  2. AES-256 bit encryption. Kryptmin is a management layer over program 7-Zip, which implements the AES-256 bit algorithm. There are other encryption systems. The weakness of using Kryptmin is that two people have to agree on a password in advance. The strength of PGP/GPG is that everybody publishes a public encryption key. Any data encrypted using the public key can only be decrypted using the private key. The private key is kept secret so only the recipient can read the data.

Since this help file is about using Kryptmin, the interested reader is referred to the literature for more information on PGP/GPG.

Assuming Fred and George agree to use a common password, say Snarflubber01, the following is a way to set up a usable e-mail channel between Fred and George using Kryptmin(11).

  • George creates a directory named C:\Users\George\Documents\Fred\ToFred to keep files sent to Fred; and a directory named C:\Users\George\Documents\Fred\FromFred to hold Fred's replies. George decided to locate the folders (Directories) inside of his Documents folder. This is because his backup system automatically backs up the Documents folder.

  • Then George launches Kryptmin and clicks on the Unencrypted files drop-down list and selects Edit(12).

  • He pastes "C:\Users\George\Documents\Fred\ToFred" in the New Protected field and also in the New Encrypted field because he is going to hold both encrypted and decrypted files in the same folder. See figure 5.11-24

  • He repeats the process for folder C:\Users\George\Documents\Fred\FromFred and clicks Save.

  • Then he defines the passwords By clicking button Edit next to password override and enters a new name of "ToFred" and the corresponding password of Snarflubber01 as shown in figure 5.11-25. He then clicks button [Add].

  • He repeats the process for folder ...FromFred. He now has password Snarflubber01 associated with folders ToFred and FromFred. (Remember passwords and associations are case sensitive so that TOFRED is different from ToFred.)

  • Then he clicks button [Update] to save his work.
    He is now ready to exchange files with Fred. Fred does something similar, only he names his folders 'George' instead of 'Fred'.


Figure 5.11-24 Document Exchange -- Setting up Folders


Figure 5.11-25 Document Exchange -- Defining Passwords



5.11.1 Sending Files

When George sends a file to Fred, he:

  1. Creates the file, say, Stuff.docx in C:\Users\George\Documents\Fred\ToFred

  2. Then George launches Kryptmin and

   a. Unclicks the Launcher Active check box if it is set.

   b. Sets the unencrypted folder to C:\Users\George\Documents\Fred\ToFred by selecting it from the unencrypted folder dropdown list. This changes the active unencrypted folder to ...\ToFred and also sets the encrypted folder to the same thing, since that is what George defined it to be previously. It also sets the default password to Snarflubber01 because there is a password named ToFred with that as its value.

   c. Then George clicks on Stuff.docx and clicks the [Encrypt] button.

   d. Stuff.7z appears in the encrypted window.

   e. George sends Stuff.7z as an attachment to Fred.


5.11.2 Receiving Files

Upon receiving George's e-mail, Fred launches Kryptmin and does the following:

  1. Unclicks the Launcher Active check box if it is set.

  2. Saves the Stuff.7z attachment in C:\Users\Fred\Documents\George\FromGeorge

  3. Sets the unencrypted folder to C:\Users\Fred\Documents\George\FromGeorge by selecting it from the unencrypted folder dropdown list. This changes the active encrypted folder to ...\FromGeorge and also sets the unencrypted folder to the same thing, since that is what Fred defined it to be previously. It also sets the default password to Snarflubber01 because there is a password named FromGeorge with that as its value.

  4. Fred then clicks on Stuff.7z and clicks button [Decrypt].

  5. Stuff.docx appears in the unencrypted window.

  6. Fred doubleclicks Stuff.docx to read it(13).


5.11.3 Using the Channel Wizard

There is a Wizard to setup encrypted e-mail channels. Click on button [Profile], then click on button [Create Encrypted Channel]. This opens the Wizard, see figure 5.11.3.


Figure 5.11.3-26 E-mail Channel Wizard

Typical channel locations are: C:\Users`you'\Documents\Channels and C:\Users\'you'\Channels. The advantage of locating e-mail channels inside of the Documents folder is that Documents are usually backed up by the backup app automatically; the advantage of locating the channels in your main directory is the resulting file names are less long. Choose the location, the channel name, and the password. Then click button [Validate]. Check the to/From folders and adjust them if you prefer, and click button [Create Channel]. Kryptmin will create the channel for you. Usage is as described previously.


5.11.4 Integrating with Linux

What if Fred's system is Linux based? There are many ways to communicate with a Linux based system. What I would do is write two Nautilus scripts. One titled EncryptForGeorge, the other DecryptFromGeorge. The encryption script would invoke 7-Zip similarly to:
7z a $ARC -y -p"Snarflubber01" -mhe $FILE
where $ARC is the archive to contain the encripted version of the file, and $FILE is the file.

The decryption script for files would invoke 7-Zip similarly to:
7z e $ARC -y -p"Snarflubber01" -o"$OUT"
where $ARC is the archive being decrypted and $OUT is the output folder.

The decryption command for directories is similar to:
7z x $ARC -y -p"Snarflubber01" -o$OUT "$FOLDER/*"
where $ARC and $OUT are as before, and $FOLDER is the folder name.

Alternately, you can right-click on an encrypted file and choose extract to here. Then type in the password when requested to do so, etc.


5.11.5 Integrating with Android

Because AES-256 bit encryption is defined in a government standard (see Advanced Encryption Standard), encrypted files may be decrypted by any app that follows the standard so long as the correct password is used. For example, ZArchiver understands 7-Zip encrypted files and may be used to pass encrypted files between Kryptmin and Android phones. ZArchiver is available from the Google play store. Two good ways to exchange files with an Android phone are: via e-mail or via a shared cloud disk.


6 Change log

Table 6-I Change Log

Date

Change

Notes

Version

7/14/2018

Pre-release copy

Preview released

1.1.1.0

 
 

Fixed 'Default' for Password Override
Added drop-down menu to profile editor

Avoid collisions
Improve command navigation

1.1.2.0
1.1.2.0

7/20/2020

Final-release copy

Program Reboot

1.2.0.0-0.0

F O O T N O T E S



(1) There are multiple password options -- for example, see 2.8

(2) On many keyboards, you must also press [shift] to access the plus (+) key.

(3) It is not necessary to use separate folders, a single folder for both encrypted and decrypted files works fine

(4) Complicated algorithms are usually implemented by invoking Windows Power Shell from inside MyPW.bat.

(5) More specifically it first decrypts Profile.7z to Profile.txt using the system password, then it encrypts the profile to Profile.7z in the encrypted folder using the currently specified password.

(6) Quotation marks are optional and quotation marks (") are automatically deleted after detecting the password.

(7) Trace is an option under setup

(8) Block labels are recognized, everything else is ignored.

(9) I personally use I-Drive, but they are all good.

(10) The quotation marks are optional.

(11) There is a Wizard to do the setup, see 5.11.3-26

(12) you can also right-click to invoke the editor

(13) Actually Fred could just doubleclick on Stuff.7z, and Kryptmin will automatically decrypt it to the view folder.

I N D E X

7-Zip

Limiting display by extension

Activating launcher mode

Linux

AES-256 bit encryption

Location of default folders

Arbitrary passwords - X.001 X.002 X.003 X.004

Location of files

Backing up the profile

Login password

Buttons

Login required

Constant PW

Login security

Context menu

Login.txt

Copy/Paste - X.001 X.002

Manage Passwords

Create Encrypted Channel

Modular arithmetic

Data fields

Multiple folder mode

Decryption during startup

Multiple folders

Default override password

MyPW

Default password

Options

Default Password

Override passwords - X.001 X.002 X.003

Default security

Password manager

Deleting files

Passwords

Detail editor - X.001 X.002

Pasting web passwords

Drag-and-drop - X.001 X.002 X.003

PGP - Pretty Good Privacy

Editing the Profile

Power shell

Editing the profile

Pretty Good Privacy

Encrypted Channel

profile

Encrypted e-mail

Profile Defined

Encryption during shutdown

Profile directory - X.001 X.002

Errors.txt

Profile folder

Example decrypting files

profile folder

Example encrypting files

Profile format

Example encrypting folders

Regedit - X.001 X.002

Exchanging files

Registry

Format Profile

Remote Save

GPG - GNU Pretty Good Privacy

renaming a site

Hand editing the profile

Restoring the profile

Kryptmin

Restoring the profile from backup

KScript - X.001 X.002 X.003

Right-click menu

KScript - getsubdir command

Root:FN - X.001 X.002

KScript - index command

Saving the profile

KScript - Initial symbol table

Sharing Passwords

KScript - log levels

System Password

KScript - operators

Trace

KScript - parse command

Trace.txt

KScript - pop command

troubleshooting

KScript - substr command

Usage buttons

KScript case sensitive compare

Usage options

KScript control commands

Using multiple folders

KScript Procs

Viewing files

KScript syntax

Web password manager

Launcher mode

Windows power shell

Related

Wiki: Home