Secure Password Transfer (SPT)

This tool has been created to solve the following issue:
A password secured file needs to be transfered to a recipient. This recipient also needs the actual password for opening this file. Today, it is common practice to send this password in plain text to the recipient using email or by text message to the recipient's mobile phone. This way of exchanging the password is, of course, unsafe and beats the purpose of sending a password secured file in the first place.

Secure Password Transfer solves this issue by encrypting the password using X509 certificates. The resulting encrypted text can now safely be transfered using standard email.

Features

• Automatically detects which public certificate was used for encrypting so that the matching private certificate will be used for decrypting
• Save the content of the Result Textbox to Clip board or to .SPT file
• Generate personal X509 certificates
• Encryptes and decrypts diacritical characters
• .SPT file extension association to Secure Password Transfer.
  Double click on .SPT and the content will automatically be loaded into Secure Password Transfer.

Field of application

• Exchanging passwords by email
• Exchanging custom private messages by email

How does it work?

First both the sending and the receiving party need to set up SPT and the receiving party needs to send its public certificate to the sending party.

Setup steps

• Both parties need to install the SPT tool
• The receiving party does the following:
  1. The receiving party creates a X509 certificate using SPT.
  2. The receiving installs the newly created certificate into the local machine.
     By default SPT will do that for you automatically when the certificate has been created successfully.
  3. The receiving party sends its .cert file to the sending party.
     DO NOT SEND ANY OTHER FILE THAT WAS CREATED BY SPT!
• The sending party does the following:
  1. installes the received .cert file of the receiving party into its local machine
  2. creates a secure message using SPT and send it to the receiving party

Exchanging a secured message

• The sending party does the following:
  1. Within SPT the sending party enters the password to be encrypted the The Message textbox
  2. Selects the recipient's certificate from the Public certificate dropdown list
  3. Clicks on the Encrypt button
  4. Copies the content of the result textbox on to the clipboard by clicking on the Copy to Clipboard button
  5. Creates an email message for the receiving party and pasts the content of the clip board into the message and sends it off.
• The receiving party does now the following:
  1. Opens the received email message
  2. Copies the received code which starts with { and ends with one or more = and pastes that into the SPT's The message textbox
  3. Now clicks on Decrypt and the sent password apears decrypted in the result text box.

Screenshots

Encrypting the message 'Hello World'

Decrypting the encrypted message resulting back into the 'Hello World' message.

License agreements

Please read the following license agreement carefully.

By installing this application and / or using it you have accepted these terms and conditions.

Legal Notices

Secure Password Transfer makes use of the application OpenSSL.
Please read the following legal notices for Secure Password Transfer and OPENSSL carefully before continuing.

Secure Password Transfer Legalities

This software uses strong cryptography and makes use of OpenSSL.
It may be legal to create, maintain and distribute this from liberal countries as in Europe,
it still falls under certain export/import and/or use restrictions in some other parts of the world.
In some parts of the world it is illegal:

• to export/import strong cryptography software
• use strong cryptography software
• communicate technical details about cryptography software
• distribute/re-distribute cryptography software
• email technical suggestions or patches pertaining cryptography software to the author or to other people.
• provide cryptography hooks

You are strongly advised to pay close attention to any export/import and or use laws
pertaining to cryptography software that apply to you.
Aditservice is not liable for any violations you make.

Credit

Beta tester: Paul Heath.

OPENSSL Legalities

This software package uses strong cryptography, so even if it is created, maintained and distributed from liberal countries in Europe (where it is legal to do this), it falls under certain export/import and/or use restrictions in some other parts of the world.
PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD.
SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU.
THE AUTHORS OF OPENSSL ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE.
SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.

CREDIT INFORMATION:

This product includes cryptographic software written by Eric A. Young (eay@cryptsoft.com).
This product includes software written by Tim J. Hudson (tjh@cryptsoft.com).
For more information regarding OpenSSL please visit http://www.openssl.org/

Update Information 2014-04-08

On 7 April 2014, OpenSSL published a security advisory for their OpenSSL toolkit. Secure Password Transfer program makes use of OpenSSL version 1.0.1f but does not make use of the OpenSSL Transport Layer Security (TLS) protocol nor the OpenSSL TLS heartbeat function. Therefore, Secure Password Transfer version 1.0.11 is not affected by the TLS heartbeat read overrun (CVE-2014-0160) bug. This issue is also known as the heartbleed bug.