One-Time Passwords

One-Time Passwords (OTP) is a new functionality, introduced in Saferoom Windows v1.2. Before this user can encrypt/decrypt notes using only one password (master password), specified during Initial configuration or changed afterwards. Now with a help of OTP functionality user can encrypt/decrypt his notes using password, specified during runtime. This password is not saved anywhere and, obviously, cannot be restored.

Using OTP is very simple:

  • Open Main application window and check Use One-Time Password option. Then if you click Encrypt or Decrypt button, system will prompt you for the password. Specify the password and your notes will be encrypted/decrypted using this password
  • Open Main application window and uncheck Use One-Time Password option. After that if you click Encrypt or Decrypt, Saferoom will use your default (or master) password

While using OTP, please note the following:

  • OTP passwords are not saved anywhere. After encrypting/decrypting notes, Saferoom deletes this password from memory. Thus these passwords cannot be restored
  • Saferoom doesn’t identify the notes, encrypted using OTP or master password. That’s why if you’re using OTP during encryption, all notes placed in the Notebook for Notes to be encrypted (Encrypt_Inbox, by default) will be encrypted using this OTP. If you’re using OTP during decryption, then Saferoom will try to decrypt all notes in the Notebook for Notes to be Decrypted (Decrypt_Inbox, by default) using this password. If this notebook contains notes, encrypted using master password, Saferoom will not decrypt them and generate the corresponding error in the Application log

Here is the small OTP demo:

Saferoom v1.2 Upgrade Notes

Please follow these steps to install Saferoom v1.2:

  1. If you have Saferoom v1.1 or v1.0 installed, uninstall them from your PC (using Control Panel > Program Features)
  2. Start Saferoom v1.2 installation file (*.exe)
  3. Follow the wizard instructions
  4. When wizard finishes, start the application
  5. If you’re installing Saferoom v1.2 for the first time (you didn’t install Saferoom v1.2 before), you will see the window, that will prompt you to import your previous configuration (Saferoom v1.1 or v1.0 configuration files).
  6. If you want to import your previous configuration, click OK. File dialog opens. Assuming that your system is installed on Disk C, navigate to the following folder:
    • For version 1.1: C:/Users/[Username]/AppData/Local/SECOM/Saferoom_UrlXXXXXX/
    • For version 1.0: C:/Users/[Username]/AppData/Local/SECOM/Saferoom_UrlXXXXXX/
  7. Select user.config file and click OK
  8. Saferoom will import your previous configuration and will start as usual. If something goes wrong during import,Saferoom will start the Initial Configuration procedure.

If you have any problem installing Saferoom v1.2, please contact us at



What is Saferoom?

Saferoom is a set of mobile and desktop applications that offer zero-knowledge functionality for popular online platforms (Evernote, Dropbox, Google Drive, OneNote and etc.). First supported platform is Evernote

What is zero-knowledge encryption?

Zero-knowledge encryption is a concept when user can protect his data using only his password (encryption key) and he is the only one who can access this data. This password or encryption key is stored on user’s local PC/tablet/mobile phone and is never sent to the Internet. If user forgets his password, he won’t be able to restore it and data, protected using this password, will be lost.

How can I protect my Evernote data using Saferoom Desktop clients?

To protect your data Saferoom Desktop client uses 4 special LOCAL notebooks. These notebooks are created automatically during Saferoom first launch and then can be changed during runtime. You put the notes you want to protect into these notebooks and initiate the encryption procedure. Then these encrypted notes can be put into some special SYNCED notebook and uploaded to Evernote cloud. Then these notes can be accessed from PC/tablet/mobile phone.

For more information about how to protect your data using Saferoom on different platforms please check the following sections:

What about Saferoom iOS? Can I use it to protect my data?

Yes, but Saferoom iOS works directly with Evernote API and doesn’t create any notebooks. When you create encrypted item using Saferoom iOS, it first creates a note, encrypts it using your password and then uploads already encrypted note to Evernote cloud. Then you can access this note from any device using Evernote synchronization

Can I encrypt data on one device and then access it on another?

Yes, of course. Data, encrypted on one device can be easily decrypted on another device. The only thing you need is password (encryption key). Since password is not sent anywhere and stays local, you need to specify the same password on each device with Saferoom installed. If you change password on one device and encrypt data using new password, to decrypt it you need to change password on all other devices.

Please check the following links:

Password is stored on a local PC – is it safe?

To store your password, Saferoom uses the OS built-in tools, like KeyChain in MacOS and ProtectedData in Windows. Of course these tools do not provide 100% protection, so for better security you should use 3rd party security tools (antivirus, firewall and etc.)

On what platforms Saferoom will be released?

Currently Saferoom is available on Windows 7/8/8.1, Mac OS and iOS platforms. Then we’re planning to release Saferoom for Windows Phone and Android.

Saferoom Windows

Where can I get Saferoom Windows?

Saferoom Windows can be downloaded from here. You can download 32-bit or 64-bit version. After you download the MSI file, please start it and follow the wizard instructions

I have version Saferoom Windows v1.0 – what should i do?

Saferoom v1.0 is deprecated and replaced by Saferoom v1.1. When upgrading from v1.0 to v1.1 and later, please note the following:

  • Before installing v1.1, please uninstall the v1.0 version. By default Windows uninstaller doesn’t delete configuration files. Please also delete everything inside the Saferoom temporary folder. Assuming that your system is installed on disk C, this folder is located here: C:/Users/[username]/AppData/Local/SECOM/. Please note that folder is hidden by default, so you need to enable Hidden Folder display in your Windows OS.
  • Saferoom v1.0 uses 3 notebooks: 2 Local notebooks and 1 synced notebook. Saferoom v1.1 version uses 4 notebooks.

    If specified notebooks don’t exist, Saferoom v1.1 creates them as LOCAL notebooks. If you want to continue using notebooks, created by v1.0, you can specify them during Initial configuration. But please note that Saferoom doesn’t check the Notebook type (Local or Synced), so please make sure that original/decrypted data always stays in LOCAL notebooks

Are there any password restrictions?

Saferoom Windows doesn’t check your password strength – the only thing it checks is the password length. Minimum length should be 8 characters, maximum length – 128 characters

Can I use the existing notebooks as a Saferoom notebooks?

Yes, you can. During Saferoom notebooks configuration, just specify the name of your existing notebook. But please note, that Saferoom doesn’t check your notebook type – LOCAL or SYNCED. If specified notebook doesn’t exist, Saferoom creates a LOCAL notebook. But if specified notebook exists, Saferoom doesn’t check if it is LOCAL or SYNCED – it just starts to use it. Be careful! We recommend to store all data, that you want to encrypt, and also decrypted data in the LOCAL notebooks

I don’t see my encrypted notes. What should i do?

If you initiate the encryption procedure and don’t see the encrypted notes, please check the following:

  • Clear the Note Cache to make sure that note is not in it.
  • Check the application log for [ERROR] messages. To open Application log, open the main window and click Details button
  • Check “saferoom.log” file. Assuming that your system is installed on Disk C, this file is located here: C:/Users/[username]/AppData/Roaming/SECOM/. This folder is hidden by default – you need to enable Hidden Folders display in your Windows OS

If you don’t find anything suspicious and still have problems encrypting your notes, please contact us at

I forgot my current password – how can I set new password

By default Saferoom allows you to change your current password from application menu. But in order to do this, you need to specify your current password. Obviously if you forget your current password, this is a not an option. The only option is to reset the Saferoom settings. Please follow these steps:

  1. Close Saferoom application
  2. Go to AppData Roaming folder. Assuming that your system is installed on Disk C, this folder is located here: C:/Users/[username]/AppData/Roaming/
  3. Find and delete saferoom.config file
  4. Restart application, specify new password and configure Saferoom notebooks

Starting from this moment, Saferoom will encrypt everything using new password. If you’re using Saferoom on other platforms, you should also change password on these platforms

Saferoom MacOS

[ In progress ]

Saferoom iOS

[ In progress ]


What is encryption?

Encryption is the process of transforming the original data (“plain text”) into something unreadable by the third party. If you want to see this content (decrypt it) you need a key, that was used to encrypt.
If you don’t have it – you cannot see the content

Types of encryption

Basically there are two Encryption techniques:

  • Symmetric Encryption
  • Asymmetric Encryption

Symmetric encryption

In symmetric encryption only one key is used. That key is used to encrypt and decrypt data. So, you have some data that you want to encrypt. You specify the key (password) and your data is encrypted using this key. Then, if you want to see the contents (decrypt it) you enter the same key and your data is decrypted.

If you don’t know the key obviously that you won’t be able to decrypt the message

So, in this technique the only thing you need to worry about is your key. Nowadays there are lot of available tools that can be used to protect your encryption key. Finally, you can just remember it and keep it in your memory.

Symmetric encryption is good and simple, but has one major issue – secure data exchange. Imagine that you want to send protected message to your friend. You encrypt it using your key and send it to your friend. So, your friend receives it and wants to see the original content. But he can’t because he doesn’t know the key.

So, if you want your friend to read your message, you need to send him a key. And this is problem – how to send this key that nobody can intercept it? Of course there are some ways to do it like HTTPs or just calling your friend and asked him to write the key. But still it is complicated (especially for non-technical people) and not convenient. You have to do a lot of things before sending protected message. Sometimes it’s not worth it

Asymmetric Encryption

Asymmetric Encryption was the answer to these problems. So, instead of one key we have two keys – public and private. These keys are generated together and bound to each other using complicated math

So, let’s see how the asymmetric encryption can be used to exchange protected messages. Suppose Batman wants to send the encrypted message to Jim Gordon.


Here are the steps to do it.

  1. Batman asks Jim to send his public key. Public key can be sent via public internet without any precautions. This is why it’s called public
  2. Jim sends Batman his public key
  3. Batman creates a message and encrypts it using Jim’s public key. So, Batman is using Jim’s public key as the password to encrypt his message
  4. Then Batman sends this message over public internet to Jim
  5. Jim receives the message and wants to see its contents
  6. The only way he can do it is using his Private key. Remember, that public and private keys are always generated together and bound to each other
  7. Jim uses his Private key to decrypt and read Batman’s message
  8. Then if Jim wants to send protected message back to Batman, he just asks Batman to send his public key and encrypts the message using his Public key. Then Batman can decrypt this message using his Private key

The strongest point about Asymmetric encryption is that Private key (used to decrypt the messages) never leaves your PC, so it cannot be intercepted by anyone. So Batman and Jim can exchange messages securely via public channel. So, the only thing they need to worry about is their private keys. But modern OS made this task is even easier by providing built-in protection modules. To provide even better protection, you can use various 3rd party tools

But, of course this level of security comes at some cost. Asymmetric encryption is much more complicated than symmetric. For non-technical (but sometimes ever for technical) people it will very hard to understand and implement this in your daily routines

See the What is Saferoom? section to find out how Saferoom can be used to protect your data.