Starting CryptoSidekick

When first started CryptoSidekick creates a new keychain with a single private key, corresponding to the current user.

You can use File menu commands to open and save the keychains.

On the subsequent starts CryptoSidekick opens the keychain that was last saved.

When minimized, CryptoSidekick sets an icon on the Windows Taskbar tray. Clicking on the icon brings the program back to the top.

Private/Public Key management

The left pane contains a list of the private and public keys currently loaded in the CryptoSidekick. The program uses 2048-bit strong RSA encryption. The private keys have green key mark next to them, the public keys are blue. Expired keys are marked with a red key sign.

You can use either the top buttons

or Keys menu items to manage the keys

You can create new private/public key pairs, delete private and public keys from the keychain, import and export public keys. Private keys are never exported, stored, or exposed in any way in the program. Allowing export of private keys would be a security hole. So when you need to move to a new computer or a new account, generate the new private/public key pairs and revoke the old ones.

You can e-mail one of your public keys to another CryptoSidekick user. Before you can do that you must have already established trusted relationships with the recipient and have a public key of the recipient in your keychain. Also you should sign your key with signature that your recipient trusts. That means that the initial exchange of the public keys cannot be done by CryptoSidekick e-mail. You must use some other trusted way of initial key exchange: personal meeting, registered mail, etc. You can also use a mediator, who already established trusted contact with both parties, and therefore can receive your keys, and forward them to the recipient, signing them with his trusted signature.

The right pane contains information about the currently selected key. By pressing Edit button, you can edit allowed fields.

You can assign any unique name to the key by entering it in the Key Name field.

User Name field must be unique only for private keys, it is used for actual key generation. Imported public keys do not have to have unique User Name fields. Many public keys may have the same user name as long as the key names are different. When you import a new public key to your keychain, the program will check the uniqueness of the key name and will assign another name in case of collision. You can use Edit button to change that name.

User Email field is optional. You can omit it if you want to use this key for signature only. Specify a valid e-mail address if you intend to use this key for encrypted information exchange.

Key Expiration Policy field has two alternatives: it can be either the expiration date of the key, or Never Expires. It's recommended you assign a reasonable expiration date to all created keys. You can always change that date later and resend the keys to the other parties. It's more difficult to revoke a perpetual key.

When generating new keys you can add any useful information in the Miscellaneous Information field. For example, you can include your web and mailing address, telephone numbers, and other information useful for the recipients of the key. All this information will be signed by your private key during key generation. When importing a public key, the signature is verified and invalid keys are rejected. You should not import public keys from the people you don't know. Accepting a public key means trusting that key for signature verification and encryption purposes.

The two bottom fields contain Public Signature Key and Public Exchange Key in hex format. Those are public parts of your private keys that are used by others to verify your signature or to encrypt messages intended for you as the owner of the private key. These two fields cannot be edited. You can copy and paste them to other encryption programs.


Encryption tab contains facilities for encryption and decryption. You can use a password for symmetric encryption/decryption or choose a public key and private keys on the Key pane for encryption and decryption correspondingly.

You can also use the Encryption menu commands:

The Text tab provides two windows: one contains a plain text, the other contains an encrypted text in Base64 presentation. You can type or paste a text in the top window and press down arrow to produce encrypted text. You can copy and paste it to your email program, for example. When you received encrypted text, paste it to the Encrypted Text window, choose the encryption type and press the up key. Decrypted text will appear in the Plain Text window.

In order to encrypt files select Encrypt Files tab. By pressing Add Files button, add the files you want to encrypt to the file list on the right. Choose the encryption method, select what you want to do with the original files, select the output options, and press Encrypt button. Your files will be encrypted. You can decide if you want to create multiple files by adding the .enc extensions to the original files, or you can create a single encrypted archive by entering its name and checking the corresponding option.
Decrypt Files tab contains facilities for decrypting files. Add encrypted files using Add Files button and push the Decrypt button. Both the individual files and archives are decrypted the same way. Archives will be expanded to produce the original files.

If the files were encrypted with one of your public keys, the corresponding private key will be selected from the keychain to decrypt them.

Digital Signatures

Sign/Verify tab provides facilities for digitally signing text or files and verifying the signatures. You can also use the Digital Signature menu commands:

To sign or verify a plain text select Text tab, type or paste the text and press Sign or Verify buttons to sign or verify the text. By checking Ignore spaces and line ends the space characters, as well as carriage return and line feed characters in the text will be ignored during signing. It can be useful if you decide to send the plain text via email, which can change the formatting of the text in the process.

In order to sign the text you need to select one of the private keys from your keychain. The public key for verification is extracted from the signature record. If the public key is not in your keychain a warning message will be displayed.

There can be multiple signatures applied to the text. Each consecutive signature signs everything preceding it, including other signatures. Verification always looks at the latest signature record. Thus, by removing the last signature record you can verify the previous signed message, and so on, until you reach the first signed text.

WARNING: verification is only applied to the text preceding the Signature tag. Anything added to the end of the message is not verified.

To sign or verify files, select Files tab. Press Add Files button to add files to the file list.
Select a private key from the keychain to sign the file.

If you select embedded signature, it will be added to the file. Most programs will not have any problems opening such modified file. Alternatively, you can select detached signature. In this case the original file will not be modified and a new file with .sig extension containing the signature will be created.

To verify the signatures, add the original files to the file list.

Verification searches for embedded signature first, and if not found searches for detached signature (in .sig file). A window containing verification results will be opened after verification is completed.

Signature files must be in the same directory as the original files.

Secure Email

CryptoSidekick implements POP3 and SMTP clients for secure e-mail exchange. Select Secure Email tab to open e-mail windows.

You can also use the Secure Email menu commands:

Before you can send or receive e-mail messages, you need to setup one or more e-mail accounts. Click Settings button, then click New Account button. Give your account a name. In General tab select Mail folder where CryptoSidekick will keep its mailboxes, account settings and other related information. (When you change Mail folder CryptoSidekick uses files found in that folder to setup e-mail accounts if available.)

Setting up Outgoing Server .

Enter information for your SMTP server that you received from your e-mail provider.

Setting up Incoming Server .

Enter information for your POP3 server that you received from your e-mail provider.

You can choose whether to delete all non-CryptoSidekick messages from the server or leave them, and whether to leave copies of downloaded encrypted messages on the server.

CryptoSidekick also checks e-mail signatures. You can select whether you want to allow messages without valid signature to be downloaded from the server (they will be marked with a warning sign in inbox list.) This allows people who have your public keys but who are not in your trusted list (no public key in your keychain) to send messages to you. You can also select Delete from Server or Leave on server . In that case messages that do not have a trusted signature will not reach your mailbox.

Message Folders

When you select a message folder, its content is displayed in the right pane and individual messages can be selected. You can view the message content in the middle pane. If the message contains an attachment or public keys, the Extract or Accept Keys buttons will be enabled. Saved messages can also be edited.

The bottom pane shows information about the message or, during download, information from POP3 server.

If you double click on the message, a new window with the message content will be opened.

Create New Mail

Clicking on New Mail button opens a new text editor window which allows composing and sending encrypted e-mail messages.

Select the mail account which will be used to send the message. All accounts that have SMTP server information are listed here.

Select the Recipient Public Key from the selection box. All valid public keys from your keychain are listed here. If the key contains e-mail address, it will be entered in To Address field. You can edit the e-mail address, but in any case, only the key owner will be able to read your e-mail.

Choose Sender Signature Key to sign your e-mail. Your signature must be known to the recipient. Unsigned messages cannot be sent.

Enter message subject in the Subject field if you want. The message subject is either encrypted or transmitted as unencrypted plain text depending on whether the encrypt box is checked.

If you want to attach files to the message, click on Attach button. Files will be encrypted by the chosen public key of the recipient into a single encrypted archive.

Enter your message in the message pane. The message will be encrypted by the chosen public key and converted to base-64 text.

Note: some spam filters reject all base-64 e-mails, some use the message text to learn to distinguish spam. Since those filters cannot learn anything from encrypted messages, they may reject them altogether. In order to avoid problems when receiving encrypted messages, turn off the spam filtering completely. There is no need in spam filters. Spam messages cannot reach your CryptoSidekick mail box, unless the spammer has your public keys and you accepted spammer's signature keys. Even if that happens, it will be prohibitively expensive for a spammer to support such activities.

Secure Notebook

CryptoSidekick comes with a password protected Notebook. Notebook file is encrypted with strong 256-bit AES encryption.

Select Secure Notebook tab to open the notebook.

You can also use the Secure Notebook menu commands:

You can create multiple categories in the notebook, add and format text and save it in an encrypted file.

To get started, click on New notebook button, then click on Create New Category button and give it a unique name. Now you can enter or paste text to the editor window.

To change the order in which the categories are listed, grab and move the category tab using the left mouse button.

When you click the Save (or Save As) button or use a corresponding menu command, you will see a dialog asking for the password to use for encryption. When you try opening the saved notebook file, another dialog box will ask for the password to decrypt the file.

Attention: there is no way to recover the lost password.

File Shredder

File Shredder allows securely deleting files by writing over the data with certain byte patterns, so that they cannot be later restored. One shredding cycle includes three write passes. Using Shred Cycles slider you can set from one to five shredding cycles.

Click Add Files or Add Folders button to open file dialog that alows you to select files you want to shred. Add Folders command allows adding folders recursively.

Click Shred them Now button to start the shredding process. Shredding is performed in a separate thread, so while it is performed you can continue working in other tasks in CryptoSidekick.

Secure Vault

Secure Vault allows converting computer folders of any size to AES-256 encrypted archives and vice versa with a click of a button. Unlike other techniques like folder hiding or access rights management, strong encryption guarantees highest level of protection for your data. When a folder is locked it is securely encrypted into a single archive, when it is unlocked, the archive is extracted restoring the original file and folder structure.

To create a new Vault, click on New button and enter password. This password will be used to encrypt the Vault file as well as the folders in the Vault. Click on Add button and select Folders that will be protected. Secure Vault list will show a new line with information about this Folder. By double clicking on the cells under Archive Location and Mounting Point columns you can change those values. You can make Archive Location and Mounting Point to point to any writable directories. Click on Save button and enter a file name for newly created Vault . When you open saved vault files, the program will ask for a password. Remember the password, as there is no way to recover it.

To lock the Folders in the Vault click on the corresponding cell in the first Lock column. Folder will be encrypted to an archive in Archive Location . The log file of this process can be accessed by double clicking on the corresponding cell in Log column.

Similarly, clicking on the Lock column of the locked cell will unlock the folder. The unlocked folder will be created in Mounting Point location.

To bring up pop-up window with allowed comands on the selected folder, click right mouse button at any place in the Vault list.

Use Lock All and Unlock All buttons to lock/unlock all unlocked/locked folders in the Vault.

Use Settings button to select the disposition of the original data. It's recommended you select Shred folder to avoid leaking unencrypted information. For additional security, you may also select Shred archive .

When the folder is unlocked, it's fully accessible, and can be used as a regular folder.

Caveat: Unlocked folder can leak unecrypted information if the files are moved, or copied outside, or unsecurely deleted.