In this video we’re gonna demonstrate the cross-platform encryption using Saferoom Windows and MacOS clients.
What is Saferoom?
Saferoom is a set of mobile and desktop applications that offer zero-knowledge functionality for popular online platforms (Evernote, Dropbox, Google Drive, OneNote and etc.). First supported platform is Evernote
What is zero-knowledge encryption?
Zero-knowledge encryption is a concept when user can protect his data using only his password (encryption key) and he is the only one who can access this data. This password or encryption key is stored on user’s local PC/tablet/mobile phone and is never sent to the Internet. If user forgets his password, he won’t be able to restore it and data, protected using this password, will be lost.
How can I protect my Evernote data using Saferoom Desktop clients?
To protect your data Saferoom Desktop client uses 4 special LOCAL notebooks. These notebooks are created automatically during Saferoom first launch and then can be changed during runtime. You put the notes you want to protect into these notebooks and initiate the encryption procedure. Then these encrypted notes can be put into some special SYNCED notebook and uploaded to Evernote cloud. Then these notes can be accessed from PC/tablet/mobile phone.
For more information about how to protect your data using Saferoom on different platforms please check the following sections:
What about Saferoom iOS? Can I use it to protect my data?
Yes, but Saferoom iOS works directly with Evernote API and doesn’t create any notebooks. When you create encrypted item using Saferoom iOS, it first creates a note, encrypts it using your password and then uploads already encrypted note to Evernote cloud. Then you can access this note from any device using Evernote synchronization
Can I encrypt data on one device and then access it on another?
Yes, of course. Data, encrypted on one device can be easily decrypted on another device. The only thing you need is password (encryption key). Since password is not sent anywhere and stays local, you need to specify the same password on each device with Saferoom installed. If you change password on one device and encrypt data using new password, to decrypt it you need to change password on all other devices.
Please check the following links:
Password is stored on a local PC – is it safe?
To store your password, Saferoom uses the OS built-in tools, like KeyChain in MacOS and ProtectedData in Windows. Of course these tools do not provide 100% protection, so for better security you should use 3rd party security tools (antivirus, firewall and etc.)
On what platforms Saferoom will be released?
Currently Saferoom is available on Windows 7/8/8.1, Mac OS and iOS platforms. Then we’re planning to release Saferoom for Windows Phone and Android.
Where can I get Saferoom Windows?
Saferoom Windows can be downloaded from here. You can download 32-bit or 64-bit version. After you download the MSI file, please start it and follow the wizard instructions
I have version Saferoom Windows v1.0 – what should i do?
Saferoom v1.0 is deprecated and replaced by Saferoom v1.1. When upgrading from v1.0 to v1.1 and later, please note the following:
- Before installing v1.1, please uninstall the v1.0 version. By default Windows uninstaller doesn’t delete configuration files. Please also delete everything inside the Saferoom temporary folder. Assuming that your system is installed on disk C, this folder is located here: C:/Users/[username]/AppData/Local/SECOM/. Please note that folder is hidden by default, so you need to enable Hidden Folder display in your Windows OS.
- Saferoom v1.0 uses 3 notebooks: 2 Local notebooks and 1 synced notebook. Saferoom v1.1 version uses 4 notebooks.
If specified notebooks don’t exist, Saferoom v1.1 creates them as LOCAL notebooks. If you want to continue using notebooks, created by v1.0, you can specify them during Initial configuration. But please note that Saferoom doesn’t check the Notebook type (Local or Synced), so please make sure that original/decrypted data always stays in LOCAL notebooks
Are there any password restrictions?
Saferoom Windows doesn’t check your password strength – the only thing it checks is the password length. Minimum length should be 8 characters, maximum length – 128 characters
Can I use the existing notebooks as a Saferoom notebooks?
Yes, you can. During Saferoom notebooks configuration, just specify the name of your existing notebook. But please note, that Saferoom doesn’t check your notebook type – LOCAL or SYNCED. If specified notebook doesn’t exist, Saferoom creates a LOCAL notebook. But if specified notebook exists, Saferoom doesn’t check if it is LOCAL or SYNCED – it just starts to use it. Be careful! We recommend to store all data, that you want to encrypt, and also decrypted data in the LOCAL notebooks
I don’t see my encrypted notes. What should i do?
If you initiate the encryption procedure and don’t see the encrypted notes, please check the following:
- Clear the Note Cache to make sure that note is not in it.
- Check the application log for [ERROR] messages. To open Application log, open the main window and click Details button
- Check “saferoom.log” file. Assuming that your system is installed on Disk C, this file is located here: C:/Users/[username]/AppData/Roaming/SECOM/. This folder is hidden by default – you need to enable Hidden Folders display in your Windows OS
If you don’t find anything suspicious and still have problems encrypting your notes, please contact us at firstname.lastname@example.org
I forgot my current password – how can I set new password
By default Saferoom allows you to change your current password from application menu. But in order to do this, you need to specify your current password. Obviously if you forget your current password, this is a not an option. The only option is to reset the Saferoom settings. Please follow these steps:
- Close Saferoom application
- Go to AppData Roaming folder. Assuming that your system is installed on Disk C, this folder is located here: C:/Users/[username]/AppData/Roaming/
- Find and delete saferoom.config file
- Restart application, specify new password and configure Saferoom notebooks
Starting from this moment, Saferoom will encrypt everything using new password. If you’re using Saferoom on other platforms, you should also change password on these platforms
[ In progress ]
[ In progress ]
Saferoom iOS is a mobile application that is embedded into Evernote infrastructure and provides users zero-knowledge encryption functionality to protect their data.
When you launch application for the first time, you will see the following screen:
Here you need to specify your password (encryption key). Please note if you’re using other Saferoom versions (Windows, MacOS and etc.), password in all versions should be the same. Specify your password and login to application.
Saferoom iOS consists of three main sections:
- Create encrypted item: here you can create encrypted notes (text, image and etc.)
- View encrypted item: here you can browse your encrypted notes and check its contents (decrypt them)
- Settings: here you can configure Saferoom parameters
- Click the Evernote icon in the upper left corner
- Click Connect to Evernote button. Evernote authorization window opens
- Specify your Evernote credentials to authorize Saferoom application
- Click Sign In
- If your credentials are correct, Evernote will authorize Saferoom Application to access your Evernote account. You should receive the corresponding email.
Create encrypted item section allows you to create encrypted item. You can create the following items:
- Simple text note
- Note with images, taken from your Image gallery
- Note with image, taken directly from your camera
In order to select the item to create, you can swipe the section to the right and select the corresponding item. See the screenshot below:
View encrypted item section allows you to browse your encrypted notes and decrypt them if necessary. You can use the following views:
- List of notebooks (default view)
- Saved searches
In order to select the item to view, you can swipe the section to the right and select the corresponding item See the screenshot below:
In the Settings section you can configure various Saferoom parameters:
Now, let’s talk how to encrypt your notes using Saferoom iOS. For demonstration purposes, I will create simple text note and encrypt it using Saferoom. So, follow the steps below:
- Launch Saferoom app
- Type your password and click Authenticate
- Click Create Encrypted Item
- In the Note Title field specify note’s title. For example – test note
- Click Notebook > and select the notebook you want to create your encrypted note in. For example – My notebook
- Type the text
- Click Encrypt. New encrypted note will be created, placed into My notebook notebook and uploaded to the Evernote server
Now, let’s decrypt the note, encrypted in the previous section. To do this, please follow the steps below:
- Launch Saferoom app
- Type your password and click Authenticate
- Click View Encrypted Item
- In the list of notebooks select the notebook, where you’ve created your encrypted note. Since we’ve created encrypted note in My notebook notebook, let’s select it.
- Select the encrypted note. You will see the note with encrypted content
- Click Decrypt to see the contents
- Saferoom will decrypt your note and show its contents
Important! When you decrypt the note, Saferoom decrypts in memory and doesn’t save it anywhere. It means, that if you go to back to the list of notes and then back to the same note, you will see the encrypted content. If you want to decrypt the note and place decrypted note into another notebook or to some external application, you need to use Saferoom Desktop versions (Windows, MacOS)
Please be aware that after changing your password you won’t be able to decrypt notes, encrypted by the old password!
If you want to change your password, please follow the steps below:
- Launch Saferoom app
- Type your password and click Authenticate
- Click Settings
- Click Modify password/Passcode usage
- Type your current password, new password and confirm your new password
- Click Change password. Saferoom will change your password
- Now, you can close application and authenticate using new password
Now, all notes will be encrypted using your new password. Please also remember to change passwords on all devices with Saferoom installed. See “Changing password” section on the following pages:
What is Saferoom?
Saferoom is a set of mobile and desktop apps that are embedded into Evernote infrastructure and provides to users a zero-knowledge encryption functionality
Saferoom and Symmetric Encryption
To protect user’s personal data Saferoom uses symmetric encryption. It means that you just have to specify the key (password), which will be used to encrypt/decrypt your data
For encrypting your data, Saferoom is using Industry-standard AES256 algorithm, which currently is the strongest available encryption algorithm. Saferoom app doesn’t use any custom security modules, only OS built-in and native tools
Saferoom is a pure client application
Saferoom application doesn’t use any servers, accounts or cloud infrastructure. That means you’re the only person who knows the password, and this password cannot be restored by any means. If you forget your password, you won’t be able to decrypt data, encrypted using this password!
Saferoom and passwords
Saferoom doesn’t send your password anywhere and doesn’t sync it between devices. You have to specify password separately for each device with Saferoom installed. Of course, if you want to encrypt/decrypt your data on all devices the password on all devices should be the same
For simplicity and better user experience, Saferoom stores users’ passwords. On Desktop and mobile versions we’re using only OS built-in security tools to protect your password. But please be aware that these tools do not provide 100% protection, so you should also consider protecting your PC/phone/tablet using 3rd party tools (firewalls, antiviruses and etc.)
Saferoom and Data Manipulation
Since the idea of Saferoom application is a seamless integration into existing popular platforms, we don’t do any data manipulation (only encrypt and decrypt data) and use only platforms’ officially supported APIs
Saferoom notebooks for Evernote (Desktop versions only)
In order to encrypt/decrypt your data, Saferoom Desktop is using special notebooks. These notebooks are created automatically during application start. These notebooks have default names, but you can change them to whatever you want:
- Notebook for notes to be encrypted (Default name: Encrypt_Inbox). This is the notebook, where you need to put notes you want to encrypt. This notebook is created as a LOCAL notebook
- Notebook for encrypted notes (Default name: Encrypt_Inbox ). This notebook contains encrypted notes. So after encryption, all encrypted notes will be placed into this notebook. This notebook is created as LOCAL notebook
- Notebook for notes to be decrypted (Default name: Decrypt_Inbox). This is the notebook where you should put the notes you want to decrypt. This notebook is created as LOCAL notebook
- Notebook for decrypted notes (Default name: Decrypt_Inbox). This notebook contains decrypted notes. After decryption is finished all decrypted notes will be placed into this notebook. This notebook is created as a LOCAL notebook
As you see by default Saferoom is using the same notebooks for non-encrypted/encrypted and encrypted/decrypted notes. However you can separate these notebooks and specify the notebooks you want. For the information about how to configure Saferoom notebooks see the corresponding section:
Saferoom and Evernote tags
Saferoom application allows you to specify the tags that will be added to your encrypted/decrypted notes. For the information about tags and how to configure them see the corresponding section:
Encrypting and Decrypting data using Saferoom
For more information about data encryption/decryption check the following links for each Saferoom version.
- Encrypting/Decrypting data using Saferoom Windows
- Encrypting/Decrypting data using Saferoom MacOS
- Encrypting/Decrypting data using Saferoom iOS
For more advanced topics check the following sections:
What is encryption?
Encryption is the process of transforming the original data (“plain text”) into something unreadable by the third party. If you want to see this content (decrypt it) you need a key, that was used to encrypt.
If you don’t have it – you cannot see the content
Types of encryption
Basically there are two Encryption techniques:
- Symmetric Encryption
- Asymmetric Encryption
In symmetric encryption only one key is used. That key is used to encrypt and decrypt data. So, you have some data that you want to encrypt. You specify the key (password) and your data is encrypted using this key. Then, if you want to see the contents (decrypt it) you enter the same key and your data is decrypted.
So, in this technique the only thing you need to worry about is your key. Nowadays there are lot of available tools that can be used to protect your encryption key. Finally, you can just remember it and keep it in your memory.
Symmetric encryption is good and simple, but has one major issue – secure data exchange. Imagine that you want to send protected message to your friend. You encrypt it using your key and send it to your friend. So, your friend receives it and wants to see the original content. But he can’t because he doesn’t know the key.
So, if you want your friend to read your message, you need to send him a key. And this is problem – how to send this key that nobody can intercept it? Of course there are some ways to do it like HTTPs or just calling your friend and asked him to write the key. But still it is complicated (especially for non-technical people) and not convenient. You have to do a lot of things before sending protected message. Sometimes it’s not worth it
Asymmetric Encryption was the answer to these problems. So, instead of one key we have two keys – public and private. These keys are generated together and bound to each other using complicated math
So, let’s see how the asymmetric encryption can be used to exchange protected messages. Suppose Batman wants to send the encrypted message to Jim Gordon.
Here are the steps to do it.
- Batman asks Jim to send his public key. Public key can be sent via public internet without any precautions. This is why it’s called public
- Jim sends Batman his public key
- Batman creates a message and encrypts it using Jim’s public key. So, Batman is using Jim’s public key as the password to encrypt his message
- Then Batman sends this message over public internet to Jim
- Jim receives the message and wants to see its contents
- The only way he can do it is using his Private key. Remember, that public and private keys are always generated together and bound to each other
- Jim uses his Private key to decrypt and read Batman’s message
- Then if Jim wants to send protected message back to Batman, he just asks Batman to send his public key and encrypts the message using his Public key. Then Batman can decrypt this message using his Private key
The strongest point about Asymmetric encryption is that Private key (used to decrypt the messages) never leaves your PC, so it cannot be intercepted by anyone. So Batman and Jim can exchange messages securely via public channel. So, the only thing they need to worry about is their private keys. But modern OS made this task is even easier by providing built-in protection modules. To provide even better protection, you can use various 3rd party tools
But, of course this level of security comes at some cost. Asymmetric encryption is much more complicated than symmetric. For non-technical (but sometimes ever for technical) people it will very hard to understand and implement this in your daily routines
See the What is Saferoom? section to find out how Saferoom can be used to protect your data.