1). Support from Microsoft have been terminated, but the application can be run even on Windows XP.
2). This application that requires .NET Framework 4.0 Full to run, but installer download the .NET Framework 4.0 full automatically if it doesn't exist in your PC.
A vulnerability of directory traversal was found in the encryption tool "AttacheCase". If this decrypts an altered encrypted file by malicious attackers, it will be expanded into an unintended directory file.
We have confirmed the vulnerability in both the old version (ver.126.96.36.199 or earlier) and the current version (ver.188.8.131.52 or earlier), and those who use these earlier "AttacheCase" should promptly upgrade to a fixed version.
AttacheCase vulnerable to directory traversal
AttachéCase#3 is focusing on using daily use, simplicity and operability of appearance, is a powerful file / folder encryption software that uses a cryptographic algorithm of the world standard ( AES - Advanced Encryption Standard ).
Just 3-step to encryption of files
Just three steps to the encryption.
Just drag and drop the file. Then, you can encrypt the file can easily. If you drag and drop each folder, they are combined into one to create an encrypted file.
Because at the time of encryption this application also compresses the data, so that the size will be compact.
Even decryption (and uncompression) is able to be done by just drag-and-drop, or double-click and enter the password. You can easily restore to the original file and folder.
The output is the self-executable format
In addition, so you can output the encrypted file as executable files, those who doesn't have the AttachéCase can decrypt the file.
Encryption algorithm is the world standard
I've selected the next generation encryption standard AES (Advanced Encryption Standard) "Rijndael" as encryption algorithm. This is adopted by the United States government Institute of Standards and Technology ( NIST ) in October 2000.
Block length in AES has become a 128-bit fixed, but AttachéCase adopted the specifications of the Rijndael, so that the key, and block length have become a 256-bit both.
Random number generates an initialization vector (IV), and then encrypted in CBC mode, has been designed to prevent to parsed by anyone.
RFC2898 key derivation
In the RFC2898, based on the "PKCS # 5 Password-Based Cryptography Specification Version 2.0 (password-based encryption specification)", Random salt (just that salt) is mixed and repeated 1,000 times on password-based key derivation. And outputs a derived key, an initialization vector (IV) in the order. In encryption, it would use both the IV and the key.
Responding to the password-protected ZIP output
Also, the generation function of password-protect ZIP has been added. However, on the specification of a password-protected ZIP, Anyone can open the contents, can see the file name (of course, take out, a password is required).
Encryption strength on standard specification of the password-protected ZIP is weak. However, if you use the option of AES in encryption, archiver differs from software to software, but some of the archiver can't decompress and decrypted. They don't respond to the encryption of AES.
After all, the encryotion function of password-protected ZIP be inferior to other encryption function slightly.
Please note that when you use. In addition, this software don't have a ZIP decryption function for the time being.
The new version "Ver.3"?
"Ver. 2" is released in 2004/07/25, has been constantly evolving little by little up to this point, but it is almost the body side development, and then the data format of encryption has not changed from that time for compatibility. It had come in the design of the remains of nearly at that time.
Since then, there has been a somewhat weak part in the handling of the password. And then the buffer to encrypt was very small, therefore it took time for the encryption and decryption processing. All, was by my clumsy programming at that time.
In addition, I changed also not a little data format. As a result, the information to be stored in the file had become redundant, unnecessary. It has become many things that are no longer unused gradually.
MD5: d5e82612ad7c3138d20632fcdafcfb26 SHA-1: adf5cbb4cbefa475c8e34c82d8957201eac71e3a
MD5: ee589b191e71e88d496244814e7b6ebe SHA-1: 3ce3765927abb5b4b0afa2ee00baafacc596600e
AttachéCase#3 is applied the GPLv3 license.
Copyright (C) 2017 M.Hibara
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
I would be glad to contact me if you would fork the source code and open source, because of I introduce your source code to AttachéCase#3 user on this website and then I would like to receive the feedback.
I built on Microsoft Visual Studio Express 2015 for Windows Desktop , this is a confirmed operation. Source code, but also resource files is included, it will contain all set needed to build. I welcome Issues, bug reports and demand, a pull request, fork, etc.
Dual license ( Commercial license )
When you would like to divert the source code, but you would like to proprietary, I grant, of "commercial license" in the dual license also have been made for a fee. For more information, please contact me E-mail address below.
I do not accept emails, such as basic questions and how to use.
However, feedback and such as "I would like to demand new feature", "Is not it a bug?", Pull requests are welcome. I hope you'll E-mail, or from on GitHub.
Frequently, the users you who were no longer able to decrypt, (this is often the best) First, please review the password. If there is a reproducibility, I would be great that you could send a data set that shows the reproducibility me.
All free to you, but I have done at their own expense. Thank you for your kind attention to this matter.
If you have a bug report, any demand of additional features,
thank you to the Issues on GitHub.
I am busy, so please do not expect a reply E-mail. However, if something else, please contact me E-mail address below.