OPEN SOURCE       REQUIRES .NET 3.5 

Encrypt and Decrypt files with AES-256, launch the
encrypted files with their default Windows applications
by simply double-clicking

 
                              


E: encryption controls
 D: decryption controls
ED: encryption & decryption control


 For encryption of multiple FOLDERS and Partitions rather than single files, please check out the new TrueClickt application.

Most recent version: V 2.9
Minor security-unrelated improvements


Highlights of V 2.8
Security-unrelated improvements
addressing file access sharing


Highlights of V 2.7
Efficient memory operation to handle 
files > 1GB on computers with limited RAM               

Option for encrypting file names inside cipher text

Possibility to give encrypted files any names &
extensions and decrypt them normally

Drag&Drop file(s) onto the program, type password and
press ENTER to encrypt or decrypt;
 simply double-click encrypted files to decrypt and launch them
ENCRYPT OPTIONS
PlainFile->CipherFile hide file names:
Wraps all file information inside the cipher text. Random file names are generated for encrypted files.
 These files can then be freely renamed (with or without keeping the *.rjnd extension, see below) without affecting future decryptions.
file shredder:
 Erases&deletes PlainFile upon successful encryption
DECRYPT OPTIONS
CipherFile->PlainFile file shredder:
Deletes CipherFile upon successful decryption
launch files: decrypted file is automatically launched with its default Windows application
1-session decrypt: decrypted file is securely erased upon exiting the program
save edits on exit: decrypted file is automatically re-encrypted to save all changes made to the file.
If file shredder is checked, the decrypted file is then overwritten with random bytes and deleted.
decrypt from *.*: Checking this option forces decrypt operation on any provided files, regardless of the extensions they have.

For example, if some encrypted file is named
"test.rjnd",
NETCPPcrypt will know what to do with it.

However, if one renames this
"test.rjnd"
file to
"test.doc",
NETCPPcrypt will not know that "test.doc" is an encrypted file and needs decryption.
Checking the decrypt from *.* option will tell NETCPPcrypt to decrypt "test.doc".
Thus, if one chooses to rename encrypted files
"setup.rjnd",
"my_doc.rjnd"
"passwords.rjnd"
to 
"setup.ini",
"my_doc.doc"
"passwords.txt" to obfuscate them,  
NETCPPcrypt will still be able to read and decrypt them normally.



AES256 is often referred to as 
"an algorithm certified to be used up to top secret level" PDF.
(this is true if AES256 is implemented correctly)
 
=========================================
"Can I trust *this* AES-256 implementation?"
=========================================
You have to decide yourself.
The program is built around the Rijndael library from
the .NET framework.

Algorithm Validation:
Test vectors = PASS (i.e. the algorithm produces 
expected test ciphers from known inputs).

Download the test files produced with
NETCPPcrypt from here: 7zip files
Key(256)
08090A0B0D0E0F10121314151718191A1
C1D1E1F21222324262728292B2C2D2E 
Initial Vector
00000000000000000000000000000000
Plaintext
069A007FC76A459F98BAF917FEDF9521
Ciphertext
080e9517eb1677719acf728086040ae3

Algorithm: Rijndael AES-256
Mode: symmetric, CBC
256-bit Key derivation: PBKDF1
Hash: SHA512

Complete source code is available 
upon request.

=========================================
"Anything important?" 
=========================================

Have a back up of your important files.
Learn how to use the program with some
unimportant files first. If you mishandle a
password or encounter problems 
upon decryption, it is likely the end of the story
and you can forget about those files.     


=========================================
 "How to do file or password recovery?" 
=========================================

It is not doable.

The security is achieved not by "obscuring"
the data, but rather by using a mathematically
solid transformation on each bit such that without
a password, reverse transformation is impossible.
Every bit inside the encrypted files is cryptostream.

Examining the source code of NETCPPcrypt
will have no value for decrypting files without
their passwords.

There are no publicly known ways to do a
"backdoor recovery" of passwords or files
encrypted with AES-256.

If that would be more convincing to someone
- no person or a company on the market
promise to "recover" or cracks AES-256 data.
No matter how much one would be willing
to pay for that.

=========================================
"What does "file shredder" do?"
========================================= 
When doing full decryption, this option
simply deletes the encrypted file.

When encrypting or doing one-session
decryption, the method is a little more
elaborate.
The program fills the unencrypted file
with a cryptographically strong random
stream. Then it deletes the file.

1, 3, 10 or 50 random refills are possible
prior to file deletion.
 
To check file shredding, one could
try file recovery tools like Active Undelete.
Sometimes unencrypted file name can be
recovered, and the file should contain
only garbage data.

On a side note - NETCPPcrypt could serve
as a file shredder if one encrypts a file with
random keys, with shredder enabled.

=========================================
"Anything interesting?" 
=========================================
Yes.

1.
A number of popular encryption programs
leave a mark in the beginning or the end of their files.
Not NETCPPcrypt.
The encrypted text is pure cipher. It does not contain 
any headers or marks that reveal which program
has produced it.

2.
Encrypted files can be given
any names and any extensions.

The *.rjnd extension is natively
recognized by NETCPPcrypt, but
it reveals that the file is encrypted with
NETCPPcrypt.

To avoid this, one may change *.rjnd to *.txt
 and still decrypt the file later normally
using the decrypt from *.* option.

The resulting file will have only randomly
looking bytes inside and a neutral file name
that cannot be used to prove the file is
encrypted rather than filled with random
data produced by secure file wiping with
one of the many file shredding programs.

Together with actually having one of 
such file wiping programs installed, this
would provide
plausible deniability

One could place a neutrally named 
encrypted file in the same folder with
unencrypted files. If all files
in that folder are drag-dropped onto
NETCPPcrypt at once, they all
will be attempted to be decrypted and
once the encrypted file(s) is (are)
found, it (they) will
be decrypted and launched as usual.

If different hidden encrypted
files are present in the same folder,
only those with matching passwords
will be launched at once.

Therefore, it is possible to have a folder
with many files having different
names and extensions, encrypted and
unencrypted, drag & drop all of these
files onto NETCPPcrypt at once, and
observe different decrypted files
as the output depending on the password
used (if the different encrypted files
inside the folder have different passwords).

3.
Encryption never produces the same cipher twice!
For example, encrypting a text file containing
this text:

"Look, a different ciphertext is produced every
time this file is encrypted!"
three different times produced three different outputs,

CipherFile 1:
ЖLЙќЋM„Lau8FБ€DЪ}{z‘ЖYїдВ8Ѓ 'ы‚]wЋЂ)фПY¶Vљ– _џ.˜к3ч k8Хз‚eФбs])”Lћ?гО”Ѕё‘vўйqш0ЬRKЇjx“FI7¦15ЫзJЂ@СЂО6‡z`РдЉиЎTіЌЗЈёс熔УЕB=ё
password used: test

CipherFile 2:
ѕЁЖ9ZёЭrFZэЇЭnbzF°ФШҐ4_€
password used: test

CipherFile 3:
 GHЫsСВli”TјO]Ц«#Ґ}€0сЩO>eџ›‹Щbx)) ЊLс[o7(#«1ОLvь[ыs" Ђ»Пїьаўн!џ‚bЛЙЩоїИV—їuН•@wЌрўЁN7ќфл!з”5c»lпиГф¶яьR~qЯќћё_“ёЊbЇRЃ)H‡Nр‰ј€A€Пm
password used: test


NETCPPcrypt could decrypt all three files back to:

PlainFile 1:
Look, a different ciphertext is produced every time this file is encrypted!
PlainFile 2:
Look, a different ciphertext is produced every time this file is encrypted!
PlainFile 3:
Look, a different ciphertext is produced every time this file is encrypted! 

4.
For newly encrypted files, file creation dates are
set to a random reasonable past date.

Time stamps are preserved for files
decryped using 1-session decrypts with Read-Only
access ("save edits on exit" unchecked).
During such sessions neither file content
nor file attributes change.
                    
 =========================================


The program is free and has no restrictions, except it should
not be distributed without my "Yes", if any modifications to  
the code were made. Thank you.

Download V 2.9


Windows XP/Server 2003/Vista
Requires .NET 3.5 framework 
 
ActiveX control is required to navigate the site