5.4.3
Frank Miller
FinalCrypt
NEW UNBREAKABLE ONE-TIME PAD AUTO KEY ENCRYPTION
George Orwell

Frequently Asked Questions


FinalCrypt

  1. The software deserved an appropriate name. The most important property is One-Time Pad Encryption which can't be broken
    Non OTP encryption algorithms will be broken over time. OTP encryption truly is final. Therefor it was named FinalCrypt

  2. Because Creative Commons License - Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)
    legally protects FinalCrypt from people building in back-doors and release a malicious version of FinalCrypt to the public

    The more popular GPL3 license doesn not protect software and users against malicious changes being rerelease to the public

    Changing the FinalCrypt source code for personal use is allowed of course

  3. FinalCrypt uses the Oracle java.security.SecureRandom class as it's cryptographic random number generator
    Oracle's java.security.SecureRandom is FIPS140-2 & RFC1750 compliant and generates non deterministic output
    However, in every external dependency hides a potential uncertainty, which is why extra precautions have been taken
    FinalCrypt extra seeds and encrypts two SecureRandom streams with each other to generate even more secure random output
    This costs 25% in performance, but the product of these extra precautions add an extra layer of random security to the keys
    In 2013 it was confirmed that the NSA inserted a backdoor in the NIST certified cryptographically secure pseudorandom number generator
    Breaking encryption is the NSA's core business, therefor (as a cryptographic software developer) you can never be too cautious!

  4. No, that's private, but our webserver can't avoid logging the IP address of FinalCrypt doing a Check Update Request
    This is how we know how many FinalCrypt users there are, but further than that nothing else is gathered or uploaded

  5. Yes, all FinalCrypt releases are uploaded to VirusTotal to be scanned for malicious software at 70 anti-virus companies
    Please feel free to check FinalCrypt your self for spyware or malware any way you wish or Test FinalCrypt Checksums here

  6. The short answer is in the Key Directory (selected on the right panel)
    Just remember: Key File = [Key Directory] + [Full Path Encrypted File]

    Here is an example:

    Encrypted File: C:\Users\steve\Documents\My secret loveletter.doc.bit
    Key Directory : D:\KF\
    Auto Key File : D:\KF\C\Users\steve\Documents\My secret loveletter.doc.bit

    Click the Key Match or Key Write num field to print the correlated key file

    If your target files moved to another location (for whatever reason) and FinalCrypt can't match any keys then there's a trick to find the expected key location
    Copy an unencrypted file (with a File Manager) to FinalCrypt's Target Directory (left side) and select it as a target and verify youy Key Directory (right side)
    Click on the Key Write number showing [1]. to print the path of the key that will be created for this file. That's where the keys of the encrypted files should be

  7. Your Key Directory holds your One Time Pad Key Files which are automatically created and selected
    The first time you use FinalCrypt you can select any empty directory as your (Auto) Key Directory
    It's highly recommended that your Key Directory of choice is stored on a fast external USB drive
    Every time you start FinalCrypt you go into that same Key Directory (on the external USB drive)

    More information on: how Auto Key works

    It is highly recommended that you also set a password when encrypting in case your key files are lost / stolen.

    Backup your encrypted files AND key files together on an external (USB) drive
    For more info please see: "How do I best backup my encrypted files and key files ?"

  8. Initially FinalCrypt started without Key Generator, allowing users to select personal images and videos as key files
    The idea was that even supercomputers couldn't guess (render) all combinations until it bit accurately got a picture of me and my cat

    Crypto experts then said that FinalCrypt was actually a sort of One-Time Pad Encryption breaking OTP rules because of two reasons:

    1. Personal images or videos are NOT truly random
    2. Re-use of keys (1 key encrypting multi files) causes drastic deduction of random key patterns making encrypted files vulnerable

    In version 2.6.0 I added the Create Key button with a cryptographically strong random number generator to comply with One-Time Pad security
    In version 5.0.0 I added Automatic Key generation, which allowed FinalCrypt to (batch) encrypt all files with One-Time Pad security by default

    To keep backwards compatible I kept the Create Key button, so users can still work with manual keys and second that button has more functions
    The Create Key button under certain conditions changes to the Create & Clone Key Device function which can be used on UNIX operating systems

  9. Yes FinalCrypt can decrypt across different Operating Systems and File Systems

    However, UNIX systems (such as Apple OSX and Linux) mount file-systems at different locations
    which causes the directory structure of encrypted files to change, going from one system to another
    FinalCrypt then can't find the keys anymore as it expects encrypted file paths to be identical to the key file paths underneeth the Key Directory

    Here is an example:

    Operating System

    Encrypted File

    Key Directory

    Key File

    MS Windows initial key path

    D:\mydoc.doc.bit

    E:\

    E:\D\mydoc.doc.bit

    -GNU/Linux -faulty key path

    /media/user/Docs/mydoc.doc.bit

    /media/user/Keys

    /media/user/Keys/D/mydoc.doc.bit

    -GNU/Linux correct key path

    /media/user/Docs/mydoc.doc.bit

    /media/user/Keys

    /media/user/Keys/media/user/Docs/mydoc.doc.bit


    Correcting the key directory structure (from red to green) puts the Key Files where FinalCrypt expects them
    The only thing you need to keep in mind is: Key File = [Key Directory] + [Encrypted File Full Path]
    Correct the key directories while you check the Key Match field to see if the key files match up again

    If you're having difficulty realigning the key directory structure then there's a little trick you can do to make it a bit easier:

    Copy an unencrypted file (with a File Manager) to your (root) Target Directory (left side) and select it as a target and select your (root) Key Directory (right side)
    Click on the Key Write number showing [1]. to print the path of the key that would be created for this file. That path is where your (root) Key Directory is expected

    In Juli 2019 FinalCrypt was Cross OS & FS tested with FAT32 & ZFS data-files and NTFS, EXT4 & ZFS key-files
    First encrypted on Windows 10 and then decrypting on Linux (Ubuntu 18.04) and FreeBSD 13 / GhostBSD 19.04

  10. Yes FinalCrypt (like most applications) has no notion of any underlying disk encryption
    FinalCrypt just creates files and writes file-data to any physical or logical file-system
    This has been tested on LUKS and VeraCrypt successfully (with different file-systems)

  11. Make sure that at every backup you also backup your key files together with your encrypted files as pairs
    Decrypting your files also deletes the correlating key files. When re-encrypting then new keys are created
    It is for this reason that re-encrypted files can not be decrypted with previous versions of key files

    Backups of encrypted file - key pairs can be quite simple
    Just schedule 1 backup that has 2 includes:

    Include 1: My Documents (holding your encrypted files)
    Include 2: Key Directory (holding your (My Documents) key files)

    The backup output (on USB drive) will usually be a directory name with a (backup) date
    Every time you backup, a new backup directory with a new date will be added.

    Good backup solutions make sure that unchanged files (between the last backup and the current backup) are hard linked before it synchronizes the changes (from Include 1 & 2)
    That way backups only grows when files change, but it only works on file systems that support hard links like NTFS for Windows 10 and virtually all other UNIX file systems

    Linux has Back in Time & Apple has Time Machine for hard linked backups, so you only need to find equivalents for Windows

  12. Most likely you're using a texteditor like notepad or wordpad to open up a .bit file
    Encrypted file data is virtually all random binary data comming from random key data
    Text editors don't know what text encoding to use on random data and use default encoding
    Modern computers use UTF8 encoding (large variety of international characters and symbols)

  13. FinalCrypt does not recognise encrypted files by the .bit extension
    FinalCrypt looks inside the file to see if it has a Message Authentication Code (MAC)

    The MAC consists of 2 x 70 bytes located at the beginning of the data. You can use a hex-editor to see the MAC

    The 1st 70 bytes is fixed plain text: "FinalCrypt - File Encryption Program - Plain Text Auth Token Version 2"
    The 2nd 70 bytes is the encrypted version of the plain text. This is how FinalCrypt can authenticate with a key

  14. Your (Auto Key) key files have identical names of their encrypted files and also have a .bit extension
    Doing a search for .bit files would also match all your encrypted files, so how can you tell them apart
    FinalCrypt also can't tell if a file is a Key File, without having the encrypted file and the password

    But there's a trick that might help by doing the following: (FinalCrypt does not traverse Linked directories)

    Download JAVA8 U 221 to the “Downloads“ directory
    Download finalcrypt.jar to your “Downloads“ directory.
    Open a Files-Manager and go to your “Downloads” directory and Install JAVA8

    Start a DOS Shell: (Windows) Open StartMenu and search for "cmd" and open it and type:.

    ================================================================================
    java -cp Downloads\finalcrypt.jar rdj/CLUI --decrypt --test -w "*.bit" -k . -t Documents\

    Scanning files...finished

    No decryptable targets found

    Wrong key / password?


    Scanning results:

    C. Continue test
    1. print 51 decrypted files (409,5 MiB)
    2. print 51 encryptable files (409,5 MiB)
    3. print 68341 encrypted files (94,0 GiB)
    4. print 0 decryptable files (0,0 Bytes)
    5. print 0 empty files
    6. print 0 symlink files
    7. print 0 unreadable files (0,0 Bytes)
    8. print 0 unwritable files (0,0 Bytes)
    9. print 99 hidden files (12,8 MiB)
    10. print 0 unencryptable (0,0 Bytes)
    11. print 68341 undecryptable (94,0 GiB)
    12. print 0 key matched files (0,0 Bytes)
    13. print 51 key write files (409,5 MiB)

    What list would you like to see ? 1
    ================================================================================

    Now print num 1 the decrypted files

  15. If you encrypted with a password then in principle the only way to decrypt your files is to guess the right password
    This process however can be automated, so if you've exhausted guessing the right password then come ask for my help
    Although currently there isn't any brute force software avaiable for FinalCrypt, it can be developed if really needed
    Beware that brute-forcing passwords comes without guarantees. It all depends on how hard your password is to guess

  16. No, sorry, this is why you need to make backups!

  17. FinalCrypt is a fulltime job with years of research and development without getting paid!
    On top of that supporting individual users takes many more hours of my time also unpaid!
    I'm not complaining and do it for the good, but I've got no finacial means to advertise
    All this must be worth at least 10 seconds of your time to share FinalCrypt with others

    The sharing really isn't for me, but for all the others out there that don't know about FinalCrypt
    I help making the software and if we all help spreading the word a little then we can take back our privacy

  18. All the major Operating Systems are supported

    Microsoft Windows: XP, Vista, 7, 8, 10 etc.
    Apple OSX 10.7.3 or higher
    Linux (many distribution)
    BSD: FreeBSD, GhostBSD (OpenJFX)
    Solaris x64
    Solaris Sparc
    HPUX (best effort)
    AIX (best effort)

    The major Mobile Operating Systems are not supported

    Apple IOS
    Google Android
    Windows Mobile

    The non major Mobile Operating Systems are best effort supported

    Librem PureOS
    Plasma Mobile

    If anyone has the opportunity and wants to test FinalCrypt on PureOS or Plasma Mobile then you're more than welcome to ask for support

  19. Yes absolutely, there are a number of voluntary roles available:

    Web Hosters to host and mirror the FinalCrypt website
    Translators to translate FinalCrypt to other languages
    Ambassadors to promote and create public attention for FinalCrypt
    Test Engineers to test FinalCrypt on different systems (where possible)
    Security Engineers to find possible exploits and vulnerabilities in FinalCrypt
    Support Engineers to support FinalCrypt users on different systems (where possible)

    Please contact me if you wish to volunteer: Email | Telegram

  20. Every “thank you” is really appreciated, but FinalCrypt depends on users spreading the word as I don’t have the financial means to advertise
    I don't accept donations, but please thank me by sharing online. FinalCrypt is also a public protest telling “Big Brother” enough is enough!

Personal

  1. My name is Ron de Jong born in 1969 currently living in Zaandijk (close to Amsterdam) The Netherlands. At 13 I started programming Basic on an Atari 600XL
    At 15 I dropped out of school when my father suddenly died and was unemployed or busting my ass like a donkey as a truck driver, bus cleaner or in factories
    Later I picked up and finished Telematics & LAN Management education and worked for 15 years as a UNIX Systems & Software Engineer mostly for large companies
    Intense work and training with systems and software engineering allowed me to contract from 2006. After 2008 things went down hill and I ended my paid career
    I could no longer function without severe stress in bright light, noisy, social and commercial environments and in 2013 I was diagnosed with Autism (Asperger)
    After some years of trying to find my new way in life I wanted to do something for society, but this time in an autism friendly way (from home) helping people
    Using my IT knowledge and experience and my autistic philosophical worldview I decided to develop Free (Digital Human Rights) Software for the ordinary people

  2. In my career encryption always played a part, but more as something you'd use, assuming that encryption algorithms were as secure as the authorities claimed
    Over the years more and more news came out that vulnerabilities of crypto algorithms were deliberately exploited to expand Big Brother espionage on civilians
    Thanks to people like Edward Snowden, Julian Assange and established news-media, we now know we can’t trust national security agencies to respect our privacy
    I came to realize that only One-Time Pad Encryption is truly unbreakable. A straight forward crypto algorithm that can’t be reversed with math or brute-forced

  3. After my autism diagnosis I tried to understand my social limitation in an attempt to understand what social behaviour really is, but couldn’t find objective answers
    Reading the book "On the origin of the human mind" and further philosophising about Human Evolution of Social Behaviour I came to some interesting conclusions
    Social behaviour actually is about group hunting competences, stealth behavioural observation, covert communication, cooperation, planning, deception and attack
    These competences are still deeply embedded in our primal human instinct, allowing us to overthrow opponents and enemies, keeping us on top of the food chain
    Unfortunately we humans also use these competences against each others to dominate and exploit, mostly for economic reasons. The pieces of the puzzle fitted together
    Humans spy on each other where possible and I was determined to design and build unbreakable encryption from the ground up not trusting any encryption library
    Also Disk Encryption can't be trusted as spyware (spying data in the background, accessed by governments) simply waits until the user unlocks the encrypted disk
    The only way of encrypting files unbreakable was to develop mature One-Time Pad Multi File Encryption software from the ground up now called FinalCrypt

  4. That's a horrible thought, but do we blame BMW when a killer kills someone with a BMW ? or do we blame IKEA when someone kills a person with an IKEA kitchenknife ?
    Many terrorists were created by governments when they put dictators in power for cheap oil contracts allowing these bad regimes to torture their own people
    FinalCrypt serves a greater purpose. Capitalistic exploitation of the masses causes a far greater death toll, where people in financial problems commit suicide
    Where the elite upper class through financial political influence negotiate to limit legal rights of the working class in order to maximise revenue and profits
    Causing tension in working class families, all caused by society's perverted system of reward and de-humiliation driving people in fears competition for prestige
    Where governments spy on civilians on how to best exploit them for labour, driving them over the edge hurting others whom fall victim to enrich the upper class
    FinalCrypt is about restoring dis-proportioned power balances between the common people and governments exploiting their power in favour of the self serving elite
    Tax money is used to suppress the same people who work hard to pay high tax and where people in power shamelessly waste tax money to just keep budgets next year
    FinalCrypt is also for governments and industries, so their secrets can't be stolen by other nations. FinalCrypt aims to restore power balance for all humans