sources and some technical notes
NotepadCrypt is a simple text
which can optionally encrypt the
text files it edits. NotepadCrypt was designed to fill a
requirement to encrypt configuration files which had to be edited by
humans but read by programs, without the hazard that would obviously
exist if editing required the human editor to make a temporary
unencrypted file. I needed an editor which could read and
encrypted file, for which the encrypted format was documented and
assessable to C and Perl programs. To my surprise, none
NotepadCrypt was constructed using open source software, including a
low level implementation of AES encryption and Sha256 hashing;
and Notepad2 a really nice open source replacement for
Notepad. None of this software had to be changed in any
substantial way, but the file format and key management had to be
designed and implemented to stitch it all together. The
requirement that a program be able to read the encrypted file led to
design which included a master
I think is extremely useful to anyone using NotepadCrypt to encrypt
their own confidential files.
hashing implementation (used to convert passphrases to
keys) based on an implementation by Christoper
file is available from many sources on the web.
for which there are many open source implementations.
- Notepad2 editor,
also requires the Scintilla
- NotepadCrypt version 4.2.25 Full
Sources: This zip includes
the as-modified source code for all of the above, VC.net
NotepadCrypt and a simple command line tool which uses the same
format. There are a couple of "extras" - a test program
that uses tcsh and a java program that can read NotepadCrypt's
file format. Unless you are a programmer, you're probably
getting the binary only distribution for NotepadCrypt and NotepadCryptCL
Technical Details For
Sha256 hash is used to convert an ascii pass phrase to
a 256 bit encryption key. Pseudorandom data is used as an
initialization vector for AES-256 encryption. Optionally,
encryption key (NOT the passphrase) is encrypted using a
second master key
included in the
file header. This master key can be used as an emergency
recovery key, or as a second key to be used by programs to read
Overall File Format:
Consists of a preamble, the
encrypted data, and some padding at the end.
Encrypted files start with an 8
byte preamble, the first 4 bytes are a "magic number" to
identify the file
type (currently 0x04030201) and a 4 byte sub-file type,
either 0x00000001 or 0x00000002 if the file has a master
The next 16 bytes of the preamble are the initialization
vector for the
AES engine, to be used with the file key. Each file gets a
bytes of pseudo random noise.
Next, for master keyed files, is a 16 byte IV for the master
followed by a 32 byte block containing the file key, encrypted
master key, using the master key IV and CBC block chaining.
Next, is the actual file data, encrypted using the file key
and the IV,
and CBC block chaining.
Finally, are 1-16 bytes of padding to round out the last AES
block. Note that there are never 0 bytes of padding.
Passphrase Management: 256 bit encryption keys are
from the ascii passphrase by passing the passphrase through a
The passphrase itself is never stored anywhere except in the
dynamic memory of
the encrypting program.
Key management over file
If the file is opened using a file passphrase, the passphrase is
retained and used as the default for the passphrase dialog. If the
is opened using a master passphrase, the recovered file key is
the default encryption for new files. This allows an editor
does not know the file passphrase to propogate a file key he could
create. If the file contains a master key, and neither the file or
master passphrase is changed, then the retained,
file key is copied into the next file generation (It is still
valid). This allows an editor who knows only the file
to propogate a master key he could not create.