1). Support from Microsoft have been terminated, but the application can be run even on Windows XP.
2). This application that requires .NET Framework 4.0 Full to run, but installer download the .NET Framework 4.0 full automatically if it doesn't exist in your PC.
The previous vulnerability countermeasure was insufficient, and a directory traversal vulnerability was found in the AttachéCase.
In addition, a vulnerability has been discovered in which a malicious crafted setting file "_AtcCase.ini" attached to AttachéCase by a malicious third party and when this application would be executed, it is possible that an arbitrary script has be executed.
Details about these two vulnerabilities can be read at the following URLs.
Multiple directory traversal vulnerabilities in AttacheCase
AttacheCase vulnerable to arbitrary script execution
AttachéCase#3 is focusing on using daily use, simplicity and operability of appearance, is a powerful file / folder encryption software that uses a cryptographic algorithm of the world standard ( AES - Advanced Encryption Standard ).
Just 3-step to encryption of files
Just three steps to the encryption.
Just drag and drop the file. Then, you can encrypt the file can easily. If you drag and drop each folder, they are combined into one to create an encrypted file.
Because at the time of encryption this application also compresses the data, so that the size will be compact.
Even decryption (and uncompression) is able to be done by just drag-and-drop, or double-click and enter the password. You can easily restore to the original file and folder.
The output is the self-executable format
In addition, so you can output the encrypted file as executable files, those who doesn't have the AttachéCase can decrypt the file.
Encryption algorithm is the world standard
I've selected the next generation encryption standard AES (Advanced Encryption Standard) "Rijndael" as encryption algorithm. This is adopted by the United States government Institute of Standards and Technology ( NIST ) in October 2000.
Block length in AES has become a 128-bit fixed, but AttachéCase adopted the specifications of the Rijndael, so that the key, and block length have become a 256-bit both.
Random number generates an initialization vector (IV), and then encrypted in CBC mode, has been designed to prevent to parsed by anyone.
RFC2898 key derivation
In the RFC2898, based on the "PKCS # 5 Password-Based Cryptography Specification Version 2.0 (password-based encryption specification)", Random salt (just that salt) is mixed and repeated 1,000 times on password-based key derivation. And outputs a derived key, an initialization vector (IV) in the order. In encryption, it would use both the IV and the key.
Responding to the password-protected ZIP output
Also, the generation function of password-protect ZIP has been added. However, on the specification of a password-protected ZIP, Anyone can open the contents, can see the file name (of course, take out, a password is required).
Encryption strength on standard specification of the password-protected ZIP is weak. However, if you use the option of AES in encryption, archiver differs from software to software, but some of the archiver can't decompress and decrypted. They don't respond to the encryption of AES.
After all, the encryotion function of password-protected ZIP be inferior to other encryption function slightly.
Please note that when you use. In addition, this software don't have a ZIP decryption function for the time being.
The new version "Ver.3"?
"Ver. 2" is released in 2004/07/25, has been constantly evolving little by little up to this point, but it is almost the body side development, and then the data format of encryption has not changed from that time for compatibility. It had come in the design of the remains of nearly at that time.
Since then, there has been a somewhat weak part in the handling of the password. And then the buffer to encrypt was very small, therefore it took time for the encryption and decryption processing. All, was by my clumsy programming at that time.
In addition, I changed also not a little data format. As a result, the information to be stored in the file had become redundant, unnecessary. It has become many things that are no longer unused gradually.
MD5: bb7162c242432e52a576404bcd440dc7 SHA-1: 837ae560b555e856c0130c9daf7ca0b6a5e29e3a
MD5: 5e992efbffd94d966be13f7258cfc758 SHA-1: 6ca05307cf65c47114bd849c1b8024e3242ba6f9
In the AttacheCase, vulnerability issues have been discovered several times in past versions,
and the source code has been modified or fixed.
However, some problems remain that do not fundamentally resolve even with the current version.
Although it may be attacked by encrypted file tampered by by third-party malicious person, it is considered that the degree of problem generation from these vulnerability is low.
However, if you are concerned about them, please refer to the following page which summarizes past vulnerability discovery, circumstances, avoidance method and so on.
AttachéCase - Vulnerability
AttachéCase#3 is applied the GPLv3 license.
Copyright (C) 2017 M.Hibara
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
I would be glad to contact me if you would fork the source code and open source, because of I introduce your source code to AttachéCase#3 user on this website and then I would like to receive the feedback.
I built on Microsoft Visual Studio Express 2015 for Windows Desktop , this is a confirmed operation. Source code, but also resource files is included, it will contain all set needed to build. I welcome Issues, bug reports and demand, a pull request, fork, etc.
Dual license ( Commercial license )
When you would like to divert the source code, but you would like to proprietary, I grant, of "commercial license" in the dual license also have been made for a fee. For more information, please contact me E-mail address below.
I do not accept emails, such as basic questions and how to use.
However, feedback and such as "I would like to demand new feature", "Is not it a bug?", Pull requests are welcome. I hope you'll E-mail, or from on GitHub.
Frequently, the users you who were no longer able to decrypt, (this is often the best) First, please review the password. If there is a reproducibility, I would be great that you could send a data set that shows the reproducibility me.
All free to you, but I have done at their own expense. Thank you for your kind attention to this matter.
If you have a bug report, any demand of additional features,
thank you to the Issues on GitHub.
I am busy, so please do not expect a reply E-mail. However, if something else, please contact me E-mail address below.