Monday, November 21, 2005

MemoAES

Warning: I only tested this program on Palm OS 5.2 (my Tungsten C) and 4.0 (simulators). Use at your own risk!

What is MemoAES?

The Memo application on Palm lacked a real security feature. Sure, there is a "Security" option to protect selected memos for privacy. But all it does is just "hiding" the memos. By no mean the memos are protected from any experienced Palm user to read them.

Back in the old Palm III days, I started using a free application called Safe. Its interface is exactly like the build-in Memo application, and I believe it is because the application is based on the modified source code of Memo. Safe different from Memo in just one feature: the ability to encrypt the memos. A user pick a password at the first run of the program. Then individual memo can be selected for encryption.

One thing I liked the program is that since the encrypted memo can be synchronized to computers, I can decrypt the memo easily. In fact, I actually wrote a desktop Java application so that I can decrypt and read the encrypted memos.

I liked the program so much that I was still using it when I switched to Tungsten C. But recently I decided to implement something similar for myself to use.

Why re-inventing the wheel?

Several reasons:

  • Safe uses the Triple DES encryption. This algorithm is now considered to be outdated and is not very good against brute force attacks.

  • There was no update version of Safe for many years. The last release was in 1999 and probably based on a quite old version of Memo. The newer version of Memo has many bugs fixed (and has a nice icon in color too!)

  • I have too much time to kill :P


From the implementation point of view, it shouldn't be that hard. Palm is nice enough to include the source code of Memo in the SDK. And many encryption libraries are available for Palm. I choosed the AESLib not only because it is already installed on my Palm, but also AES is a promising encryption algorightm.


Screenshots



The first time you run the program, you need to define the password.



Create your memo as usual. If you want to encrypt this memo, enable it in the Details dialog.


List view of memos.



Every time you entered the password to encrypt or decrypt a memo, the password is memorized for that session so you don't need to re-enter it. But once you leave the application and come back later to open an encrypted memo or try to create a new encrypted memo, you will be prompted for the password.


You can open the encrypted memo with the build-in Memo application. But all you will see is something like garbage.



For geeks only:

  • The hex string inside the squre barcket is the MD5 hash of the original content

  • The encrypted content is stored in Base64 format

  • You could copy-and-paste the base64 encoded text to other programs to decode it and then decrypt it with the standard AES algorithm



Download

I created this application for my own use only. There will be NO technical supported from me. No gurantee whatsoever. Use at your own risk.


  • MemoAES depends on AESLib for the encryption. You can get it from the offical site or here.

  • Download MemoAES itself

  • Install both files to your palm



License of AESLib
/*
 -------------------------------------------------------------------------
 Copyright (c) 2003, Copera, Inc., Mountain View, CA, USA.
 All rights reserved.

 LICENSE TERMS

 The free distribution and use of this software in both source and binary
 form is allowed (with or without changes) provided that:

   1. distributions of this source code include the above copyright
      notice, this list of conditions and the following disclaimer;

   2. distributions in binary form include the above copyright
      notice, this list of conditions and the following disclaimer
      in the documentation and/or other associated materials;

   3. the copyright holder's name is not used to endorse products
      built using this software without specific written permission.

 DISCLAIMER

 This software is provided 'as is' with no explcit or implied warranties
 in respect of any properties, including, but not limited to, correctness
 and fitness for purpose.
 -------------------------------------------------------------------------
 Issue Date: March 10, 2003
*/







No comments: