I was recently asked to develop a small utility that is a personal encryption tool that uses the same encryption code as my Safe Pad application. I did this on the understanding I could open source the result, which I have.
Text Shredder is a utility that simplifies encryption and decryption of plain text data. Plain text data is encrypted and can then be easily copied to the clipboard or saved as a text file. This text file can then be sent via your normal instant chat/messenger programs or email.
Text Shredder allows you to set up to 2 passwords (the 2nd password is optional). These passwords are then used to create a strong encryption key which is used to encrypt your text using the industry standard FIPS Certified AES algorithm (Advanced Security Standard).
For more information on the Text Shredder utility you can view the main project page. Text Shredder is open source and has been released under the GPL v3.0 License. The source code and binaries are available from Codeplex.
Text Shredder uses standard industry recognized encryption algorithms for encrypting the messages. When passwords are typed into the application, they are immediately hashed using BCrypt. This internal hashing mechanism is much more secure than a standard has, as the added work factor applied to the algorithm makes it a much slower process for brute force attacks.
Once the message goes to be encrypted, the following process is followed:
- Generate a 32byte salt Value using a Crytographic random number generator in .NET (RNGCryptoServiceProvider).
- GZip the text to be encrypted. This makes the initial encryption package much smaller.
- Using the BCrypt hashed password(s), derive an AES Encryption key using a Password Based Key Derivation Function. I use the Rfc2898DeriveBytes object in .net for this. Like BCrypt, this is designed to be slow. The password derivation in Text Shredder is set to 45,000 rounds.
- Encrypt the message using AES (Advanced Encryption Standard) including the previously generated salt from step A. I use the AesCryptoServiceProvider class instead of AesManaged, as the former is FIPS Compliant.
- The original salt and encrypted message are appended together.
- The final message is the Base64 Encoded to ensure the message is using readable characters.
The salt in the first step is regenerated each time you encrypt a message. This means if you encrypt the same message time and time again, the encrypted version will always change.
The source code for Text Shredder is quite straight forward if you want to take a look. The application is a Winforms Application. It is split into 3 projects. One of the projects is a unit testing project. The other 2 projects contain the user interface objects and the code encryption logic. This is illustrated by the architecture model below.