Looking for a note taking app that encrypts it's contents but with cross platform access (e.g. Linux or Windows).
It can either have clients for Android, Linux and Windows or it just encrypts notes and saves them as text files which can be read easily on other platforms.
Any suggestions?
Hmm, i still have this problem myself as i hate putting personal data online.
I've been searching for a simple solution for quite some time and yet nothing optimal arised.
I have 2 approaches to this problem:
1 The simple way:
Use a cross platform password manager which has the ability to store notes like:
StickyPassword, SafeInCloud , etc ...
Do this if you can trust them and beleve their claims.... :laugh:
2 The hard(core) / paranoid / scratch your head with your foot way:
a) Find an android note taking app that saves regular text files eg: Jota
b) Use GnuPG (pgp) on your desktop and OpenKeychain on android to encrypt/decrypt your txt files
c) Use your favorite cloud storage provider client to sync your encrypted txt files
This solution has so many many things to overcome
- Setting this up is not as easy as my bullet points
- Maybe some steps can be automated
- Data (text files) on your devices is stored in plaintext and duplicated in encrypted form which poses some risks when you loose control over your devices (stolen/lost) this can be solved by using full disk encryption and/or deleting the plain text files after encryption
Sorry for may bad english & for being a bit elusive
Related
Looking for a good Oracle 10g or 11g integrated app that will run on a tablet? I have looked at the ones on the market place but none that will run the database or allow you to create scripts for testing and updating the database.
Running Oracle Database on a tablet would be terrible. Oracle Database 11g on Windows requires a minimum of 1 gigabyte of RAM just to even open the application, and several gigabytes of hard drive space. Considering that the Transformer typically only has around 300 megabytes of memory free after loading up the OS and all background services, it's highly unlikely that you'd be able to do much with any sort of DBA app before it would bog your system down to the point of being unusable.
Use RDP, VNC, or SSH to take control of an actual workstation to do your work.
New Oracle Database Utility,TyphoonDBMS 1.0 Beta (Free)
humanporkrind said:
Looking for a good Oracle 10g or 11g integrated app that will run on a tablet? I have looked at the ones on the market place but none that will run the database or allow you to create scripts for testing and updating the database.
Click to expand...
Click to collapse
TyphoonDBMS is a complex and efficient Java-based software (free) solution that enables user to easily access and manage tables on Oracle Database Servers.
Typhoon is a comprehensive and reliable application that was developed to assist user in managing the contents of Oracle databases, enabling user to add, edit or remove tables without needing to resort to SQL statements to get the job done.
To gain access to the utility, user first need to create an account using a preferred set of credentials, which will then be required to enter every time user wish to work with Typhoon.
The program allows user to connect to a local or cloud server, by providing the necessary information, including name, version, driver and service ID. user can also input the network details, specifically the host and port number, along with the username and password, or even the database URL. Prior to saving the configuration, user can test the connection to make sure everything is in order.
Once user connect to the Oracle database, Typhoon allows user to view its contents, namely the tables that it comprises. user can browse through them, select a record and update it. Similarly, user can add a new one, as the tool enables user to ‘Insert Number Data’, ‘Insert Blob Data’, ‘Insert Clob Data’, ‘Insert String Data’ or ‘Insert Date Data’.
Moreover, user can create a new table by defining the number of columns that user need, assigning it a name, then filling out the columns and rows with the information user wish it to store. All of this can be done without having to resort to SQL statements or commands. Other options include the ability to drop tables from the database.
This Java-based utility also offers user a series of SQL ‘Syntax References’, (statements and functions) and which user can analyze in detail, to learn how to better work with them, and then use them for your own purposes.
Download & Blog
typhoondbms.wordpress.com/download/
download.cnet.com/Typhoon-DBMS/3000-10254_4-76273374.html
softpedia.com/get/Internet/Servers/Database-Utils/Typhoon.shtml
Hi developers, was just wondering if anybody could have used say a note2 to connect to oracle database and run a couple of queries. Is this possible or has it been under looked. Thanks
never use it like that ,i am sorry
New Oracle Database Utility,TyphoonDBMS 1.0 Beta (Free) for You
danrweki said:
Hi developers, was just wondering if anybody could have used say a note2 to connect to oracle database and run a couple of queries. Is this possible or has it been under looked. Thanks
Click to expand...
Click to collapse
TyphoonDBMS is a complex and efficient Java-based software (free) solution that enables user to easily access and manage tables on Oracle Database Servers.
Typhoon is a comprehensive and reliable application that was developed to assist user in managing the contents of Oracle databases, enabling user to add, edit or remove tables without needing to resort to SQL statements to get the job done.
To gain access to the utility, user first need to create an account using a preferred set of credentials, which will then be required to enter every time user wish to work with Typhoon.
The program allows user to connect to a local or cloud server, by providing the necessary information, including name, version, driver and service ID. user can also input the network details, specifically the host and port number, along with the username and password, or even the database URL. Prior to saving the configuration, user can test the connection to make sure everything is in order.
Once user connect to the Oracle database, Typhoon allows user to view its contents, namely the tables that it comprises. user can browse through them, select a record and update it. Similarly, user can add a new one, as the tool enables user to ‘Insert Number Data’, ‘Insert Blob Data’, ‘Insert Clob Data’, ‘Insert String Data’ or ‘Insert Date Data’.
Moreover, user can create a new table by defining the number of columns that user need, assigning it a name, then filling out the columns and rows with the information user wish it to store. All of this can be done without having to resort to SQL statements or commands. Other options include the ability to drop tables from the database.
This Java-based utility also offers user a series of SQL ‘Syntax References’, (statements and functions) and which user can analyze in detail, to learn how to better work with them, and then use them for your own purposes.
Download & Blog:
typhoondbms.wordpress.com/download/
download.cnet.com/Typhoon-DBMS/3000-10254_4-76273374.html
softpedia.com/get/Internet/Servers/Database-Utils/Typhoon.shtml
I implemented a browser based encryption solution which runs on Windows RT (and many other Windows computers). All I wrote was the HTML page, I am leveraging Crypto.JS javascript library for encryption algorithm. I am using the HTML 5 File API implementation which Microsoft provides for reading and writing files.
I make no claim on this but seems to work good for me. Feel free to feedback if you have any suggestions. The crypto.js library supports many different algorithms and configuration so feel free to modify it to your own purposes.
You can download the zip file to your surface, extract it and load the TridentEncode.htm file into Internet Explorer.
If you want to save to custom directory you probably need to load it from the Desktop IE instead of metro IE (to get the file save dialog). I usually drag and drop the file onto desktop IE and from there I can make favorite. This should work in all IE 11 and probably IE 10 browsers... if you use other browsers you may need to copy paste into the fields since the File API implementation seems rather browser specific. Running the html page from the local filesystem means that there is no man-in-the-middle which helps eliminate some of the vulnerabilities of using a javascript crypto implementation. You could also copy the attached zip file to your skydrive to decrypt your files from other computers.
Skydrive files in theory are secure (unless they are shared to public) so this might be useful for adding another layer of protection to certain info.
Again, use at your own risk, but feel free to play around and test it, and offer any suggestions or critiques of its soundness, or just use it as a template for your own apps.
Ok... this is really cool! Nice idea, and a good first implementation.
With that said, I have a few comments (from a security perspective). As an aside, minimized JS is the devil and should be annihilated with extreme prejudice (where not actually being used in a bandwidth-sensitive context). Reviewing this thing took way too long...
1) Your random number generation is extremely weak. Math.random() in JS (or any other language I'm aware of, for that matter) is not suitable for use in cryptographic operations. I recommend reading http://stackoverflow.com/questions/4083204/secure-random-numbers-in-javascript for suggestions. The answer by user ZeroG (bottom one, with three votes, as of this writing) gets my recommendation. Unfortunately, the only really good options require IE11 (or a recent, non-IE browser) so RT8.0 users are SOL.
NOTE: For the particular case in question here (where the only place I can see that random numbers are needed is the salt for the key derivation), a weak PRNG is not a critical failing so long as the attacker does not know, before the attack, what time the function is called at. If they do know, they can pre-compute the likely keys and possibly succeed in a dictionary attack faster than if they were able to generate every key only after accessing the encrypted file.
2) Similarly, I really recommend not using a third-party crypto lib, if possible; window.crypto (or window.msCrypto, for IE11) will provide operations that are both faster and *much* better reviewed. In theory, using a JS library means anybody who wants to can review the code; in practice, the vast majority of people are unqualified to either write or review crypto implementations, and it's very easy for weaknesses to creep in through subtle errors.
3) The default key derivation function (as used for CryptoJS.AES.encrypt({string}, {string})) is a single iteration of MD5 with a 64-bit salt. This is very fast, but that is actually a downside here; an attacker can extremely quickly derive different keys to attempt a dictionary attack (a type of brute-force attack where commonly used passwords are attempted; in practice, people choose fairly predictable passwords so such attacks often succeed quickly). Dictionary attacks can be made vastly more difficult if the key derivation process is made more computationally expensive. While this may not matter so much for large files (where the time to perform the decryption will dominate the total time required for the attack), it could matter very much for small ones. The typical approach here is to use a function such as PBKDF2 (Password-Based Key Derivation Function) with a large number of iterations (in native code, values of 20000-50000 are not uncommon; tune this value to avoid an undesirably long delay) although other "slow" KDFs exist.
4) There's no mechanism in place to determine whether or not the file was tampered with. It is often possible to modify encrypted data, without knowing the exact contents, in such a way that the data decrypts "successfully" but to the wrong output. In some cases, an attacker can even control enough of the output to achieve some goal, such as compromising a program that parses the file. While the use of PKCS7 padding usually makes naïve tampering detectable (because the padding bytes will be incorrect), it is not a safe guarantee. For example, a message of 7 bytes (or 15 or 23 or 31 or any other multiple of 8 + 7) will have only 1 byte of padding; thus there is about a 0.4% (1 / 256) chance that even a random change to the ciphertext will produce a valid padding. To combat this, use an HMAC (Hash-based Message Authentication Code) and verify it before attempting decryption. Without knowing the key, the attacker will be unable to correct the HMAC after modifying the ciphertext. See http://en.wikipedia.org/wiki/HMAC
5) The same problem as 4, but from a different angle: there's no way to be sure that the correct key was entered. In the case of an incorrect key, the plaintext will almost certainly be wrong... but it is possible that the padding byte(s) will be correct anyhow. With a binary file, it may not be possible to distinguish a correct decryption from an incorrect one. The solution (an HMAC) is the same, as the odds of an HMAC collision (especially if a good hash function is used) are infinitesimal.
6) Passwords are relatively weak and often easily guessed. Keyfiles (binary keys generated from cryptographically strong random number generators and stored in a file - possibly on a flashdrive - rather than in your head) are more secure, assuming you can generate them. It is even possible to encrypt the keyfile itself with a password, which is a form of two-factor authentication: to decrypt the data that an attacker wants to get at, they need the keyfile (a thing you have) and its password (a thing you know). Adding support for loading and using keyfiles, and possibly generating them too, would be a good feature.
The solutions to 3-5 will break backward compatibility, and will also break compatibility with the default parameters for openssl's "enc" operation. This is not a bad thing; backward compatibility can be maintained by either keeping the old version around or adding a decrypt-version selector, and openssl's defaults for many things are bad (it is possible, and wise, to override the defaults with more secure options). For forward compatibility, some version metadata could be prepended to the ciphertext (or appended to the file name, perhaps as an additional extension) to allow you to make changes in the future, and allow the encryption software to select the correct algorithms and parameters for a given file automatically.
Wow thanks GDTD that's great feedback
Not sure about his minified sources, the unminified aes.js in components is smaller than the minified version (which I am using) in rollups. I'll have to look into what his process for 'rollup' is to see if I can derive a functional set of non-minified script includes. If I can do that it would be easier to replace (what I would guess is) his reliance on Math.random.
His source here mirrors the unminified files in components folder : https://code.google.com/p/crypto-js/source/browse/tags/3.1.2/src
msCrypto that would be great, I had no idea that was in there. I found a few (Microsoft) samples so I will have to test them out and see if I can completely substitute that for crypto.js. Would be more keeping in line with the name I came up with.
Currently this version only works for text files, I am using the FileAPI method reader.readAsText(). I have been trying to devise a solution for binary files utilizing reader.readAsArrayBuffer but as yet I haven't been able to convert or pass this to crypto.js. I will need to experiment more with base64 or other interim buffer formats (which Crypto.js or msCrypto can work with) until I can get a better understanding of it.
Metadata is a great idea, maybe i can accommodate that with a hex encoded interim format.
You seem extremely knowledgeable in the area of encryption, hopefully i can refine the approach to address some of the issues you raised by setting up proper key, salt, and IV configuration... I'm sure I will understand more of your post as i progress (and after reading it about 20 times more as a reference).
Too bad we don't a web server for RT, that would at least open up localStorage for json serialization (mostly for other apps I had in mind). I guess they might not allow that in app store though. Could probably run one of a developers license though (renewed every 1-2 months)?
nazoraios said:
Too bad we don't a web server for RT, that would at least open up localStorage for json serialization (mostly for other apps I had in mind). I guess they might not allow that in app store though. Could probably run one of a developers license though (renewed every 1-2 months)?
Click to expand...
Click to collapse
I cant comment too much on the encryption, GoodDayToDie has covered anything I could contribute and more. But there is a functioning web server on RT. Apache 2.0 was ported: http://forum.xda-developers.com/showthread.php?t=2408106 I dont know if everything is working on it, I dont own an RT device and last time I tried I couldnt get apache to run on 64 bit windows 8 anyway (needed it at uni, spent hours going through troubleshooting guides and it never worked on my laptop, gave up and ran it under linux in virtualbox where it took 2 minutes to have functioning the way I needed it to).
Curious about the performance. Speaking of encryption, 7-Zip has it built-in, and from the discuss in StackExchange, it seems pretty good.
One of the neat things about this thing (local web app? Pseudo-HTA (HTml Application)? Not sure if there's a proper name for such things) is that it runs just fine even on non-jailbroken devices. That's a significant advantage, at least for now.
Running a web server should be easy enough. I wrote one for WP8 (which has a subset of the allowed APIs for WinRT) and while the app *I* use it in won't be allowed in the store, other developers have taken the HTTP server component (I open-sourced it) and packaged it in other apps which have been allowed just fine. With that said, there are of course already file crypto utilities in the store anyhow... but they're "Modern" apps so you might want to develop such a server anyhow so you can use it from a desktop web browser instead.
Web cryptography (window.crypto / window.msCrypto) is brand new; it's not even close to standardization yet. I'm actually kind of shocked MS implemented it already, even if they put it in a different name. It's pretty great, though; for a long time, things like secure random numbers have required plugins (Flash/Java/Silverlight/whatever). Still, bear in mind that (as it's still far from standardized), the API might change over time.
Yep, I think of them as Trident apps since trident is what Microsoft calls their IE rendering engine, but I guess they are sort of offline web apps (which come from null domain). Being from null domain you are not allowed to use localstorage which is domain specific. You also are not allowed to make ajax requests. You just have file api and json object serialization to make do with I/O.
Another app I am working on is a kind of Fiddler app similar to http://jsfiddle.net/ where you can sandbox some simple script programs.
Kind of turning an RT device into a modern/retro version of a commodore 64 or other on-device development environments. Instead of basic interpreter you've got your html markup and script.
I have an attached demo version which makes available jquery, jquery-ui, alertify javascript libraries in a sandbox environment that you can save as .prg files.
I put a few sample programs in the samples subfolder. Some of the animation samples (like solar system) set up timers which may persist even after cleared so you might need to reload the page to clear those.
It takes a while to extract (lots of little files for all the libraries) but once it extracts you can run the html page and I included a sample program 'Demo Fiddle.prg' you can load and run to get an idea.
I added syntax highlighting editors (EditArea) which seems to work ok and let's you zoom each editor full screen.
The idea would be to take the best third party javascript libraries and make them available and even make shortcuts or minimal API for making it easier to use them. Common global variable, global helper methods, ide manipulation. I'd like to include jqplot for charting graphs, maybe for mathematical programs and provide api for user to do their own I/O within the environment.
These are just rough initial demos, and obviously open source so if anyone wants to take the ideas and run with them i'd be interested in seeing what others do. Otherwise I will slowly evolve the demos and release when there are significant changes.
The native text editor on CyanogenMod 12 is launched by selecting a file using the File Manager app. It might be the same app, I don't know.
I would like to make it use Windows line-endings (CR+LF) rather than Unix line endings (LF).
Furthermore, it when I export files from the handset to Windows, all bullet characters (ASCII decimal #149) show up as 3 characters (�, image attached). This is regardless of whether I drag it over using the Windows Explorer interface (MTB USB) or adb pull. Obviously, I want the bullet symbol rather than 3 unrelated characters.
Is there any way to customize the native text editor to behave like Windows text editors?
For context, I just use text files for notes without having to install a non-native app e.g. Notes & Tasks for Microsoft Exchange. If possible, I'm also trying to avoid external text editor apps (basically, apps in general). The reason why I seek compatibility with vim/Windows is because I use vim and Cygwin's diff to sync the files between the handset and the laptop.
Since my text editing needs on the handset are so minimal, I don't need powerful editor that supports code development. I was hoping that there would user settings on the phone for things like line endings and proper interpretation of bullets. I wasn't sure whether those settings would be specific to the editor or OS.
In fact, I wasn't sure that the editor was a separate app (from the file manager or the OS). Using adb to issue a "ps" in the handset did not show any difference in processes between when I was editing a file vs when I was not (at least in the process names, though the process numbers did change), so I haven't been able to identify a separate editor app.
This might be an inaccurate way to suss out the app, since I hear that unless more memory is needed by active apps, smart phone OSs tend to keep apps in memory rather than actually terminatimg the processes. Not something I'm familiar with.
my1stSmartPhone said:
For context, I just use text files for notes without having to install a non-native app e.g. Notes & Tasks for Microsoft Exchange. If possible, I'm also trying to avoid external text editor apps (basically, apps in general). The reason why I seek compatibility with vim/Windows is because I use vim and Cygwin's diff to sync the files between the handset and the laptop.
Since my text editing needs on the handset are so minimal, I don't need powerful editor that supports code development. I was hoping that there would user settings on the phone for things like line endings and proper interpretation of bullets. I wasn't sure whether those settings would be specific to the editor or OS.
In fact, I wasn't sure that the editor was a separate app (from the file manager or the OS). Using adb to issue a "ps" in the handset did not show any difference in processes between when I was editing a file vs when I was not (at least in the process names, though the process numbers did change), so I haven't been able to identify a separate editor app.
This might be an inaccurate way to suss out the app, since I hear that unless more memory is needed by active apps, smart phone OSs tend to keep apps in memory rather than actually terminatimg the processes. Not something I'm familiar with.
Click to expand...
Click to collapse
Better you can use POSIX based text editors in Windows, so that you can retain the collation and formatting.
Otherwise, you can try text converters like dos2unix ( it's available online I guess) to get it work in your phone
I use cygwin & vim. I still have the issue with corrupted bullet characters.
There is an advantage to defaulting to DOS type text files. Vim can handle DOS text files, although it is a paim to search & replace the odd character corruptions. In contrast, DOS text editors can't handle Unix text files. So you can be stuck if your text files are unix by default.
As for dos2unix, I sometimes pipe all vim buffer content through that rather than searching & replacing. I still need to fix the corrupt bullet characters. I don't want to do that for all text files when syncing between handset and laptop. To me, the most efficient solution seems to be to maintain vim/dos style text files on the handset.
I want to develop a database with a GUI front end for the following application.
I want to create a database on PC, where I can store a picture, multiple short descriptions, and a phone scan bar code. I want to be able to print some of this data on a sticky label, especially the bar code.
I then want to put that database on an Android phone, where someone can scan the bar code on the sticky label, and bring up the data, all displaying on the phone in an easy to peruse format.
I want to easily be able to add more data to the PC database through the GUI front end, and be able to update the Android database so the two match.
Is there a free database package that will run on PC and Android so I don't have to create two databases? What would I use to write the front end on the PC and the Android? Is this a major, involved project, or can someone who has never written Android code make this happen? The last time I wrote code was on a DIgital PDP11 in Basic Plus (I'm a dinosaur).
Thanks for the advice.