In this video we’re gonna demonstrate the cross-platform encryption using Saferoom Windows and MacOS clients.
What is Saferoom?
Saferoom is a set of mobile and desktop applications that offer zero-knowledge functionality for popular online platforms (Evernote, Dropbox, Google Drive, OneNote and etc.). First supported platform is Evernote
What is zero-knowledge encryption?
Zero-knowledge encryption is a concept when user can protect his data using only his password (encryption key) and he is the only one who can access this data. This password or encryption key is stored on user’s local PC/tablet/mobile phone and is never sent to the Internet. If user forgets his password, he won’t be able to restore it and data, protected using this password, will be lost.
How can I protect my Evernote data using Saferoom Desktop clients?
To protect your data Saferoom Desktop client uses 4 special LOCAL notebooks. These notebooks are created automatically during Saferoom first launch and then can be changed during runtime. You put the notes you want to protect into these notebooks and initiate the encryption procedure. Then these encrypted notes can be put into some special SYNCED notebook and uploaded to Evernote cloud. Then these notes can be accessed from PC/tablet/mobile phone.
For more information about how to protect your data using Saferoom on different platforms please check the following sections:
What about Saferoom iOS? Can I use it to protect my data?
Yes, but Saferoom iOS works directly with Evernote API and doesn’t create any notebooks. When you create encrypted item using Saferoom iOS, it first creates a note, encrypts it using your password and then uploads already encrypted note to Evernote cloud. Then you can access this note from any device using Evernote synchronization
Can I encrypt data on one device and then access it on another?
Yes, of course. Data, encrypted on one device can be easily decrypted on another device. The only thing you need is password (encryption key). Since password is not sent anywhere and stays local, you need to specify the same password on each device with Saferoom installed. If you change password on one device and encrypt data using new password, to decrypt it you need to change password on all other devices.
Please check the following links:
Password is stored on a local PC – is it safe?
To store your password, Saferoom uses the OS built-in tools, like KeyChain in MacOS and ProtectedData in Windows. Of course these tools do not provide 100% protection, so for better security you should use 3rd party security tools (antivirus, firewall and etc.)
On what platforms Saferoom will be released?
Currently Saferoom is available on Windows 7/8/8.1, Mac OS and iOS platforms. Then we’re planning to release Saferoom for Windows Phone and Android.
Where can I get Saferoom Windows?
Saferoom Windows can be downloaded from here. You can download 32-bit or 64-bit version. After you download the MSI file, please start it and follow the wizard instructions
I have version Saferoom Windows v1.0 – what should i do?
Saferoom v1.0 is deprecated and replaced by Saferoom v1.1. When upgrading from v1.0 to v1.1 and later, please note the following:
- Before installing v1.1, please uninstall the v1.0 version. By default Windows uninstaller doesn’t delete configuration files. Please also delete everything inside the Saferoom temporary folder. Assuming that your system is installed on disk C, this folder is located here: C:/Users/[username]/AppData/Local/SECOM/. Please note that folder is hidden by default, so you need to enable Hidden Folder display in your Windows OS.
- Saferoom v1.0 uses 3 notebooks: 2 Local notebooks and 1 synced notebook. Saferoom v1.1 version uses 4 notebooks.
If specified notebooks don’t exist, Saferoom v1.1 creates them as LOCAL notebooks. If you want to continue using notebooks, created by v1.0, you can specify them during Initial configuration. But please note that Saferoom doesn’t check the Notebook type (Local or Synced), so please make sure that original/decrypted data always stays in LOCAL notebooks
Are there any password restrictions?
Saferoom Windows doesn’t check your password strength – the only thing it checks is the password length. Minimum length should be 8 characters, maximum length – 128 characters
Can I use the existing notebooks as a Saferoom notebooks?
Yes, you can. During Saferoom notebooks configuration, just specify the name of your existing notebook. But please note, that Saferoom doesn’t check your notebook type – LOCAL or SYNCED. If specified notebook doesn’t exist, Saferoom creates a LOCAL notebook. But if specified notebook exists, Saferoom doesn’t check if it is LOCAL or SYNCED – it just starts to use it. Be careful! We recommend to store all data, that you want to encrypt, and also decrypted data in the LOCAL notebooks
I don’t see my encrypted notes. What should i do?
If you initiate the encryption procedure and don’t see the encrypted notes, please check the following:
- Clear the Note Cache to make sure that note is not in it.
- Check the application log for [ERROR] messages. To open Application log, open the main window and click Details button
- Check “saferoom.log” file. Assuming that your system is installed on Disk C, this file is located here: C:/Users/[username]/AppData/Roaming/SECOM/. This folder is hidden by default – you need to enable Hidden Folders display in your Windows OS
If you don’t find anything suspicious and still have problems encrypting your notes, please contact us at firstname.lastname@example.org
I forgot my current password – how can I set new password
By default Saferoom allows you to change your current password from application menu. But in order to do this, you need to specify your current password. Obviously if you forget your current password, this is a not an option. The only option is to reset the Saferoom settings. Please follow these steps:
- Close Saferoom application
- Go to AppData Roaming folder. Assuming that your system is installed on Disk C, this folder is located here: C:/Users/[username]/AppData/Roaming/
- Find and delete saferoom.config file
- Restart application, specify new password and configure Saferoom notebooks
Starting from this moment, Saferoom will encrypt everything using new password. If you’re using Saferoom on other platforms, you should also change password on these platforms
[ In progress ]
[ In progress ]
To start Saferoom application follow the steps below:
- Download Saferoom MSI file to your PC and launch it. Please follow the wizard intructions to install Saferoom Windows on your PC
- Start the application. You will see the following screen:
- In the Password field type your password (encryption key). This password will be used to encrypt and decrypt your data. If you’re using Saferoom on other platforms (Mac OS, iOS and etc.), this password should be the same across all your Saferoom applications.
- In the Confirm password field please confirm your password
- In the Notebook to encrypt from type the notebook that will be used to encrypt your notes. Notes you want to encrypt should be placed in this notebook. By default, Saferoom uses name Encrypt_Inbox. You can leave it or type your own name
- In the Notebook to decrypt from type the notebook that will be used to decrypt your notes. Notes you want to decrypt should be placed in this notebook. By default, Saferoom uses name Decrypt_Inbox. You can leave it or type your own name
- In the Notebook for encrypted notes type the notebook that will be used to store your encrypted notes. All notes, encrypted by Saferoom, will be placed in this notebook. By default, Saferoom uses name Encrypt_Inbox. You can leave it or type your own name
- In the Notebook for decrypted notes type the notebook that will be used to store your decrypted notes. All notes, decrypted by Saferoom, will be placed in this notebook. By default, Saferoom uses name Decrypt_Inbox. You can leave it or type your own name
- Click Start to launch Saferoom application. Saferoom will the check if the Evernote application is installed on your PC, and then it will create specified notebooks if they do not exist. Then application will start in tray
Saferoom Windows consists of two windows:
- Main application window
Main application window consists of three buttons:
- Encrypt: button used to initiate the Encryption procedure
- Decrypt: button used to initiate the Decryption procedure
- Details: button used to open the Application Log
By default application starts in the tray. But you can always open the Main windows by right-clicking the icon in the tray and selecting Open. Or you can double click the tray icon
In General tab you can configure the following:
- Notebook to encrypt from: this is the notebook where you should put the notes you want to encrypt
- Notebook for encrypted notes to: this is the notebook where Saferoom application will place all encrypted notes
- Tag for encrypted notes: here you can specify the tag, that will be added to all your encrypted notes.
- Notebook to decrypt from: this is the notebook where you should put the notes you want to decrypt
- Notebook for decrypted notes to: this is the notebook where Saferoom application will place all decrypted notes
- Tag for decrypted notes: here you can specify the tag, that will be added to all your decrypted notes.
For more information about these notebooks and tags please check Saferoom notebooks for Evernote (Desktop versions only) section.
Please remember that password length should be minimum 8 characters. Also be aware that after changing your password you won’t be able to decrypt notes, encrypted with the old password
Now, let’s talk how to encrypt your notes using Saferoom Windows. Since the names of Saferoom notebooks may vary, i will be using their default names:
- Notebook to encrypt from: Encrypt_Inbox
- Notebook for encrypted notes: Encrypt_Inbox
And of course, it is assumed that Saferoom Windows and Evernote are installed on your PC. So, in order to encrypt data, please follow the steps below:
- Open your Evernote client and create notes you want to encrypt and copy (move) then to Encrypt_Inbox. This notebook is created automatically during Saferoom first launch. Or, if you already have some notes to encrypt, please copy (move) then to Encrypt_Inbox notebook. As you remember this notebook is a LOCAL notebook, so your data don’t go anywhere
- Right click on Saferoom icon in the tray and select “Encrypt now”. Or if the Main application window is open, then click Encrypt. Saferoom will encrypt the note and place in the same notebook (remember, in this example we’re using the same notebooks for notes to encrypt and encrypted notes)
- Copy(move) these notes to some SYNCED notebook and sync the content with Evernote server
- Open your browser and connect to your Evernote account. Check that your encrypted notes have been uploaded to the Evernote server
Please note that original note stays in Encrypt_Inbox notebook. You should handle it manually
Now, let’s talk how to decrypt your encrypted notes using Saferoom Windows. Since the names of Saferoom notebooks may vary, i will be using their default names:
- Notebook to decrypt from: Decrypt_Inbox
- Notebook for decrypted notes: Decrypt_Inbox
Please pay attention that Decrypt_Inbox must always be a local only notebook
And of course, it is assumed that Saferoom Windows and Evernote are installed on your PC. So, in order to decrypt data, please follow the steps below:
- Open your Evernote client and sync the content with Evernote server. This is needed, for example, if you encrypt your notes on other PC or mobile phone.
- Copy (move) your encrypted notes to Decrypt_Inbox note
- Right click on Saferoom icon in the tray and select “Decrypt now”. Or if the Main application window is open, then click Decrypt. Saferoom will decrypt the note and place in the same notebook (remember, in this example we’re using the same notebooks for notes to decrypt and decrypted notes)
- If decrypted note is empty, most probably it was encrypted with another password. You can check the Application log for more details
In order to prevent duplicates (for example, encrypt note which has been already encrypted before) Saferoom stores the notes’ data in a special memory cache – Note cache. For example, let’s see the example when Note cache is not used:
- We have one text note in Encrypt_Inbox (for simplicity I will be using the default names)
- We click Encrypt, Saferoom encrypts this note and puts it into notebook for encrypted notes (Encrypt_Inbox by default)
- Then if we click Encrypt again, Saferoom encrypts it again and puts it into notebook for encrypted notes. So, we have duplicate notes
Now, the same scenario with Note cache:
- We have one text note in Encrypt_Inbox (for simplicity I will be using the default names)
- We click Encrypt, Saferoom encrypts this note, copies note’s hash value into Note cache and puts note into notebook for encrypted notes (Encrypt_Inbox by default)
- Then we click Encrypt again, Saferoom calculates the hash of text note, checks that this note’s hash is already in the Note cache (this note has been already encrypted) and ignores it
The same applies to the Decryption procedures. Please note that Saferoom is using one Note cache for encrypted and decrypted notes
Of course, if you want to encrypt/decrypt this note again, you can easily clear the Note cache. To do this, please follow these steps:
- Right-click the Saferoom app icon in the tray and select Clear note cache.
- If the Main application window is open, select Tools > Clear note cache
Changing password (encryption key)
Please be aware that after changing your password you won’t be able to decrypt notes, encrypted by the old password!
If you want to change your password, please follow the steps below:
- Start Saferoom application. By default, it goes to the tray.
- Open Main application window. You can do it either by right-clicking the Saferoom icon in tray and selecting Open or by double-clicking the Saferoom icon
- Select Tools > Settings. Settings dialog appears
- Select Passwords tab
- In the Current password field type your current password
- In the New password field type your new password. Password should be minimum 8 characters long
- In the Confirm new password field type your new password once again
- Click Apply button. Your password will be changed. Starting from this moment all notes will be encrypted using new password
Please also remember to change passwords on all devices with Saferoom installed. See the following sections for more details:
What is Saferoom?
Saferoom is a set of mobile and desktop apps that are embedded into Evernote infrastructure and provides to users a zero-knowledge encryption functionality
Saferoom and Symmetric Encryption
To protect user’s personal data Saferoom uses symmetric encryption. It means that you just have to specify the key (password), which will be used to encrypt/decrypt your data
For encrypting your data, Saferoom is using Industry-standard AES256 algorithm, which currently is the strongest available encryption algorithm. Saferoom app doesn’t use any custom security modules, only OS built-in and native tools
Saferoom is a pure client application
Saferoom application doesn’t use any servers, accounts or cloud infrastructure. That means you’re the only person who knows the password, and this password cannot be restored by any means. If you forget your password, you won’t be able to decrypt data, encrypted using this password!
Saferoom and passwords
Saferoom doesn’t send your password anywhere and doesn’t sync it between devices. You have to specify password separately for each device with Saferoom installed. Of course, if you want to encrypt/decrypt your data on all devices the password on all devices should be the same
For simplicity and better user experience, Saferoom stores users’ passwords. On Desktop and mobile versions we’re using only OS built-in security tools to protect your password. But please be aware that these tools do not provide 100% protection, so you should also consider protecting your PC/phone/tablet using 3rd party tools (firewalls, antiviruses and etc.)
Saferoom and Data Manipulation
Since the idea of Saferoom application is a seamless integration into existing popular platforms, we don’t do any data manipulation (only encrypt and decrypt data) and use only platforms’ officially supported APIs
Saferoom notebooks for Evernote (Desktop versions only)
In order to encrypt/decrypt your data, Saferoom Desktop is using special notebooks. These notebooks are created automatically during application start. These notebooks have default names, but you can change them to whatever you want:
- Notebook for notes to be encrypted (Default name: Encrypt_Inbox). This is the notebook, where you need to put notes you want to encrypt. This notebook is created as a LOCAL notebook
- Notebook for encrypted notes (Default name: Encrypt_Inbox ). This notebook contains encrypted notes. So after encryption, all encrypted notes will be placed into this notebook. This notebook is created as LOCAL notebook
- Notebook for notes to be decrypted (Default name: Decrypt_Inbox). This is the notebook where you should put the notes you want to decrypt. This notebook is created as LOCAL notebook
- Notebook for decrypted notes (Default name: Decrypt_Inbox). This notebook contains decrypted notes. After decryption is finished all decrypted notes will be placed into this notebook. This notebook is created as a LOCAL notebook
As you see by default Saferoom is using the same notebooks for non-encrypted/encrypted and encrypted/decrypted notes. However you can separate these notebooks and specify the notebooks you want. For the information about how to configure Saferoom notebooks see the corresponding section:
Saferoom and Evernote tags
Saferoom application allows you to specify the tags that will be added to your encrypted/decrypted notes. For the information about tags and how to configure them see the corresponding section:
Encrypting and Decrypting data using Saferoom
For more information about data encryption/decryption check the following links for each Saferoom version.
- Encrypting/Decrypting data using Saferoom Windows
- Encrypting/Decrypting data using Saferoom MacOS
- Encrypting/Decrypting data using Saferoom iOS
For more advanced topics check the following sections:
What is encryption?
Encryption is the process of transforming the original data (“plain text”) into something unreadable by the third party. If you want to see this content (decrypt it) you need a key, that was used to encrypt.
If you don’t have it – you cannot see the content
Types of encryption
Basically there are two Encryption techniques:
- Symmetric Encryption
- Asymmetric Encryption
In symmetric encryption only one key is used. That key is used to encrypt and decrypt data. So, you have some data that you want to encrypt. You specify the key (password) and your data is encrypted using this key. Then, if you want to see the contents (decrypt it) you enter the same key and your data is decrypted.
So, in this technique the only thing you need to worry about is your key. Nowadays there are lot of available tools that can be used to protect your encryption key. Finally, you can just remember it and keep it in your memory.
Symmetric encryption is good and simple, but has one major issue – secure data exchange. Imagine that you want to send protected message to your friend. You encrypt it using your key and send it to your friend. So, your friend receives it and wants to see the original content. But he can’t because he doesn’t know the key.
So, if you want your friend to read your message, you need to send him a key. And this is problem – how to send this key that nobody can intercept it? Of course there are some ways to do it like HTTPs or just calling your friend and asked him to write the key. But still it is complicated (especially for non-technical people) and not convenient. You have to do a lot of things before sending protected message. Sometimes it’s not worth it
Asymmetric Encryption was the answer to these problems. So, instead of one key we have two keys – public and private. These keys are generated together and bound to each other using complicated math
So, let’s see how the asymmetric encryption can be used to exchange protected messages. Suppose Batman wants to send the encrypted message to Jim Gordon.
Here are the steps to do it.
- Batman asks Jim to send his public key. Public key can be sent via public internet without any precautions. This is why it’s called public
- Jim sends Batman his public key
- Batman creates a message and encrypts it using Jim’s public key. So, Batman is using Jim’s public key as the password to encrypt his message
- Then Batman sends this message over public internet to Jim
- Jim receives the message and wants to see its contents
- The only way he can do it is using his Private key. Remember, that public and private keys are always generated together and bound to each other
- Jim uses his Private key to decrypt and read Batman’s message
- Then if Jim wants to send protected message back to Batman, he just asks Batman to send his public key and encrypts the message using his Public key. Then Batman can decrypt this message using his Private key
The strongest point about Asymmetric encryption is that Private key (used to decrypt the messages) never leaves your PC, so it cannot be intercepted by anyone. So Batman and Jim can exchange messages securely via public channel. So, the only thing they need to worry about is their private keys. But modern OS made this task is even easier by providing built-in protection modules. To provide even better protection, you can use various 3rd party tools
But, of course this level of security comes at some cost. Asymmetric encryption is much more complicated than symmetric. For non-technical (but sometimes ever for technical) people it will very hard to understand and implement this in your daily routines
See the What is Saferoom? section to find out how Saferoom can be used to protect your data.