Screenshots and tutorials are at evpo.net/encryptpad/

EncryptPad

<div id="cutline"></div>

EncryptPad is an application for viewing and editing symmetrically encrypted text. Using a simple and convenient graphical and command line interface, EncryptPad provides a tool for encrypting and decrypting binary files on disk while offering effective measures for protecting information, and it uses the most widely chosen quality file format OpenPGP RFC 4880. Unlike other OpenPGP software which main purpose is asymmetric encryption, the primary focus of EncryptPad is symmetric encryption.

Table of Contents

• Features
• Supported platforms
• Why use EncryptPad?
• When do I need EncryptPad?
• When can I not use EncryptPad?
• File types
  • GPG
  • EPD
  • Feature support
• What is an EncryptPad key file?
• EPD file format when encrypting with a key
• Use CURL to automatically download keys from a remote storage
• Known weaknesses
• Command line interface
  • encryptcli
  • encryptpad
• Installing EncryptPad
  • Portable executable
  • Arch Linux
  • Ubuntu or Linux Mint
• Compile EncryptPad on Windows
  • Prerequisites
  • Steps
• Compile EncryptPad on macOS
• Compile EncryptPad on Linux
  • Fedora
  • Ubuntu
  • Debian
  • openSUSE
  • Archlinux
  • FreeBSD
  • VoidLinux
• Portable mode
• FakeVim mode
  • FakeVim: input and output commands
• Does EncryptPad store passphrases in the memory to reopen files?
• Acknowledgements
• EncryptPad integrity verification
  • OpenPGP signing and certification authority
  • Step by step verification process
• License
• Contact and feedback

<div id="features"></div>

Features

• Symmetric encryption
• Passphrase protection
• Key file protection
• Combination of passphrase and key file
• Random key file generator
• Key repository in a hidden directory in the user's home folder
• Path to a key file can be stored in an encrypted file. If enabled, you do not need to specify the key file every time you open files.
• Encryption of binary files (images, videos, archives etc.)
• FakeVim mode to edit files with a Vim-like user interface
• Read only mode to prevent accidental file modification
• UTF8 text encoding
• Windows/Unix configurable line endings
• Customisable passphrase generator helps create strong random passphrases.
• File format compatible with OpenPGP
• Iterated and salted S2K
• Passphrases are not kept in the memory for reuse, only S2K results (more …)
• Cipher algorithms: TripleDES, CAST5, AES, AES192, AES256, Camellia128, Camellia192, Camellia256, Twofish
• Hash algorithms: SHA-1, SHA-256, SHA-384, SHA-512, SHA-224
• Integrity protection: SHA-1
• Compression: ZLIB, ZIP, Bzip2
• ASCII armor
• Large multi-gigabyte files are supported

<div id="supported-platforms"></div>

Supported platforms

• Windows

• Linux

• Mac OS

<div id="why-use-encryptpad"></div>

Why use EncryptPad?

• Multi-platform codebase: it has been compiled on three popular operating systems and can be adapted to more.

• Portable: simply copy the executable to a memory stick or a network drive and use on all your computers.

• Simple to use: EncryptPad is a text editor and an encryption tool for binary files but it saves encrypted, compressed and integrity protected files.

• Open source with concise codebase: you can read the code or ask somebody you trust to read it for you to ensure that there are no back doors and your information is safe.

• OpenPGP file format: you can encrypt a file with another tool (gpg for example) implementing the format and open it with EncryptPad and vice versa.

• Double protection: randomly generated key files in addition to passphrases.

<div id="when-encryptpad"></div>

When do I need EncryptPad?

• You have a file containing sensitive information such as account names, passphrases or IDs. It is stored on an unprotected media or you can't control who accesses the file, whether it is located on a computer at work, a laptop while on the move, a memory stick or a cloud drive.

• You need to send an encrypted file to somebody with whom you prearranged a shared secret (a passphrase or a key file). In this case, you need to exchange the secret personally (not via an accessible Internet protocol) for the protected file to be decrypted by the recipient.

• You store or receive a file and need to ensure that it has not been tampered with or corrupted during transmission. EncryptPad uses SHA-1 hashing algorithm to verify the data's integrity.

• You need protection against a brute force attack in case your storage gets in somebody's hands. EncryptPad allows to generate a key and store it separately from encrypted information. The unwanted person would need two secrets to open an encrypted file: the passphrase and the key. Consider this example: you store your encrypted file on a memory stick, and protect it with a passphrase. In addition to that, you protect the file with a file key and store the key on computers where you open the file. If the memory stick is lost, the passphrase is not enough to decrypt your information. The key file is also needed and it is not on the memory stick.

<div id="when-can-i-not"></div>

When can I not use EncryptPad?

• You need to send a file to somebody with whom you have not prearranged a shared secret (a passphrase or a key file). In this case, you need asymmetric encryption with public and private keys. Fortunately, there are many convenient tools suitable for the task.

• You are on public transport or a common area where somebody can see your screen.

• EncryptPad is not effective on a computer infected with spyware or a virus. Do not use it on a public, shared or compromised computer if you do not trust its safety.

• IMPORTANT: Before using EncryptPad ensure that it is legal in your country to use encryption ciphers that EncryptPad provides. You may find useful information at cryptolaw.org.

• IMPORTANT: If you forgot your passphrase or lost a key file, there is nothing that can be done to open your encrypted information. There are no backdoors in the formats that EncryptPad supports. EncryptPad developers take no responsibility for corrupted or invalid files in accordance with the license.

<div id="file-types"></div>

File types

The format is determined by an extension of a file. Main extensions of encrypted files are GPG and EPD.

<div id="gpg"></div>

GPG

This file type conforms to OpenPGP format and it is compatible with other OpenPGP tools. Use it if you need to open a file where EncryptPad is not available. The format does not support double protection (key file + passphrase). So you need to choose between key file or passphrase and cannot use both. In addition, it cannot store file key path in the encrypted file. It means that every time you open a file encrypted with a key file, the application will ask you which key file to use.

<div id="epd"></div>

EPD

EncryptPad specific format. Other OpenPGP software will not be able to open it unless the file was only protected with a passphrase. If passphrase only protection was used, the file is effectively a GPG file (see GPG section above). However, when a key file protection is involved, it is a GPG file in a WAD container. See the following chapter for details.

<div id="feature-support"></div>

Feature support

<table style="border: 1px solid black"> <tr> <th>Type</th><th>Feature</th><th>Supported</th><th>Key file path\*</th><th>OpenPGP compatible</th><th>File format</th> </tr> <tr><td>GPG</td><td>Passphrase</td><td>yes</td><td>n/a</td><td>yes</td><td>OpenPGP file</td></tr> <tr><td>GPG</td><td>Key file</td><td>yes</td><td>no</td><td>yes</td><td>OpenPGP file</td></tr> <tr><td>GPG</td><td>Key file and passphrase</td><td>no</td><td>n/a</td><td>n/a</td><td>n/a</td></tr> <tr><td>EPD</td><td>Passphrase</td><td>yes</td><td>n/a</td><td>yes</td><td>OpenPGP file</td></tr> <tr><td>EPD</td><td>Key file</td><td>yes</td><td>yes</td><td>no</td><td>Nested: WAD/OpenPGP</td></tr> <tr><td>EPD</td><td>Key file and passphrase</td><td>yes</td><td>yes</td><td>no</td><td>Nested: OpenPGP/WAD/OpenPGP</td></tr> </table>

* Key file location is persisted in the header of an encrypted file so the user does not need to specify it when decrypting.

<div id="key-file"></div>

What is an EncryptPad key file?

In symmetric encryption the same sequence is used to encrypt and decrypt data. The user or another application usually provides this sequence in the form of an entered passphrase or a file. In addition to entered passphrases, EncryptPad generates files with random sequences called "key files".

When the user creates a key file, EncryptPad generates a random sequence of bytes, asks the user for a passphrase, encrypts the generated sequence and saves it to a file.

The format of the file is OpenPGP. Other OpenPGP impleme