Secret for PalmPilot

Secret

I'm not paranoid. I don't think I have to protect all personal data on
my PalmPilot.  I don't want to bother with the tedious built-in password
protection. And I heard it isn't  even very secure.

There are, however, some information like passwords and PINs that do
need protection from unauthorized access.  Sadly enough, the number
of secret numbers and codes I receive is constantly growing and I
really can't memorize all of them. That's why  I felt the need for an
application that stores those numbers and passwords in a secure way. It
encrypts/decrypts the information every time I call it. It should be
easy to use (no graffiti needed) and has to hold only a limited amount
of data.  It uses a reasonable strong encryption algorithm so that the
amateur hacker won't succeed.

So here is Secret for PalmPilot V2.0 &copy;, the one secure place for
confidental data on your PalmPilot.

It is free but copyrighted for legal reasons. Mail me  if you want to
see the source.

Installation and Usage

After installing the file secret.prc (use instapp.exe from your pilot
directory) on the PalmPilot you start with the  "Please enter password"
screen. You can enter any phrase consisting of up to 8 characters. You
can use the on-screen keyboard as well as Graffiti letters. If this is
the first time you use Secret, you will be asked twice for your password
to rule out any typos. This is the only password you will ever have
to remember to get access to all your passwords, PINs if you keep them
in Secret.

If the password you entered was correct, you get access to the "Secret
data" screen. Here you can manually enter text or use the menu command
"Paste" to paste text that was copied from e.g. MemoPad. Everytime
you click "Close" or switch to another application, this data is
encrypted using your previously entered password. The same happens if
no user interaction occurs for more than 30 sec. So if you forget to
"Close" your secret data the program will do so automagically before the
PalmPilot turns auto-off. The secret data is never left unencrypted in
the data base.

Secret data may be structured into various categories. You can edit,
delete or add categories (and the corresponding records) when you click
on the "Edit categories..." pull down list entry. Each category name
can be up to 20 characters long.

You can change or disable the auto-close timeout and the number of lines
to scroll with the Preferences menu from the Secret Data screen.



Upgrade

Secret 2.0 has been totally rewritten and the encryption algorithm
has been changed. No direct upgrade of the data is possible. However,
Secret 2.x has a different AppID than the 1.x versions. This means you
can have both Secret 1.x and Secret 2.x in your PalmPilot, making it
easy to copy/paste data from one application to the other.

Background

Secret 2.x uses the strong IDEA public encryption algorithm with 128bit
keys which is used in many free and commercial encryption programs.

The database that holds the (encrypted) secret information will get
backed up with the standard hotsync and survive any soft resets as well
as release changes. If you have to do a hard reset on the PalmPilot, you
can install secret and the Secret2.pdb file from your backup directory.

Known bugs and problems


-  there should (some day...) be a Windows application, i.e. a conduit,
that can encrypt/decrypt the Secret database on the PC
-  category order can not be changed



History

Thanks for all your feedback.
-  V2.0

new encryption algorithm, totally rewritten, new AppID
-  V1.5a

fixed security bug with database on desktop, please delete
<username>\backup\SecretDB.pdb and hotsync again
-  V1.5

added multiple categories, redesign: faster and less memory usage, /P
for paste on popular demand
-  V1.4a

mixed up r/w and r/o, so cut/paste only worked in read-only -- fixed
-  V1.4

included preferences, e.g. for setting time-out
-  V1.3

numerous small bug fixes, including iterim release v1.2a

security bug in backup db now really fixed

enter up to 8 digits as key fixed -- may be incompatible to older keys
(previous version cleared password after 5 digits)

error if no password entered (data wouldn't be encrypted in this case)
-  V1.2

 problem with scroller update fixed by using  Wes Cherry's pilrc v1.4

fixed (?) small security bug in backup database
-  V1.1

added "0" and "C" buttons

added read-only feature and possible graffiti input
-  V1.0

first public version



Andreas Linke,  a.linke@sap-ag.de,  13-Oct-97
Copyright (c), 1997, by Andreas Linke, Heidelberg, Germany

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:

1. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution.
3. All modifications to the source code must be clearly marked as
   such.  Binary redistributions based on modified source code
   must be clearly marked as modified versions in the documentation
   and/or other materials provided with the distribution.
4. All advertising materials mentioning features or use of this software
   must display the following acknowledgment:
     This product includes software developed by Andreas Linke.
5. The name of Andreas Linke may not be used to endorse or promote
   products derived from this software without specific prior
   written permission.

THIS SOFTWARE IS PROVIDED BY ANDREAS LINKE ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED.  IN NO EVENT SHALL ANDREAS LINKE BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
