What's new?
Cipher 2.2 Information
Cipher is a small application to keep your secrets really secret by enciphering them with one of the most reliable encryption algorithms. The program can easily be installed on your Palm Pilot with instapp.exe application (WinDOS) or with pilot-xfer (Unix) as any other application. Download cipher-2.2.zip. (Under UNIX, you sometimes need unzip -L to uncompress to get lowercase filenames.)
News
  • Last Outlook fix didn't make it into the DA version. Now the versioning should be consistent. However, it still does not work with Outlook.
  • Thanks to Matthias Jordan Cipher also available as DA version. Sources are available as well.
Important Notes
  • This program contains a patented and copyrighted encryption algorithms. If you want to reuse the program code in one of your own programs you may have to ask Mediacrypt (part of the Ascom "Empire" :-) and the Cryptics Development Team for permission first.
  • This program uses encryption techniques which are strong enough to make the program export restricted for U.S. citizens and companies. You are possibly not allowed to make this program available to non U.S. citizens (however, I am :-)). So if you are a U.S. citizen or if you live inside the U.S. check the law first.
  • The encryption algorithms are designed to be non recoverable. So you are responsible for not forgetting your password or for misspelling it when encrypting text.
Common Questions
How can I recover a note if I forget my password?
There is no way to recover an encrypted text without the password. That's the idea of encrypting things. If there were a way to recover the text, it would be a bug in the program or the algorithm.
I cannot decrypt a message I have encrypted with a version prior 2.0.0?
Use Menu -> Cipher -> weak Decrypt
I have synced my encrypted data with Outlook and I cannot decrypt it back!
Outlook modifies the encrypted text in a way that it cannot be decrypted afterwards. I cannot help you with that. Use another Program.
About this Program
The program is quite simple. Whenever you start Cipher, the program will display the current contents of your clipboard (Hence Cipher is also a clipboard viewer.). You may scroll through your clipboard using the hardware buttons of the scroll arrows in the right lower corner.

The small text field under the clipboard viewer is the area to type in your password. The left button attempts the decryption of the text. The right button starts the encryption.

If the text has not been encrypted with the given key the program will notify you. Under rare circumstances with program will just display garbage (, which is not a bug but an inherent problem of my armoring technique).

After using one of these buttons the password will disappear, so you can show encrypted information to others without showing the password. As long as the checkbox on the left is checked and you didn't type anything into the password field, you can encrypt or decrypt with the current password. Of course, the password will not be saved after leaving the program.

Only if the right checkbox is checked, the contents of the text field will be copied into the clipboard when leaving the program. The checkbox will automatically be selected when encrypting text and deselected when decrypting text.

The messages you want to encrypt must not be longer than 3072 characters.

Security issues
DO NOT use programs like multi-clip hack if you want to keep your data confidential, as these programs might save the contents of the clipboard longer than you might want them to be saved.

Use passwords which you can easily remember but not be guessed by others. DO NOT use names, especially female ones, words from a dictionary, your or others birth dates or phone numbers. Initial characters from a weird sentence and deliberately misspelled words and words containing non alphanumerical chars like @, æ, or similar are a much better choice.

Technical issues

The program uses the IDEA block cipher encryption algorithm which is patented by Mediacrypt. The block cipher is being used with cipher block chaining (with zero initialization). The encrypted data will be ASCII armored with a simple armoring technique (8/7) to avoid null characters in the ciphertext. The length of the message and some random bits are being padded into the text.

In order to achive maximum entropy inside the key, the last 128 bits of the keyword are being used after encrypting the plain key (using IDEA and cipher block chaining and the usual block padding) with the first 128 bits of the plain key.

For further details take a look at the source.

To-do
As this is a freeware program I cannot afford a QA department, so I cannot assume responsibility for data corruption or loss.
  • There should be a confirmation box to retype your password when encrypting code. Right now you can lose your text by simply misspelling your password. This box should be optional.
  • The program code is ugly! Normally I write nicer code :-) Some of the comments are still German.
Registration
This program is postcard ware, which means that you may copy and distribute it as far as you like. I won't charge you any fee for this. But you may not charge anyone for this program either. If you like Cipher, you have to send send a postcard (with your email address) to
Holger Klawitter
Christianstr. 19
04105 Leipzig
Germany
(Postcards with local motives from your place are perfectly ok.)

If you like this program so much that you think I should get some money for it, well, go ahead - but no foreign checks, please :-). But remember: you won't get any additional service.

If you are a shareware programmer...

... keep in mind that you got my software for free. :-)
Further Questions
Questions, suggestions, bug reports and general praise can be sent to me. Put Cipher in into the subject line.
Acknowledgments
I would like to thank especially all developers of the UNIX tools for Pilot software development. Thanks to Wes Cherry, Jeff Dionne, Kenneth Albanowski, Ian Goldberg, Scott Grosch, Brian Swetland, and many more and thanks to USR for supplying the public with the developers handbooks.

The encryption algorithm being used is the IDEA algorithm, which is copyrighted and patented by Mediacrypt, a Swiss company. If you want to use the algorithm in one of your programs you have to check their license terms first.

The implementation is is in part based on the Cryptix cryptographic library.

Revision history
2.2 (2004-05-10)
Update DA to most recent version of Application. The application did not change!
2.1.1 (2003-11-09)
Cipher should now work with Tungsten
2.1 (Sep 18 2000)
Thanks to Matthias Jordan Cipher also availabe as DA version; Outlook proofness enhanced.
2.0.3 (Apr 27 2000)
Minor bugfix
2.0.2 (Feb 29 2000)
Made armouring Outlook-Proof.
2.0.1 (Feb 11 2000)
Minor bugfix.
2.0.0 (Feb 10 2000)
New key generation alogrithm. The 16 character limit has fallen. Cipher has now an edit menu with the usual commands.
1.1.3 (Jan 20 2000)
Minor Buxfix to make Cipher run on PalmOS 1.
1.1.2 (July 18 1999)
Licence change for commercial usage. New contact address.
1.1.1 (December 17 1998)
Proofreading of the manual was necessary.
1.1 (December 13 1998)
Better security, better memory checking and better clipboard handling.
1.0 (December 10 1998)
First official release.
Legalese
CIPHER is Copyright (c) 1998-2000 by Holger Klawitter

Permission to use, copy, modify, and distribute this software and its documentation for any non commerical purpose, without fee, and without a written agreement is hereby granted, provided that the above copyright notice and this paragraph and the following two paragraphs appear in all copies.

IN NO EVENT SHALL THE AUTHOR BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF THE AUTHOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

THE AUTHOR SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS ON AN "AS IS" BASIS, AND THE AUTHOR HAS NO OBLIGATIONS TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.

License granted by IT_SEC / Ascom

This Software/Hardware product contains the algorithm IDEA[tm] as described and claimed
in US Patent No. 5,214,703, EPO Patent No. 0482154 and filed Japanese Patent Application
No. 508119/1991 "Device for the conversion of a digital block and use of same"
(hereinafter referred to as "Algorithm"). Any use of the Algorithm for Commercial
Purposes is thus subject to a license from Ascom Systec Ltd. of CH-5506 Mägenwil
(Switzerland), being the patentee and sole owner of all rights, including the term
IDEA[tm]. Commercial Purposes shall mean any revenue generating purpose including but
not limited to

i) using the Algorithm for company internal purposes (subject to a Site License).

ii) incorporating an application software containing the Algorithm into any hardware
and/or software and distributing such hardware and/or software and/or providing services
related thereto to others (subject to a Product License).

iii) using a product containing an application software that uses the Algorithm (subject
to an End-User License), except in case where such End-User has acquired an implied
license by purchasing the said product from an authorized licensee or where the End-User
has already signed up for a Site License.

All such commercial license agreements are available exclusively from Ascom Systec Ltd.
and may be requested via the Internet World Wide Web at
http://www.ascom.ch/systec/infosec.html or by sending an electronic mail to
IDEA@ascom.ch. Any misuse will be prosecuted.

Use other than for Commercial Purposes is strictly limited to data transfer between
private individuals and not serving Commercial Purposes. The use by government agencies,
non-profit organizations etc. is considered as use for Commercial Purposes but may be
subject to special conditions. Requests for waivers for non-commercial use (e.g. by
software developers) are welcome.

email
Mon May 10 20:39:45 CEST 2004