PCSecrets is a PC application that holds information that you want to keep secret - protected by a master password and strong encryption.
The program is designed to be a PC counterpart of the Secrets for Android app. It uses the same data structure and provides a synchronization mechanism that allows easy transfer of secrets between the two. For those who find the personal computer environment more comfortable for data entry and editing (i.e. keyboard/mouse/screen technology), PCSecrets provides an alternative environment for managing your secrets. Synchronization is also effectively a form of backup.
Encryption
PCSecrets uses AES-256 bit encryption which is the strongest commercially available encryption scheme. In addition it employs bcrypt, an algorithm which implements key stretching with an adaptive key setup phase.
The purpose of the bcrypt algorithm is to introduce artificial but complex processing into the key hashing processes, processing that takes a relatively large amount of time and delays the creation of the encryption and decryption ciphers that will be used. In PCSecrets, this setup phase is configured to take one second (as measured on the current computer) which is not really perceptible to the user. However, the result of this delay is that any attempt to break the encryption by guessing the password is considerably slowed down, since each password guess is forced to go through the same processing to create the decryption key.
This makes it highly resistant to dictionary attack.
(See "key stretching" and "bcrypt" on Wikipedia for more information.)
Features
Features of PCSecrets are:
the same strong encryption used by Secrets for Android
a form of cryptographic plausible deniability, whereby a hidden second set of secrets can exist that is protected by a different password
synchronization with multiple Secrets for Android devices i.e. phones, tablets
synchronization data is always fully encrypted
automatic backup on save can be enabled
import and export of CSV, JSON and XML data
written in Java, so can be executed on any system with a suitable Java Virtual Machine
An individual secret is a collection of text fields. These have names such as userid and password, and lend themselves to data used to access Internet sites, but this is only a suggestion and the fields can be used in any way you want. In particular, the note field is provided as a catch-all for holding any unstructured text. The exception is the first field, the description. This is used as the name of the secret, and must be unique.
Compared with…
... other programs that will protect your secrets (normally password-orientated). Two of the leading ones are:
LastPass
- keeps your secrets data in the cloud i.e. someone else controls it
- needs a server account for access, and browser add-ins to work
- doesn’t support mobiles (unless you pay)
KeePass
- has no synchronization mechanism as such across platforms. You need to copy your secrets data from one platform/device to another (using some external mechanism), thereby overwriting any changes you may have made on the target platform.
Installation
For Windows, download and run the install.exe file. This process will check that Java is installed.
For other platforms (Mac and Linux), download the zip file:
For Debian Linux (and derivatives, such as Ubuntu, Mint etc), there is a simple shell script provided which will install the program files in /usr/share and create an entry in the applications menu.
For other systems, the process is manual. You should copy the PCSecrets jar file to your desktop or some other suitable location, and mark it executable. If the default open action for a .jar file on your computer is to open using the Java run-time, then simply double-click on the jar file. Otherwise right-click on the jar file and select the Java run-time to open with.
If Java is not installed then you will have to do this before running PCSecrets. You can use the Oracle/Sun Java, or OpenJDK on Linux. PCSecrets requires at least Java version 6, but the latest Java version 7 is recommended. If you have Java 6 installed, you would be advised to replace it with the latest Java 7 as there are known to be security issues with the earlier versions. There are also problems with the Nimbus UI Look and Feel (the best looking interface) with Java 6 prior to version 1.6.10.
To support full 256-bit encryption, your Java installation may need additional files - see AES 256-bit encryption support and Java JDKs later in this document.
The program needs network access to allow synchronization with Secrets for Android. If you have a firewall active, you may need to configure it - see Network Access at the end of the document. On Windows you may get a firewall security alert for the Java runtime when you first run PCSecrets, which you should allow (unblock).
Getting Started
When first run the program will prompt for an initial password. Try not to use a simple password - a mixture of letters, numbers and special characters but no spaces (leading, trailing or embedded) is recommended - and don't forget it! Subsequent executions of the program will require the same password to be provided - if you can't then your secrets will not be accessible. The password can be reset by providing a new one, but all existing secrets will be lost. There is no way to recover a forgotten password.
(Password advice is provided at the end of the document.)
Although your initial password cannot contain spaces (because your can provide two - see below), subsequently you can change the password to anything you like, including spaces.
Optional second set of secrets
You can initially provide two passwords i.e. separated by a space. In this case you actually create two sets of secrets, independently encrypted and independently accessible. When you subsequently start PCSecrets, you can provide either password to access the corresponding set of secrets.
The two sets of secrets are stored as a single chunk of binary data, combined with a random amount of randomly created “junk” data (so you can’t infer the existence of a second set by the file size). Externally it is not detectable that two sets of secrets exist, so if someone were to force you to reveal the password(s) to your secrets, you could deny that a second set of secrets existed without anyone being able to prove otherwise. This is known as plausible deniability.
The Main Window
The main window shows a list of secrets on the left, and a panel showing the details of the selected secret on the right. Beneath these is a row of buttons. The buttons below the list apply to your secrets as a whole; those below the details panel apply to the current secret or data in the form.
Creating a secret
To create a new secret, simply type your data into the details panel and click "Create". The description of the secret becomes its name, that is shown in the list on the left. (The term "description" is used to make it compatible with Secrets for Android - in data terms it is the key of the record.) The set of fields that make up a secret are the same as used by Secrets for Android, and all values are optional apart from "description".
Create will be ignored if a secret with the same description already exists. Descriptions are case-insensitive.
The "Clear" button is provided as a quick way to clear the details panel of values before creating a new secret.
Updating a secret
Select the secret by clicking on its entry in the list. Make your changes and click "Update".
If you change the description, you are now dealing with a different secret (because you've changed the key). If it doesn't exist, update will be ignored. You can copy a secret by selecting it, giving it a new description and clicking "Create".
If you modify a secret but forget to click "Update", the changes will not be saved.
Deleting a secret
Select the secret (or type its name in the description field) and click "Delete". If you attempt to delete a secret that does not exist, the request is ignored.
Saving
Click "Save all" to save changes to disk. If changes have been made and you exit the program without saving, you will be prompted to do so. If you do exit the program without saving, changes made since the last save will be lost.
Import and export
Secrets can be imported and exported in CSV, JSON and XML formats.
CSV is a simple and commonly used data exchange format.
Both JSON and XML are more complex, and can be used by applications exporting data in many different ways. Rather than support data exported from specific applications, PCSecrets implements a generalised import facility for JSON and XML. It attempts to identify elements within the data that are potentially a source of secrets - repeated elements with simple values (these collections of repeated elements are assumed to be homogeneous, otherwise the task would be impossibly complex). You are presented with a list of these candidate subsets to inspect so you can choose the most suitable.
Import a file
To import secrets from an external file, select File->Import… Use the selection dialog to help locate the file to be imported and click "Open".
For a CSV file...
The subsequent Input Field Names dialog identifies the field names from the CSV header record, if present, or numbers the fields sequentially if there is no header. By clicking “Continue” you are taken to the common Mapping dialog.
For a JSON or XML file...
After opening the file, a dialog shows what (if any) subsets of potentially useful data were found in the structured data. Click “Details” in any row to see more information about them. Choose one of the subsets and click “Continue”.
Mapping dialog
This dialog allows you to map the fields in the input data to secrets fields. The initial mapping shown is based on matching field names.
To change any mapping, click the Input field name in the Mapping section and choose a field from the dropdown. If there is no suitable mapping for the secrets field, choose “none”. An input field can be used more than once.
A Timestamp field is used to give a secret a last updated time and is used during synchronization.
When the mapping is correct, click "Import".
Export to a CSV/JSON/XML file
Select File->Export...
Choose a location for the exported file, provide a file name, choose the file format and click "Save".
Be aware that secrets are exported in clear text, so be sure to delete the file as soon as possible, preferably with a command or program that overwrites the data e.g. shred.
Synchronizing with Secrets for Android
The PCSecrets sync agent needs to be installed on the Android device alongside Secrets for Android.
Synchronization takes place wirelessly. It requires your Android device to be connected to the local wifi network. Your firewall rules may need to be adjusted to allow for Java inbound UDP and TCP transmissions. On Windows, if your local network is marked as “Private/Work” then firewall rules should not need to be adjusted.
No other network configuration is necessary - the agent and PCSecrets should detect each other automatically.
To synchronize your secrets, click the PCSecrets "Sync" button and the program will wait for the agent to connect. This must be done before selecting the “Sync” option in Secrets for Android.
Synchronization password
Secrets are exchanged with the device only in encrypted format, and the password that will be used for this synchronization process must be specified in both PCSecrets and Secrets for Android. This password does not have to the the same one either uses for storing their secrets, but it must be the same password at each end of the exchange.
PCSecrets will by default use the same password that it uses for storing secrets. Alternatively you can set a preference so you are asked for a different password when "Sync" is clicked.
On the Android device you provide the password by configuring it in the PCSecrets sync agent. You do this by creating a special secret in Secrets for Android, as described in the agent documentation.
The synchronization process
The program will automatically try to make the secrets in each location the same. In doing this, it follows these rules:
A secret that:
exists only in one location is created in the other
has been updated in one location is copied to the other *
has been deleted in one location is deleted from the other *
* provided that the secret in the other location has not itself been modified since the last sync operation. If it has been, a conflict exists which the program cannot resolve automatically, and you will have to indicate what you want it to do. The program will open the sync window so you can do this.
Normally the sync window will only be shown if a conflict exists that you have to resolve. If there are no conflicts the sync operation will complete automatically. Alternatively, you can set a preference so that the sync window is always shown even though they are no conflicts. You may want to do this so you can see exactly what is going on.
The Sync window
The sync window shows the list of all secrets on the left, and two panels on the right which show the contents of the selected secret on the PC and on the mobile device. Items in the list are colour coded to show their status, and checkboxes can be used to show or hide the different categories.
By default only secrets that differ between platforms are shown, although all secrets can be shown by checking the "Show unchanged" checkbox.
Everything except conflicts are shown for information only and require no action - if secrets differ, the program determines where the latest version is and automatically uses it to update the other location. Note that the content panels are normally read-only; only in the case of a conflict will you have the opportunity to modify the contents of a secret.
Conflicts are always shown and must be resolved before the sync operation can be completed. If you cancel the sync operation no changes are made.
Resolving conflicts
A conflict occurs if a secret has been modified on both the PC and device, or been changed on one and deleted from the other, since the last sync operation. In both cases, the user has to indicate how to proceed, as follows.
If modified in both locations
Select the conflicting secret in the list window. The contents of the secret on PC and device are shown in the corresponding panels. You should update the PC secret to reflect the correct secret contents, and click "Mark as merged". If the PC secret is already the correct content, just click "Mark as merged". If the device secret is the correct version, click "Copy to PC Secret" and then "Mark as merged".
When the sync completes, the PC secret will replace the device secret.
If modified in one location and deleted from the other
Select the conflicting secret in the list window. The PC and device panels will show in which location the secret has been deleted. Your choices are:
If the deletion is correct i.e. you want the secret also to be deleted from the location where it remains, click "Confirm deletion"
If the deletion is not correct i.e. you want the secret to be reinstated in the location from where it was deleted, click "Undelete". When the sync completes, the secret will be reinstated from the existing copy.
When all conflicts have been resolved, click the “Complete Sync” button (which will be now be enabled) to complete the sync operation.
Sync timeout
By default Secrets for Android will only wait for two minutes for the sync operation to complete. This is so communication won't hang forever if sync was selected and PCSecrets is not active, or if there is some communication problem. You can change this value in the agent configuration in Secrets for Android.
If the operation does timeout before it completes, no changes are made. The operation can simply be retried.
Sync with two sets of secrets
Secrets for Android does not support the idea of having more than one set of secrets. Sync simply operates with the set of secrets that is currently being accessed in PCSecrets.
View sync devices
Selecting View-Devices on the menu bar lets you view details of the Android devices that have synchronized with the program. Each device is identified by its Android device id, but the device view allows you to provide a “friendly” name for future identification.
Preferences
Access via the File->Preferences... menu option. The Preferences window is divided into these sections:
Sync
Here you can change the port numbers used by the program. This would only normally be necessary if the ports are in use. Note that this requires a change to the Secrets for Android sync agent configuration so the same port is used.
Backup
Backups can be automatically created whenever a save is performed. The number of backup files that are kept can be specified - when the number is reached, the oldest file is deleted when a new one is created.
To make use of a backup, simply copy it to the PCSecrets directory, and rename it to secrets.dat after removing the existing one. Remember that if you have changed your password, you will need to use the password that was current when the backup was created.
Key Setup
This allows you to specify how long the encryption key setup phase should take (described earlier). By default this is set to one second. The value is specified in milliseconds.
Any change does not take effect until the encryption ciphers are regenerated. You trigger this by selecting the Regenerate Ciphers option of the File menu. The secrets are saved at the same time.
The ciphers are also regenerated when you change the password.
The current key length is also shown. This is for information only and cannot be changed. If PCSecrets is using a 128-bit key because of the current installation, it will show here.
Look and Feel
Allows the look and feel of the UI to be changed. The default is the Java “Nimbus” Look and Feel (LAF).
There is a LAF for each system that emulates the native look of the system’s user interface.
For the Mac platform, the native LAF is “Aqua”. However, there is a problem (possibly just Java 6 on OS X, following “Java for OS X 2013-004” update) with this LAF not displaying certain dialogs. So you should be wary of using it. The properties dialog may not display using Aqua under these circumstances, which means that you cannot reset the LAF once Aqua is selected! You would have to manually edit the pcsecrets.prop file and remove the lookAndFeel entry so the LAF would return to the default.
Log level
You can set the log level for diagnostic purposes. The log is created in the home directory and named java{n}.log.
By default the log level is set to warning. Be aware that with the log level set to a finer level (info or fine) diagnostic information may be written to the log that could be used to compromise the security of your secrets. So do not as a matter of course set the log level below warning, and if you do, make sure you reset the log level afterwards and securely delete the Java logs.
AES 256-bit encryption support and Java JDKs
Oracle/Sun Java is subject to US export controls and by default is limited to 128-bit encryption. In order to enable 256-bit support, you must install the “Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files”. These can be downloaded in a zip file from the Oracle website, and simply involves copying the two policy files local_policy.jar and US_export_policy.jar into the Java runtime, replacing the versions already there.
PCSecrets will show you the location of the Java runtime it is using - select Help->System info and look for the “java.home” value. Simply append “\lib\security” to this value to determine the target directory for the policy files.
For Windows, a typical example would be
c:\Program Files\Java\jre7\lib\security
although this will vary depending on whether you are using Java 6, have a 64 bit installation, or using a JDK.
OpenJDK, which is Oracle’s open-sourced version of Java, is not subject to these controls and is automatically enabled for 256-bit encryption. Unfortunately the OpenJDK distribution is only available for Linux.
The simplest approach is to use OpenJDK if it is available for your system. If you have to use Oracle/Sun Java, you must install the policy files as described.
After installing the new policy files, you must have PCSecrets recognize the new 256-bit capability by restarting it and selecting the File -> Regenerate ciphers menu action.
But do you really need 256-bit encryption?
The simple answer is: not really. The time it would take for the fastest supercomputer in existence to crack 128-bit AES encryption that used a truly random key is a lot longer than the remaining lifetime of our planet (4-5 billion years). The fact that 256-bit encryption would take even longer is therefore pretty academic.
Passwords
The key point above is the use of a truly random key. When the key is derived from a password typed via a keyboard and not being specified directly (i.e. by providing a raw 128- or 256-bit string), the number of possible keys is considerably reduced. The problem for a cracker changes from trying every possible combination of bits in the key to trying possible passwords - a much smaller problem.
The complexity of your password determines the effective key length of the encryption, which in most cases will be far less than the theoretical 128 or 256 bits. For example, a typical 8 character password chosen from an "alphabet" of 94 characters has been estimated to have an effective key length (“entropy”) of 18. Similarly, a 12 character password has an effective key length of 34, and a 20 character password a key length of 42.
The message is therefore that in order to be as secure as possible, you should choose as long and complicated a password that you can remember - the longer and more complex the better. PCSecrets doesn’t limit the length of password you can use, or the characters in it (apart from the initial password which cannot have spaces). Longer passwords needn't be too hard to remember - one suggestion is a mnemonic created using the first letter of each word in a verse of your favourite song.
The internet has lots of advice on password selection.
Network Access
If you have a firewall active you may need to configure it otherwise the sync feature will not work.
PCSecrets uses UDP port 53165 for discovery by the Android device, and TCP/IP ports 9100 and 9101 (configurable via Preferences) to interchange encrypted secrets.