Saferoom iOS

Contents

Getting started

Saferoom iOS is a mobile application that is embedded into Evernote infrastructure and provides users zero-knowledge encryption functionality to protect their data.

When you launch application for the first time, you will see the following screen:

IMG_0042_phone

Here you need to specify your password (encryption key). Please note if you’re using other Saferoom versions (Windows, MacOS and etc.), password in all versions should be the same. Specify your password and login to application.

Then, optionally, you can configure the passcode and Touch ID
IMG_0043_phone

Overview

Saferoom iOS consists of three main sections:

  • Create encrypted item: here you can create encrypted notes (text, image and etc.)
  • View encrypted item: here you can browse your encrypted notes and check its contents (decrypt them)
  • Settings: here you can configure Saferoom parameters

IMG_0049_phone
Before you start to encrypt/decrypt your data, you need to connect Saferoom to your Evernote account. To do this please follow the steps below:

  1. Click the Evernote icon in the upper left corner
  2. Click Connect to Evernote button. Evernote authorization window opens
    IMG_0046_phone
  3. Specify your Evernote credentials to authorize Saferoom application
  4. Click Sign In
  5. If your credentials are correct, Evernote will authorize Saferoom Application to access your Evernote account. You should receive the corresponding email.
    IMG_0047_phone

Create encrypted item section allows you to create encrypted item. You can create the following items:

  • Simple text note
  • Note with images, taken from your Image gallery
  • Note with image, taken directly from your camera

In order to select the item to create, you can swipe the section to the right and select the corresponding item. See the screenshot below:

IMG_0066_phone

View encrypted item section allows you to browse your encrypted notes and decrypt them if necessary. You can use the following views:

  • List of notebooks (default view)
  • Tags
  • Saved searches

In order to select the item to view, you can swipe the section to the right and select the corresponding item See the screenshot below:

IMG_0064_phone

In the Settings section you can configure various Saferoom parameters:

IMG_0060_phone

Data encryption

Now, let’s talk how to encrypt your notes using Saferoom iOS. For demonstration purposes, I will create simple text note and encrypt it using Saferoom. So, follow the steps below:

  1. Launch Saferoom app
  2. Type your password and click Authenticate
  3. Click Create Encrypted Item
  4. In the Note Title field specify note’s title. For example – test note
  5. Click Notebook > and select the notebook you want to create your encrypted note in. For example – My notebook
  6. Type the text
    IMG_0053_phone
  7. Click Encrypt. New encrypted note will be created, placed into My notebook notebook and uploaded to the Evernote server

Data decryption

Now, let’s decrypt the note, encrypted in the previous section. To do this, please follow the steps below:

  1. Launch Saferoom app
  2. Type your password and click Authenticate
  3. Click View Encrypted Item
  4. In the list of notebooks select the notebook, where you’ve created your encrypted note. Since we’ve created encrypted note in My notebook notebook, let’s select it.
    IMG_0052_phone
  5. Select the encrypted note. You will see the note with encrypted content
    IMG_0058_phone
  6. Click Decrypt to see the contents
  7. Saferoom will decrypt your note and show its contents
    IMG_0059_phone

Important! When you decrypt the note, Saferoom decrypts in memory and doesn’t save it anywhere. It means, that if you go to back to the list of notes and then back to the same note, you will see the encrypted content. If you want to decrypt the note and place decrypted note into another notebook or to some external application, you need to use Saferoom Desktop versions (Windows, MacOS)

Changing password

Please be aware that after changing your password you won’t be able to decrypt notes, encrypted by the old password!

If you want to change your password, please follow the steps below:

  1. Launch Saferoom app
  2. Type your password and click Authenticate
  3. Click Settings
    IMG_0060_phone
  4. Click Modify password/Passcode usage
  5. Type your current password, new password and confirm your new password
    IMG_0061_phone
  6. Click Change password. Saferoom will change your password
  7. Now, you can close application and authenticate using new password

Now, all notes will be encrypted using your new password. Please also remember to change passwords on all devices with Saferoom installed. See “Changing password” section on the following pages:

Saferoom MacOS

Contents

Getting started

To start Saferoom application follow the steps below:

  1. Download SaferoomDesktop.zip file to your PC and move it to Applications Folder and pin it to Dock if you want. Or you can install the application directly from App Store
  2. Start the application. You will see the following screen
    Saferoom_Welcome
  3. Specify and confirm your password (encryption key). In order to decrypt a note you must specify the same password that was used to encrypt it. It means if you have, for example, Saferoom MacOS and Saferoom iOS installed – you need to use the same password in both of them
  4. Click Save password and then click Next
  5. On this step Saferoom will try to create two notebooks: Encrypt_Inbox and Decrypt_Inbox. By default these notebooks are used by Saferoom as notebooks for notes to be encrypted/decrypted and encrypted/decrypted notes. For more information about Saferoom notebooks see What is Saferoom?
    Saferoom Setting Up Notebooks
  6. Click Create notebooks button. Saferoom will create these notebooks (notebooks are created as LOCAL notebooks) on your Evernote client. If for some reason these notebooks were not created, you can create them manually. But please note that you must use only LOCAL notebooks for encryption and decryption. Saferoom doesn’t check if the notebook is Local or Synced
    Saferoom_Setting_Notebooks_Success
  7. You can check the created notebooks in your Evernote client

Overview

Saferoom MacOS consists of two windows:

  • Main application window
  • Preferences window

Main application window consists of three buttons:

  • Encrypt notes: button used to initiate the Encryption procedure
  • Decrypt notes: button used to initiate the Decryption procedure
  • Details: button used to open the Application Log

Screen Shot 2015-03-30 at 7.52.52 PM

Details button

Preferences window contains two tabs: General and Passwords.
Screen Shot 2015-03-30 at 7.55.15 PM
In General tab you can configure the following:

  • Notebook to encrypt from: this is the notebook where you should put the notes you want to encrypt
  • Notebook to put encrypted notes to: this is the notebook where Saferoom application will place all encrypted notes
  • Tag for encrypted notes: here you can specify the tag, that will be added to all your encrypted notes.
  • Notebook to decrypt from: this is the notebook where you should put the notes you want to decrypt
  • Notebook to put decrypted notes to: this is the notebook where Saferoom application will place all decrypted notes
  • Tag for decrypted notes: here you can specify the tag, that will be added to all your decrypted notes.

For more information about these notebooks and tags please check Saferoom notebooks for Evernote (Desktop versions only) section.

Screen Shot 2015-03-30 at 7.55.27 PM

Passwords tab is used to change your current password. Please remember that password length should be minimum 8 characters. Also be aware that after changing your password you won’t be able to decrypt notes, encrypted with the old password

Data encryption

Now, let’s talk how to encrypt your notes using Saferoom MacOS. Since the names of Saferoom notebooks may vary, i will be using their default names:

  • Notebook to encrypt from: Encrypt_Inbox
  • Notebook for encrypted notes: Encrypt_Inbox

And of course, it is assumed that Saferoom MacOS and Evernote MacOS are installed on your PC. So, in order to encrypt data, please follow the steps below

  1. Open your Evernote client and create notes you want to encrypt and copy (move) then to Encrypt_Inbox. This notebook is created automatically during Saferoom first launch. Or, if you already have some notes to encrypt, please copy (move) then to Encrypt_Inbox notebook. As you remember this notebook is a LOCAL notebook, so your data don’t go anywhere
    Saferoom_Notebook_List
    Saferoom_Encrypted_Note
  2. Open Saferoom application and click “Encrypt notes” button. Or right-click on Saferoom icon and select “Encrypt now”
    Screen Shot 2015-03-30 at 7.52.52 PM
    Saferoom_Right_Click
  3. Open Evernote and check that notes have been successfully encrypted and placed into Encrypt_Inbox notebook
    Saferoom_Note_Encrypted
  4. Copy(move) these notes to some SYNCED notebook and sync the content with Evernote server
  5. Open your browser and connect to your Evernote account. Check that your encrypted notes have been uploaded to the Evernote server

Please note that original note stays in Encrypt_Inbox notebook. You should handle it manually

Data decryption

Now, let’s talk how to decrypt your encrypted notes using Saferoom MacOS. Since the names of Saferoom notebooks may vary, i will be using their default names:

  • Notebook to decrypt from: Decrypt_Inbox
  • Notebook for decrypted notes: Decrypt_Inbox

Please pay attention that Decrypt_Inbox must always be a local only notebook

And of course, it is assumed that Saferoom MacOS and Evernote MacOS are installed on your PC. So, in order to decrypt data, please follow the steps below

  1. Open your Evernote client and sync the content with Evernote server. This is needed, for example, if you encrypt your notes on other PC or mobile phone.
  2. Copy (move) your encrypted notes to Decrypt_Inbox note
    Saferoom_Decrypt_Inbox_Note
  3. Open Saferoom application and click “Decrypt” button. Or right-click on Saferoom icon and select “Decrypt now”
    Screen Shot 2015-03-30 at 7.52.52 PM
    Saferoom_Right_Click_DecryptNow
  4. Open Evernote and check that notes have been successfully decrypted and placed into Decrypt_Inbox notebook
    Saferoom_Decryption_Success
  5. If decryption was unsuccessful and you see the error – “HMAC mismatch”, then it means your password is incorrect – the note was encrypted with the password which is not equal to the one your are using right now
    Saferoom_Decryption_Error

Changing password (encryption key)

Please be aware that after changing your password you won’t be able to decrypt notes, encrypted by the old password!

If you want to change your password, please follow the steps below:

  1. Open Saferoom application
  2. Click Saferoom Desktop in the upper left corner and select Preferences
  3. Select Passwords tab
    Screen Shot 2015-03-30 at 7.55.27 PM
  4. In the Current password field type your current password
  5. In the New password field type your new password. Password should be minimum 8 characters long
  6. In the Confirm new password field type your new password once again
  7. Click Change password button. Your password will be changed.

Now, all notes will be encrypted using your new password. Please also remember to change passwords on all devices with Saferoom installed. See the following sections for more details:

Demo

Getting started with Saferoom MacOS

Encrypting Evernote note with Saferoom MacOS

Decrypting Evernote note with Saferoom MacOS

Saferoom Windows

Contents

Getting started

To start Saferoom application follow the steps below:

  1. Download Saferoom MSI file to your PC and launch it. Please follow the wizard intructions to install Saferoom Windows on your PC
  2. Start the application. You will see the following screen:
    Saferoom_FirstScreen
  3. In the Password field type your password (encryption key). This password will be used to encrypt and decrypt your data. If you’re using Saferoom on other platforms (Mac OS, iOS and etc.), this password should be the same across all your Saferoom applications.
  4. In the Confirm password field please confirm your password
  5. In the Notebook to encrypt from type the notebook that will be used to encrypt your notes. Notes you want to encrypt should be placed in this notebook. By default, Saferoom uses name Encrypt_Inbox. You can leave it or type your own name
  6. In the Notebook to decrypt from type the notebook that will be used to decrypt your notes. Notes you want to decrypt should be placed in this notebook. By default, Saferoom uses name Decrypt_Inbox. You can leave it or type your own name
  7. In the Notebook for encrypted notes type the notebook that will be used to store your encrypted notes. All notes, encrypted by Saferoom, will be placed in this notebook. By default, Saferoom uses name Encrypt_Inbox. You can leave it or type your own name
  8. In the Notebook for decrypted notes type the notebook that will be used to store your decrypted notes. All notes, decrypted by Saferoom, will be placed in this notebook. By default, Saferoom uses name Decrypt_Inbox. You can leave it or type your own name
  9. Click Start to launch Saferoom application. Saferoom will the check if the Evernote application is installed on your PC, and then it will create specified notebooks if they do not exist. Then application will start in tray

    Saferoom_RunninginTray

You can check that all specified notebooks are created in your Evernote account.
Saferoom_Notebooks

Overview

Saferoom Windows consists of two windows:

  • Main application window
  • Settings

Main application window consists of three buttons:

  • Encrypt: button used to initiate the Encryption procedure
  • Decrypt: button used to initiate the Decryption procedure
  • Details: button used to open the Application Log

SaferoomWindows_Main

Saferoom_ApplicationLog

By default application starts in the tray. But you can always open the Main windows by right-clicking the icon in the tray and selecting Open. Or you can double click the tray icon

Settings windows contains two tabs: Settings and Passwords:
Saferoom_Settings

In General tab you can configure the following:

  • Notebook to encrypt from: this is the notebook where you should put the notes you want to encrypt
  • Notebook for encrypted notes to: this is the notebook where Saferoom application will place all encrypted notes
  • Tag for encrypted notes: here you can specify the tag, that will be added to all your encrypted notes.
  • Notebook to decrypt from: this is the notebook where you should put the notes you want to decrypt
  • Notebook for decrypted notes to: this is the notebook where Saferoom application will place all decrypted notes
  • Tag for decrypted notes: here you can specify the tag, that will be added to all your decrypted notes.

For more information about these notebooks and tags please check Saferoom notebooks for Evernote (Desktop versions only) section.

Passwords tab is used to change your current password:
SaferoomWin

Please remember that password length should be minimum 8 characters. Also be aware that after changing your password you won’t be able to decrypt notes, encrypted with the old password

Data encryption

Now, let’s talk how to encrypt your notes using Saferoom Windows. Since the names of Saferoom notebooks may vary, i will be using their default names:

  • Notebook to encrypt from: Encrypt_Inbox
  • Notebook for encrypted notes: Encrypt_Inbox

And of course, it is assumed that Saferoom Windows and Evernote are installed on your PC. So, in order to encrypt data, please follow the steps below:

  1. Open your Evernote client and create notes you want to encrypt and copy (move) then to Encrypt_Inbox. This notebook is created automatically during Saferoom first launch. Or, if you already have some notes to encrypt, please copy (move) then to Encrypt_Inbox notebook. As you remember this notebook is a LOCAL notebook, so your data don’t go anywhere
    Saferoom_EncryptInbox
  2. Right click on Saferoom icon in the tray and select “Encrypt now”. Or if the Main application window is open, then click Encrypt. Saferoom will encrypt the note and place in the same notebook (remember, in this example we’re using the same notebooks for notes to encrypt and encrypted notes)
    Saferoom_EncryptedNote
  3. Copy(move) these notes to some SYNCED notebook and sync the content with Evernote server
  4. Open your browser and connect to your Evernote account. Check that your encrypted notes have been uploaded to the Evernote server

Please note that original note stays in Encrypt_Inbox notebook. You should handle it manually

Data decryption

Now, let’s talk how to decrypt your encrypted notes using Saferoom Windows. Since the names of Saferoom notebooks may vary, i will be using their default names:

  • Notebook to decrypt from: Decrypt_Inbox
  • Notebook for decrypted notes: Decrypt_Inbox

Please pay attention that Decrypt_Inbox must always be a local only notebook

And of course, it is assumed that Saferoom Windows and Evernote are installed on your PC. So, in order to decrypt data, please follow the steps below:

  1. Open your Evernote client and sync the content with Evernote server. This is needed, for example, if you encrypt your notes on other PC or mobile phone.
  2. Copy (move) your encrypted notes to Decrypt_Inbox note
    Saferoom_DecryptInbox
  3. Right click on Saferoom icon in the tray and select “Decrypt now”. Or if the Main application window is open, then click Decrypt. Saferoom will decrypt the note and place in the same notebook (remember, in this example we’re using the same notebooks for notes to decrypt and decrypted notes)
    Saferoom_Decrypted
  4. If decrypted note is empty, most probably it was encrypted with another password. You can check the Application log for more details

Note cache

In order to prevent duplicates (for example, encrypt note which has been already encrypted before) Saferoom stores the notes’ data in a special memory cache – Note cache. For example, let’s see the example when Note cache is not used:

  1. We have one text note in Encrypt_Inbox (for simplicity I will be using the default names)
  2. We click Encrypt, Saferoom encrypts this note and puts it into notebook for encrypted notes (Encrypt_Inbox by default)
  3. Then if we click Encrypt again, Saferoom encrypts it again and puts it into notebook for encrypted notes. So, we have duplicate notes
    Saferoom_duplicates

Now, the same scenario with Note cache:

  1. We have one text note in Encrypt_Inbox (for simplicity I will be using the default names)
  2. We click Encrypt, Saferoom encrypts this note, copies note’s hash value into Note cache and puts note into notebook for encrypted notes (Encrypt_Inbox by default)
  3. Then we click Encrypt again, Saferoom calculates the hash of text note, checks that this note’s hash is already in the Note cache (this note has been already encrypted) and ignores it

The same applies to the Decryption procedures. Please note that Saferoom is using one Note cache for encrypted and decrypted notes

Of course, if you want to encrypt/decrypt this note again, you can easily clear the Note cache. To do this, please follow these steps:

  • Right-click the Saferoom app icon in the tray and select Clear note cache.
  • If the Main application window is open, select Tools > Clear note cache

Changing password (encryption key)

Please be aware that after changing your password you won’t be able to decrypt notes, encrypted by the old password!
If you want to change your password, please follow the steps below:

  1. Start Saferoom application. By default, it goes to the tray.
  2. Open Main application window. You can do it either by right-clicking the Saferoom icon in tray and selecting Open or by double-clicking the Saferoom icon
  3. Select Tools > Settings. Settings dialog appears
    Saferoom_Settings
  4. Select Passwords tab
    SaferoomWin
  5. In the Current password field type your current password
  6. In the New password field type your new password. Password should be minimum 8 characters long
  7. In the Confirm new password field type your new password once again
  8. Click Apply button. Your password will be changed. Starting from this moment all notes will be encrypted using new password

Please also remember to change passwords on all devices with Saferoom installed. See the following sections for more details:

Saferoom concepts

What is Saferoom?

Saferoom is a set of mobile and desktop apps that are embedded into Evernote infrastructure and provides to users a zero-knowledge encryption functionality

Saferoom and Symmetric Encryption

To protect user’s personal data Saferoom uses symmetric encryption. It means that you just have to specify the key (password), which will be used to encrypt/decrypt your data

For encrypting your data, Saferoom is using Industry-standard AES256 algorithm, which currently is the strongest available encryption algorithm. Saferoom app doesn’t use any custom security modules, only OS built-in and native tools

Saferoom is a pure client application

Saferoom application doesn’t use any servers, accounts or cloud infrastructure. That means you’re the only person who knows the password, and this password cannot be restored by any means. If you forget your password, you won’t be able to decrypt data, encrypted using this password!

Saferoom and passwords

Saferoom doesn’t send your password anywhere and doesn’t sync it between devices. You have to specify password separately for each device with Saferoom installed. Of course, if you want to encrypt/decrypt your data on all devices the password on all devices should be the same

For simplicity and better user experience, Saferoom stores users’ passwords. On Desktop and mobile versions we’re using only OS built-in security tools to protect your password. But please be aware that these tools do not provide 100% protection, so you should also consider protecting your PC/phone/tablet using 3rd party tools (firewalls, antiviruses and etc.)

Saferoom and Data Manipulation

Since the idea of Saferoom application is a seamless integration into existing popular platforms, we don’t do any data manipulation (only encrypt and decrypt data) and use only platforms’ officially supported APIs

Saferoom notebooks for Evernote (Desktop versions only)

In order to encrypt/decrypt your data, Saferoom Desktop is using special notebooks. These notebooks are created automatically during application start. These notebooks have default names, but you can change them to whatever you want:

  • Notebook for notes to be encrypted (Default name: Encrypt_Inbox). This is the notebook, where you need to put notes you want to encrypt. This notebook is created as a LOCAL notebook
  • Notebook for encrypted notes (Default name: Encrypt_Inbox ). This notebook contains encrypted notes. So after encryption, all encrypted notes will be placed into this notebook. This notebook is created as LOCAL notebook
  • Notebook for notes to be decrypted (Default name: Decrypt_Inbox). This is the notebook where you should put the notes you want to decrypt. This notebook is created as LOCAL notebook
  • Notebook for decrypted notes (Default name: Decrypt_Inbox). This notebook contains decrypted notes. After decryption is finished all decrypted notes will be placed into this notebook. This notebook is created as a LOCAL notebook

As you see by default Saferoom is using the same notebooks for non-encrypted/encrypted and encrypted/decrypted notes. However you can separate these notebooks and specify the notebooks you want. For the information about how to configure Saferoom notebooks see the corresponding section:

Saferoom and Evernote tags

Saferoom application allows you to specify the tags that will be added to your encrypted/decrypted notes. For the information about tags and how to configure them see the corresponding section:

Encrypting and Decrypting data using Saferoom

For more information about data encryption/decryption check the following links for each Saferoom version.

For more advanced topics check the following sections:

Concepts

What is encryption?

Encryption is the process of transforming the original data (“plain text”) into something unreadable by the third party. If you want to see this content (decrypt it) you need a key, that was used to encrypt.
If you don’t have it – you cannot see the content

Types of encryption

Basically there are two Encryption techniques:

  • Symmetric Encryption
  • Asymmetric Encryption

Symmetric encryption

In symmetric encryption only one key is used. That key is used to encrypt and decrypt data. So, you have some data that you want to encrypt. You specify the key (password) and your data is encrypted using this key. Then, if you want to see the contents (decrypt it) you enter the same key and your data is decrypted.

helpGetsaferoom_Concepts_symmetricEncryption
If you don’t know the key obviously that you won’t be able to decrypt the message
helpGetsaferoom_Concepts_symmetricEncryption_noKey

So, in this technique the only thing you need to worry about is your key. Nowadays there are lot of available tools that can be used to protect your encryption key. Finally, you can just remember it and keep it in your memory.

Symmetric encryption is good and simple, but has one major issue – secure data exchange. Imagine that you want to send protected message to your friend. You encrypt it using your key and send it to your friend. So, your friend receives it and wants to see the original content. But he can’t because he doesn’t know the key.

So, if you want your friend to read your message, you need to send him a key. And this is problem – how to send this key that nobody can intercept it? Of course there are some ways to do it like HTTPs or just calling your friend and asked him to write the key. But still it is complicated (especially for non-technical people) and not convenient. You have to do a lot of things before sending protected message. Sometimes it’s not worth it

Asymmetric Encryption

Asymmetric Encryption was the answer to these problems. So, instead of one key we have two keys – public and private. These keys are generated together and bound to each other using complicated math

So, let’s see how the asymmetric encryption can be used to exchange protected messages. Suppose Batman wants to send the encrypted message to Jim Gordon.

helpGetsaferoom_Concepts_asymmetricEncryption

Here are the steps to do it.

  1. Batman asks Jim to send his public key. Public key can be sent via public internet without any precautions. This is why it’s called public
  2. Jim sends Batman his public key
  3. Batman creates a message and encrypts it using Jim’s public key. So, Batman is using Jim’s public key as the password to encrypt his message
  4. Then Batman sends this message over public internet to Jim
  5. Jim receives the message and wants to see its contents
  6. The only way he can do it is using his Private key. Remember, that public and private keys are always generated together and bound to each other
  7. Jim uses his Private key to decrypt and read Batman’s message
  8. Then if Jim wants to send protected message back to Batman, he just asks Batman to send his public key and encrypts the message using his Public key. Then Batman can decrypt this message using his Private key

The strongest point about Asymmetric encryption is that Private key (used to decrypt the messages) never leaves your PC, so it cannot be intercepted by anyone. So Batman and Jim can exchange messages securely via public channel. So, the only thing they need to worry about is their private keys. But modern OS made this task is even easier by providing built-in protection modules. To provide even better protection, you can use various 3rd party tools

But, of course this level of security comes at some cost. Asymmetric encryption is much more complicated than symmetric. For non-technical (but sometimes ever for technical) people it will very hard to understand and implement this in your daily routines

See the What is Saferoom? section to find out how Saferoom can be used to protect your data.