1). Support from Microsoft have been terminated, but the application can be run even on Windows XP.
2). This application that requires .NET Framework 4.0 Full to run, but installer download the .NET Framework 4.0 full automatically if it doesn't exist in your PC.
A new directory traversal vulnerability has been discovered in AttachéCase.
Details can be found at the following URL.
Multiple directory traversal vulnerabilities in AttacheCase
AttachéCase#3 is focusing on using daily use, simplicity and operability of appearance, is a powerful file / folder encryption software that uses a cryptographic algorithm of the world standard ( AES - Advanced Encryption Standard ).
Just 3-step to encryption of files
Just three steps to the encryption.
Just drag and drop the file. Then, you can encrypt the file can easily. If you drag and drop each folder, they are combined into one to create an encrypted file.
Because at the time of encryption this application also compresses the data, so that the size will be compact.
Even decryption (and uncompression) is able to be done by just drag-and-drop, or double-click and enter the password. You can easily restore to the original file and folder.
The output is the self-executable format
In addition, so you can output the encrypted file as executable files, those who doesn't have the AttachéCase can decrypt the file.
Encryption algorithm is the world standard
I've selected the next generation encryption standard AES (Advanced Encryption Standard) "Rijndael" as encryption algorithm. This is adopted by the United States government Institute of Standards and Technology ( NIST ) in October 2000.
Block length in AES has become a 128-bit fixed, but AttachéCase adopted the specifications of the Rijndael, so that the key, and block length have become a 256-bit both.
Random number generates an initialization vector (IV), and then encrypted in CBC mode, has been designed to prevent to parsed by anyone.
RFC2898 key derivation
In the RFC2898, based on the "PKCS # 5 Password-Based Cryptography Specification Version 2.0 (password-based encryption specification)", Random salt (just that salt) is mixed and repeated 1,000 times on password-based key derivation. And outputs a derived key, an initialization vector (IV) in the order. In encryption, it would use both the IV and the key.
Responding to the password-protected ZIP output
Also, the generation function of password-protect ZIP has been added. However, on the specification of a password-protected ZIP, Anyone can open the contents, can see the file name (of course, take out, a password is required).
Encryption strength on standard specification of the password-protected ZIP is weak. However, if you use the option of AES in encryption, archiver differs from software to software, but some of the archiver can't decompress and decrypted. They don't respond to the encryption of AES.
After all, the encryotion function of password-protected ZIP be inferior to other encryption function slightly.
Please note that when you use. In addition, this software don't have a ZIP decryption function for the time being.
The new version "Ver.3"?
"Ver. 2" is released in 2004/07/25, has been constantly evolving little by little up to this point, but it is almost the body side development, and then the data format of encryption has not changed from that time for compatibility. It had come in the design of the remains of nearly at that time.
Since then, there has been a somewhat weak part in the handling of the password. And then the buffer to encrypt was very small, therefore it took time for the encryption and decryption processing. All, was by my clumsy programming at that time.
In addition, I changed also not a little data format. As a result, the information to be stored in the file had become redundant, unnecessary. It has become many things that are no longer unused gradually.
MD5: 01769180b4c049b3a25ae3cc37dc29c1 SHA-1: 4f88eeb43f79160db5eed42141cc31bdf66a8e5c
MD5: 4d7358be42638003774cbc73f0b1b5f3 SHA-1: a29c856cc6a48404e7fbb34a13c48e40e023cbd8
In the AttacheCase, vulnerability issues have been discovered several times in past versions,
and the source code has been modified or fixed.
However, some problems remain that do not fundamentally resolve even with the current version.
Although it may be attacked by encrypted file tampered by by third-party malicious person, it is considered that the degree of problem generation from these vulnerability is low.
However, if you are concerned about them, please refer to the following page which summarizes past vulnerability discovery, circumstances, avoidance method and so on.
AttachéCase - Vulnerability
AttachéCase#3 is applied the GPLv3 license.
Copyright (C) 2017 M.Hibara
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
I would be glad to contact me if you would fork the source code and open source, because of I introduce your source code to AttachéCase#3 user on this website and then I would like to receive the feedback.
I built on Microsoft Visual Studio Express 2015 for Windows Desktop , this is a confirmed operation. Source code, but also resource files is included, it will contain all set needed to build. I welcome Issues, bug reports and demand, a pull request, fork, etc.
Dual license ( Commercial license )
When you would like to divert the source code, but you would like to proprietary, I grant, of "commercial license" in the dual license also have been made for a fee. For more information, please contact me E-mail address below.
I do not accept emails, such as basic questions and how to use.
However, feedback and such as "I would like to demand new feature", "Is not it a bug?", Pull requests are welcome. I hope you'll E-mail, or from on GitHub.
Frequently, the users you who were no longer able to decrypt, (this is often the best) First, please review the password. If there is a reproducibility, I would be great that you could send a data set that shows the reproducibility me.
All free to you, but I have done at their own expense. Thank you for your kind attention to this matter.
If you have a bug report, any demand of additional features,
thank you to the Issues on GitHub.
I am busy, so please do not expect a reply E-mail. However, if something else, please contact me E-mail address below.