Secure Edit Help

SecureEdit is a program to save encrypted text files.

This program is a text editor that saves encrypted text. It will not ever save plain text.
It does not create any temporary files, and makes no modifications to your system other than to create a settings file (secureedit.ini) in the same folder as the program.

The program uses a blowfish algorithm, which currently has no known weaknesses, but the implementation may well have vulnerabilities, so it would be prudent to use this program in conjunction with another form of encryption such as on-the-fly encryption.

Do not use this program to protect really important secrets, the code is not peer reviewed and will quite likely have flaws and weaknesses that will allow the password or plaintext to be revealed. It is also obvious that the files are encrypted so is useless against the law enforcement agencies who will use coercion/blackmail/brutality/authoritarian laws, to get you to reveal the password.*

*Law enforcement will be more persuasive then you can imagine, mostly because they've traded their personal morality for a book of rules.

If you live in the UK you can be forced to provide the password with the threat of five years in jail if you don't.

If you have real secrets use steganography or On-The-Fly encryption.

Passwords are not stored in the encrypted file, this has advantages for security, but the disadvantage is that no check is done that the decryption password is correct. If you use the file encryption buttons (Advanced view) then be aware that If you decrypt a file with the wrong password the file will be scrambled. You can recover the file by reversing the process (encrypt using the wrong password, decrypt with the correct password).

The Interface

Advanced View (menu - options)
The padlocks on the top right are for drag and drop file operations. ie drag a file (or folder) onto the button to encrypt or decrypt a file. They will encrypt files with the password in the password box. If you forget your password the file is not recoverable.

Onscreen keyboard - use this to enter the password in order to avoid key loggers.
Even if you enter part of the password with the on screen keyboard it will help.
Key loggers are very common, and are probably the biggest single threat to the security of your pc and the data on it.

Split Screen - this button shows or hides the status window. It is recomended to always show the status window, any problems with program operation will be shown here.

Tools - various encryption and cleaning tools on a panel. These are the same as available on the menus.

Browser (magnifying glass icon) - currently just a mini-explorer for .ecu files.

Tools

Mostly self explanatory. Temp folder secure delete takes longer than standard delete, but overwrites the file to prevent recovery. Probably a good idea in semi-free, or authoritarian societies (which is all of them).

Analyse password (tools / misc tools) - has been updated to reflect the password cracking abilities of GPUs using the baseline of 10e9 passwords per second.

Netstat (tools / misc tools) - gives a list of network connections from your machine.

Secure Delete (tools / file tools) - deletes a file and overwites it to prevent recovery or undeletion. Drag a file from explorer onto this icon and it will be securely overwritten and then deleted. Don't do it to files you want to keep. There is no undo. The toolbar buttons can also be clicked to find a file if you like doing things the hard way.

File Munge (tools / file erase) - This option is not a full secure delete. It securely deletes the first 10MB of file. This could be useful for deleting very large files, such as 20 GB mpegs. Recovering the data would involve recreating the file headers - something beyond the capabilities of weaker adversaries, but don't use it to delete your plot to blow up the houses of parliament.

Encrypt File (tools / file tools) - choose a file to encrypt using the password you have typed into the password box. It does the same as the locked padlock icon.

Decrypt File (tools / file tools) - choose a file to decrypt using the password you have typed into the password box. It does the same as the unlocked padlock icon. Make sure the file renaming options are consistent between encrypting and decrypting otherwise you will have unreadable file names.

Encrypt and Convert to Zip File (tools / file tools) - create a standard zip file using the password in the box, and the file you have picked. Unzip with any winzip, winrar, 7zip, windows explorer etc.

Convert to Encrypted BMP (tools / file tools) - Encrypts the file using the password in the box and converts to a bitmap (image). You can view it in an image viewer, but don't try editing it.

Convert From Encrypted BMP (tools / file tools) - recovers whatever you encrypted above, using the same password.

If you use the wrong password a garbage file will be recovered.

Text Encryptor / Encoder

This can be found on the tools panel. Its purpose is to create encrypted text that can be copied and pasted into an email or chat that can be decoded by the recipient.

It works by first encrypting the text using the password supplied, and then encoding the result (using base64) to give a plain text string such as
Cz5xVa95AiYzosa46WdFSOIh4EBjCA==
This can be decoded by your recipient (who has prior knowledge of the password you used).

Options
The settings are stored in an optional config file, which can be cleared or deleted at any time.

The program does not write to the registry and will run from any media such as flash disk or CD.

File Renaming Options - Do not alter this option unless you have tested what it does.

1) Leave File Name - It is recommended not to change the file renaming option to 'leave file name' unless you are really sure of what you are doing. The only way the program knows a file is encrypted is by the ecu extension, so you run the risk of encrypting a file multiple times and not knowing how many decryptions it will take to recover your data.

Its probably also a good idea not to allow multiple encryptions on the same file (advanced options), as it will provide little extra security and will mean folder encryptions will encrypt all the files rather than just the un- encrypted ones.

2) Add .ecu Extension - leaves the file name as it was, but just adds .ecu, this is the recommended option.

3) Rename Entire Filename - scrambles the filename. The filename is not encrypted, a serious adversary can recover the filename (not the contents) easily. If you choose this option you need to stick to it, in order to unscramble your filenames on decryption.

Debugging Mode - Leaves the temporary working files in place. It leaves the drive-wipe file, and temporary encrypted file. Only use if you want to verify the program operation.

Allow stopping of windows explorer - this option is used when clearing temporary files, and is necessary for the deletion of thumbcache files on windows vista and windows 7. It is not on by default as stopping and starting explorer can be a bit flaky and may confuse inexperienced users.

Unicode

Editor Font (Options / Visual / Editor Font)

Most common fonts (such as Arial, trebuchet) will display european letters with accents, greek, cyrillic (russian). If you work with other character sets such as japanese, korean or bengali then you will need a font that is capable of displaying these characters, a common such font is ms arial unicode, this is available on the ms office installation (if you look hard enough). Adobe photoshop also installs quite a few unicode fonts. SecureEdit will save unicode characters even if your font doesn't display them.

System Tools

These tools should not replace dedicated security tools, they are designed to be handy, but are not comprehensive or thorough.

The "wipe free space" tool does not wipe files slacks or mft records, which leaves the possibility of file fragments remaining untouched. A (reputable) full disk wipe program will do this.

The analyse password is really just a (very) rough guide to how good your password is, and the value of adding uppercase and special characters. New brute forcing techniques seem to be invented every year, and you'll find that a password that was safe last year can be cracked by a script kiddie this year.