Encryption works, but how to protect file from edits using key

Kavin Sood

I wanted a secure text file with personal information protected. Using securepad, i am able to encrypt text to garbled nonsense which cannot be decrypted without a key, but it doesn’t prevent anyone from just deleting or messing around with the file.

Example:

hehe this is my secret file

with a key of 1234 will become

B07D1AB4EBADF4F2C69190EC8770CD1A3E9CBF5E94E57905CB1DC62E791BBAF2

which is great, but i can edit this file and add whatever I want, so when I decrypt it, random nonsense is included, like

hehe this is my secret f뉀GXŸªǐ®¹ѷ_nmb»fDÁaߞø:þ

So what can be done here? Any plugin within npp++ would be great. Or will it have to involve other programs? If you also regularly use password protected text files in any other app, please let me know.

Alan Kilborn

@Kavin-Sood said in Encryption works, but how to protect file from edits using key:

So what can be done here?

Not really sure what you’re asking for, or what your expectation is.

If I had to guess, I might suggest making your file read-only after you encrypt it.

PeterJones

@Kavin-Sood said in Encryption works, but how to protect file from edits using key:

but it doesn’t prevent anyone from just deleting or messing around with the file.

There is nothing you could do in Notepad++ (or any other text editor, for that matter) to prevent the editor from editing the text that you open in the editor (unless the file is read-only, but any tech-savvy person can bypass read-only file status in a Windows environment that they have control over).

The better idea is to encrypt and sign your secure text file; by checking the signature, you can tell whether the message has been edited. (This is what Don Ho allows users to do when he makes the gpg signature for Notepad++ – see the most recent download – we can compare the downloaded binary to the signature, and make sure the file hasn’t been changed, and we can check that the person who signed it has access to Don Ho’s private signing key, thus knowing he is the one who published the signature). Since you cannot prevent the file from being modified, you can at least let yourself know if it has been modified, so you know whether to trust it or not.

Kavin Sood

@PeterJones hmm that seems like what I will have to do. Using gpg signature and keeping backups. Thanks!

dinkumoil

@Kavin-Sood

There is an en-/decryption plugin for Notepad++ called NppCrypt. You can find it when looking into Plugins Admin. It is available for 32 bit and 64 bit versions of Notepad++.

The plugin supports various encryption methods and is able to add an HMAC to authenticate the encrypted document. This way it is not possible to change the encrypted document anymore, its decryption will fail. That means you need backups of your encrypted documents.

Set up in a desired way, the plugin is able to automatically decrypt encrypted documents when they are opened and to automatically encrypt them when they are saved.

Important hint: If the plugin author updates the plugin (happens very rarely), the new version might fail to decrypt documents encrypted with an old version of the plugin. This already happened two times in the past.