A light AES encryption client
Crypto Lite is an extremely simple text encryption app. The basic idea is to present military-grade encryption in as simple a manner as possible; to put high grade encryption in the hands of people who might not be comfortable with it otherwise.
Input text is password encrypted using 256 bit AES into a cipherblock which is distributable via email, instant message, or arbitrary file storage. Of special note, all encryption takes place in the user's browser, eliminating any middleman in the encryption or decryption processes.
Crypto Lite is not intended as a substitute for SSL, PGP, or filesystem encryption, it is simply an extra layer of security to help protect your data in storage or transit.
--- Critical Security Warning ---:
A catastrophic flaw was recently discovered in the OCB2 method (see FAQ). It is imperative that all users update to version 2 and replace stored encrypted data immediately.
How it Works:
1) Type in some text and a password
2) Click encrypt
3) Store/Send the cipherblock the app gives you. You're done.
-No network activity, so no chance for data interception
-No ads or data mining
-Nothing is stored anywhere (no servers to be hacked)
-Produces highly secure AES encryption
-This app is GPL software
-All primary code is now original, but the library it uses for legacy decryption is GPL software
-Phillip Rogaway's patented OCB2 method is used under licence for legacy data decryption
-All images used are either original or were obtained from the public domain.
-I am not responsible for anything you lose, do, or break with this app.
-This app is donationware, and you are looking at the free version of the app right now. This version has no ads, is fully featured, and is unlimited in use; no one should be forced to pay for privacy.
-That said, if you appreciate the app, and feel it deserves a dollar, it really is appreciated in turn.
Q: What happened to OCB2?
A: A paper was recently published, revealing a complete break of OCB2 based cryptosystems. This is not a flaw in Crypto Lite's code and cannot be patched, but represents a fundamental and catastrophic flaw in OCB2, and ALL OCB2 based cryptosystems are affected. All primary operations now use the browser's cryptographic APIs and the AES-GCM method for data confidentiality and integrity.
Q: Can I still decrypt my old data?
A: Yes, though you will get a warning to re-encrypt and replace your data with the new version.
Q: What is the difference between this and the paid version?
A: Functionally nothing. This is donationware; the only difference is that if you donate, you are clinically proven to be a better person. Also, the donation banner goes away, and you get a thank you message in the FAQ.
Q: Why does the big box get blurry when I click outside it anywhere?
A: This is deliberate. It just helps screen your plaintext (like you would have before encryption or after decryption) from peeping toms while you are opening your email or typing in a password.
Q: If I slightly change the trailing character of the iv and salt, it can still decrypt!
A: This is not a bug, it is an artifact of the Base64 padding, and does not actually affect the security of your data. Long and very nerdy story short, AES produces binary data which is not representable (at least in any concise way) in text. Base64 is a way of taking that already encrypted binary data and mapping it to an easily stored or emailed text-based format. Base64 is not where the security of this app comes from, it just makes life easier for you.
Q: Will you keep supporting Crypto Lite?
A: Sort of. My family and full-time job keep me pretty busy, so I probably wont be doing active dev for a while, but I will pop in periodically to check the comments for bugs, questions, or (hopefully) thanks.
Q: This is GPL? How do I get source?
A: The app is nothing BUT source. By the nature of the technologies used, installing this app is synonymous with installing source. Instructions for getting to it are included with the app.