Data Protection and Privacy Aspects of PEAs

Governments, multinational IT companies and all kinds of criminals are trying to gather masses of confidential information about everyone. And often the collected data is exchanged between these players - voluntary or involuntary.

It's not just about confidentiality itself.

This data can then be used in a variety of ways: Accusations against dissidents, manipulation of consumer behaviour, blackmail, exposure, identity theft, or even directly by emptying bank accounts with account data.

Encryption

All PEAs (PEA = Password Encrypting Archive) are intended to protect our data from unauthorized access.

In addition, the effort of these protective measures for the users should be kept as small as possible, so that they remain suitable for everyday use.

Every application must find a suitable balance between effort and safety. The PEAs try to reduce the effort in normal use to just entering a password.

Meanwhile, many processes run in the background that are invisible to the user:

Sources of entropy, both those of the system and those of mouse movements and the like, will be developed in order to obtain random values for cryptographic algorithms.
Your password will be checked for quality. The strength of the password is reported to the user by colored bars.
A memory-intensive function derives a cryptographic key from the password. Unfortunately, this process takes a little time.
The content is decrypted with the cryptographic key.
The program checks whether the content has been manipulated (authentication).

This cryptographic functions are used in this process:

Threefish as cipher in EAX mode
Catena as key derivation function
Blake2b as hash function

File Encryption on the Disk

File encryption programs like the File Lock PEA encrypt and decrypt files on the device - unlike on-the-fly decryption applications (Calendar Lock PEA,Notebook PEA, Image Lock PEA). The files are available in plain text when they have been decrypted. This can be used universally for all file types, but it carries some risks.

It is quite easy for malicious spyware to access files on the hard disk once it has been installed. It is significantly more difficult to extract file contents from the random-access memory (RAM). Even if it is successful to get to a memory dump and transfer it despite its size - which is much more challenging than copying files from a hard disk - the data in this large bulk is disordered.

In addition, stored information in the RAM is lost after a short time if power is removed - whether due to terminating the system or a crash.

On-the-Fly Decryption or Real-time Encryption

On-the-fly encryption (OTFE), also called real-time encryption means here that the data is decrypted only when and only in memory when it is requested/read.

Decrypting data exclusively in memory requires dedicated software to view and modify this data. Calendar Lock PEA, Notebook PEA and Image Lock PEA are software that has been developed precisely for this purpose.

Calendars, notes or images are automatically encrypted immediately before saving and decrypted immediately after loading. The data on the disk always remains encrypted and cannot be read without using the password.

All PEAs contain the option of transferring the encrypted data into unencrypted files, so that they can be used in other applications, for example. But this requires the explicit action of the user who exports the data.