quicksafe - The easiest way to securely encrypt notes
quicksafe is a tiny Python script that provides a GUI text editor to edit notes that are then encrypted and stored within the script file itself.
Thus notes encrypted with the system bring their own decryption and editing environment, capable of running anywhere Python/Tk can run, perfect for being archived, sent by mail or posted on the web.
To use quicksafe, simply download the script, make it executable (
chmod +x quicksafe), create a copy named whatever you want (e.g.
My Secret Diary), and run it. Changes are saved automatically when you close the editor. The first time you close, you will be asked to set a password, which will be required thereafter in order to open the file. To change the password, make a fresh copy of the original
quicksafe script, open it, copy and paste your text into the editor and choose a new password when you close it.
- Strong security: 256-bit AES symmetric encryption in cipher feedback mode. Salted PBKDF2 key derivation to thwart dictionary attacks and precomputation. Plaintext is never written to disk (except possibly through OS mechanisms such as swapping that are outside of the control of userland programs).
- Compact footprint: The overhead from the script is only 3 KB and all text is zlib-compressed before encrypting, meaning that the entire file comprising script and data is usually smaller in size than the raw text (while remaining pure ASCII).
- Cross-platform: Runs on
🏁Windows, 🍎OS X and 🐧Linux without modifications.
- Future proof: Both Python 2 and Python 3 are supported, ensuring that your notes will remain easily readable for many years to come.
- Code you can understand: Less than 70 lines of functional program code, all highly readable! Audit the entire program yourself in a matter of minutes, or hack it to do whatever you want: Change font and colors, delete itself when a wrong password is entered, send an email each time the file is opened – it's all just a few additional lines away.
from your Python
Scripts directory. If you encounter compilation errors, you need to install a compiler suite (both the purpose-built "Microsoft Visual C++ Compiler for Python" and MinGW are supported).
Note: When using quicksafe on OS X, be aware of bug #2!
Python and Tkinter are installed by default on most Macs, so a simple
sudo easy_install pycrypto
should take care of the requirements. You may be prompted to install the command line developer tools, which are needed for building PyCrypto's native code components from source.
Ubuntu / Linux Mint
sudo apt-get install python-dev python-tk sudo easy_install pycrypto
sudo yum install python-devel tkinter sudo easy_install pycrypto
Potential security issues
While quicksafe is running, your password and the contents of the editor are kept in your computer's memory in plain text. quicksafe makes no attempt to safeguard that data in memory, nor to protect you from keyloggers, screen monitoring tools or other software that may be used to record your password and/or the contents of your file while it is in a decrypted state.
Note also that the security provided by quicksafe is conditional on that of the encryption algorithm used (AES), its implementation (PyCrypto), and, of course, on the quality of your password.
Since quicksafe aims to be a minimal cryptosystem, authentication is not among its goals. Consequentially, an HMAC is not used. In practice, quicksafe should provide a high level of protection against both accidental and intentional modification because the plaintext is compressed before encrypting and most modifications of the ciphertext will result in an invalid zlib data stream after decrypting.
Copyright © 2014 Philipp Emanuel Weidmann (email@example.com)
Released under the terms of the MIT License