Action→ Set master password
This document was written for Key Xchanger 0.3. Certain things may be different if you have a different version.
Appendix A: Securely deleting files
Appendix B: Auto type syntax
Computers get faster everyday and that means only one thing. Your passwords are getting weaker. The more complex your password, the harder it is to break and even harder to remember. When using an application like KeePass, your password can never be strong enough.
This is where Key Xchanger comes in. Key Xchanger helps you create, manage and use passwords (also known as keys) that are extremely long and extremely hard to break. This also makes them almost impossible to remember, unless you are a prodigy of some sort. Key Xchanger saves these keys on a trusted device like a cell phone. Since most of us have one of these days, it provides an ideal platform for such an application.
[Top]
[Top]
Since there is no standard method of installing Java applications on mobile devices, instructions in this section are very general in nature and you will need to refer to your device's usage manual if you are not familiar with installing applications on your device. Technically speaking your device needs to be MIDP 2.0 compliant. For a list of MIDP 2.0 compliant phones click here. I cannot comment on this page's accuracy or say for sure if this list covers all known devices. It would be best to check with your user manual.
In general to install a Java application you will need you need a .jad and .jar file pair. These files can be located by going to
Start Menu → Programs → Key Xchanger→ Device Application
You will see keyXchange.jad and keyXchange.jar. Install these files to your device.
[Top]
This step is optional, but highly recommended
This has some advantages
WARNING! Setting a master password does not add any protection to your key on a computer that you have set your password on.
To set your master password, fire up the Key Helper application by going to...
Start→ Programs→ Key Xchanger→ Key Helper
Step 1: Select
Action→ Set master password
Step 2: Enter your password twice
Step 3: Click OK
Some additional notes
[Top]
On your computer:
To set your master password, fire up the Key Helper application by going to...
Start → Programs → Key Xchanger → Key Helper
Step 1: Select
Action → Generate key file
Step 2: Move your mouse randomly over the dialog to generate random data until the buffer is filled
Progress is show using the progress bar.
The 'Save and Close' button will automatically be enabled once the buffer is full.
Step 3: Click the 'Save and Close' button.
Step 4: You will be prompted to enter a file name. Select the file to which your key can be saved.
Be very careful with this file. It is not protected in any way and any person can who gets hold of this file can access data protected with this key. Perform the next step as soon as possible and securely delete this file. This is not the normal delete operation that you usually perform.
[Top]
On your computer:
Step 1: Initial setup. Make sure you have paired your phone with your computer.
You can check this by going to Control Panel > Bluetooth
Once you are done you should be able to see your device as seen in the image above. If you are not sure how to go about this, visit http://www.rickysays.com/pair-bluetooth-device-with-computer for a quick run down on how to do this.
Also make sure your computer is discoverable. Make sure the "Turn discovery on" check box is selected. Otherwise your phone will not be able to find your computer
Step 2: On your computer:
Once again, fire up the Key Helper application by going to...
Start → Programs → Key Xchanger → Key Helper and then select
Action → Send new key file to device
Step 3: Select the key file and whether you would like to encrypt the file using the master password.
The key file you select does not have to be generated using the Key Helper application. You can use key files generated by other applications as long as the entire file contains purely random data.
Step 4: On your computer: Click 'OK'. Key Helper will now wait for your device to connect via bluetooth. Messages will be displayed on the main window in the application
Step 5: On your phone: Start the Key Exchanger application on your phone. The first time you start it, it will automatically begin to search for bluetooth devices nearby and you should see your computer in the list once it is done. This search operation may take some time.
Once your computer is found you are also given an option to remember the hosts. Doing so will save you a lot of time the next time you need to connect to the same host.
Step 6: On your phone: Press 'OK'. The phone will now try and establish a connection with the host and get the key from the computer.
Step 7: On your phone: You are now prompted to give your key a friendly name. This will help you identify the key the next time you need to use it. You can save more than one key on your mobile phone. These keys can be come from different hosts and can be encrypted using different master password. But as mentioned previously, only a host with the same master password will be able to decrypt and use your key.
[Top]
Once you have a key saved on your phone, you will be able to send the key back to any computer that requests for a key. If you have chosen to encrypt your key, only computer(s) with the same master password using will be able to decrypt and use the key. Even on the same computer there are several different places you can be prompted for for your key. In general the application you are using will say 'Waiting for device to connect...'. Follow the instructions below to send the key to the host...
On your phone:
Step 1: Select the host from the saved list, if you saved it previously. If a connection is successfully established skip over to Step 4.
Step 2: If you have not saved a host or if there was an error connecting to the saved host, the application will automatically start to search for new computer available nearby. In this case your computer must be discoverable
Step 3: The application will then list out all the bluetooth devices it has found in it's current range. The devices you see here do not necessarily mean that they are running Key Xchanger. Select your computer and if you would like to save this host to quickly establish a connection with it in the future. The connection details will be saved only if a connection is successful after you hit OK.
Select OK to continue.
Step 4: Key Xchanger will now show you a list of keys saved on your phone. Keys will be represented by the friendly names you assigned them in section 6. Select the key and press 'Send' to send the key to the host.
Step 5: The key will be sent and the application will quit.
[Top]
The auto type function is very useful in places where only passwords work. For most of us, this constitutes 90% of our logins. But this does not mean you need to remember or type your complex passwords everytime. Follow the instructions below to learn how to do this.
On your computer:
Let us assume your very complex password is "vErYc0mp!3Xp4ssWorD" without quotes. Let us assume that this password will be used to login to your gmail account.
Step 1: Open notepad or any other text editor and enter your password.
Note:
1.
In some cases charecters typed will not be directly translated to a key stroke. To read a full description of the syntax, read Appendix B: Auto Type Syntax
2. The entire sequence of keys must be on one line. If you have more than one line in your file, the auto type will fail
3. The maximum size of a key file is 1024 charecters. You will need to fit the entire sequence of key strokes within this limit. Special keys with special codes will use more than one charecter, so be careful.
Step 2: Save the file and send it to your phone. This is the same as sending any key file.
Step 3: Make sure Key Xchanger is in the auto type mode my selecting it from the Action menu.
Step 4: Go to the gmail login page. Enter your username and position the cursor at the password box. Make sure your browser is focused from here on. It ok for the Key Xchanger dialog to be hidden or even minimised.
On your phone:
Step 5: Open the Key Xchanger application and send the key to your computer. Key Xchanger will now automatically type the password for you. If you want to try it out open notepad and trying sending the key again. Notice how it actually types your password for you.
If you master the auto type syntax, you can have Key Xchanger enter your username and you password as well. To auto type both the username and password in the example above, your password file would look something like this
"keyxchanger.help{TAB}vErYc0mp!3Xp4ssWorD" (without the quotes of course)
If you installed the KeePass plugin during installation, you will be able to use Key Xchanger with KeePass. The Key Xchanger installation will establish itself as a key provider with KeePass. This section will guide you through various KeePass operations involving Key Xchanger.
Step 1: If you are creating a new KeePass database, then select the name of your database.
If you already have an existing database, then unlock it, and then select File > Change master key in the KeePass application.
Step 2: In both cases you will be presented with the screen as seen below. Select 'Key Xchanger' from the 'Key file/provider' drop down and click 'OK'
Step 2: You will see a popup with the title 'Key receiver' as seen in the image above. This is Key Xchanger waiting for your device to connect and send it the key via a bluetooth connection.
Step 3: On your phone: Follow the instructions on sending a key back to a computer
[Top]
Step 1: When unlocking a KeePass database that was protected using Key Xchanger, select 'Key Xchanger' from the 'Key file/provider' drop down list and click 'OK'
Step 2: You will once again be presented with a popup with the title 'Key receiver' saying 'Waiting for device to connect...'
Step 3: On your phone: Follow the instructions on sending a key back to a computer
[Top]
Once data has been encrypted using a key it is going to be impossible for you to decrypt the data without it.
For this reason I recommend you backup the key on a CD and keep this CD in a safe (a real physical safe) which is hard to get to. Once you have backed up the key, securely delete it from your computer
First start the Key Helper application by going to
Start → Programs → Key Xchanger → Key Helper
Step 1: Select
Action → Backup key file from device
Step 2: Follow the instructions on sending a key back to a computer
Step 3: You will be prompted to save the key file on your computer
Step 4: Move the key from your computer to a more secure location. Preferably burn it to a CD and keep the CD in a safe along with your other valuables. Once you have moved your key securely delete it from your computer
I cannot stress how important the last step is. If your key is compromised, an attacker will have access to all your data.
[Top]
There may come a time when you no longer need a key or may need to rename an existing key. Carry out the following instructions on your phone to rename a key.
When you start the Key Xchanger application select 'Manage keys' from the options list. You will now be presented with a list of keys you saved.
Select the key you want to manage and select the appropriate action from the options list.
If you are deleting a key you will be prompted to confirm the operation.
WARNING! It is your responsibility to make sure that no data is encrypted using the key you are about to delete. If in doubt back up the key and then delete it from your device.
Once a key is deleted there it will be impossible to recover data encrypted using the key.
If you are renaming a key, you will be presented with a text box to enter a new name for the key.
[Top]
This section is valid only if you selected the 'Secure delete' component during installation. If you did not select this option, you can either run setup again with this option selected or do it manually from the command line.
To securely delete a file just right click on your key file in explorer and click 'Secure delete'.
This is just a wrapper that makes it convenient for you to call SDelete which is actually a command line application. SDelete is an excellent application from Sysinternals to securely delete files from your computer. Because of this, the first time you run 'Secure delete', you will be prompted to accept a license from Sysinternals as seen below.
To keep things safe, you can only securely delete one file at a time.
[Top]
Each key is represented by one or more characters. To specify a single keyboard character, use the character itself. For example, to represent the letter 'a', pass in the string "a" to the method. To represent a string of characters just pass them in order as "hello".
If you want to send modifier keys such as the SHIFT, ALT, CONTROL or WINKEY keys in addition to normal keys, you might want to use any of the characters defined in Table 3. For example, if you want to send "A" you usually press Shift+A on your keyboard, which is equivalent to sending these key strokes: "+a".
(Parenthesis) are used to associate a given modifier or modifiers with a group of characters, for example to send the "HELLO", you would describe as "+(hello)" which informs the Key Xchanger to depress the SHIFT key while sending the keys within (parenthesis).
If you would like to press a key not associated with a character or the ones being used by the modifier keys, then you must use one of the special codes listed in Table 1. In addition to the modifier keys you will need to use special codes for the ( ) { } characters since they all have a special meanings.
{Braces} are used to enclose keys with special meaning or commands. Commands will perform a action that does not involve pressing a key. See Table 2 for a list of commands and actions that they perform.
When an auto type is performed, the keys are sent to the current window in focus. For this reason it is important that the Key Xchanger window is out of focus. Sending key strokes to Key Xchanger will be kind of pointless. Alternately you can use the APPACTIVATE command to focus on a window with a specific title.
Table 1: Special keys and their codes
|
|
|
[Top]