Encrypting an AssetJournal project

One of the feature requests we’ve had for AssetJournal is to be able to encrypt projects. The trouble with encryption is it’s a rapidly evolving and quite sensitive space. It also places restrictions on your software, because there are all sorts of problems exporting encryption, or even a program that contains a tiny slice of encryption. The code for the main MindShare server was encrypted and when it was run, an executable would decrypt the code and pass it to the JVM. This meant that all kinds of hoops had to be jumped through when selling this program to other countries – and it was being run in countries around the world. All this despite encryption products being widely available on the internet for years.

We could implement a number of algorithms into the code, but there are all kinds of inherent weaknesses with the approach, from finding holes in the algorithm to reverse engineering the Java code.

The safest and most secure option would be to rely completely on a third party for encryption. The simplest method would be to create an encrypted drive partition from a file. There are a number of programs that can do this such as BitLocker or the open source VeraCrypt. Plenty more options can be found here. If you think how much space you think you’d need for encrypted projects, then double it and create a partition that size. Then mount this to a drive letter. It’s important to use the same drive letter, so use something like Y: or Z: that won’t be used by anything else. Open AssetJournal and create a new Projects directory on the encrypted partition. Create a new project in this directory and work away. Once you close AssetJournal and unmount the partition, the project will be completely encrypted. If you wanted encrypted cloud storage, you could create your encrypted volume within a dropbox or tresorit folder.

We personally favour VeraCrypt. The fact that it is open source means that everyone can get in there and look for flaws and it means a secret backdoor is less likely to be hidden in the system. VeraCrypt has been externally audited to ensure it’s integrity. It’s also cross platform which is a big bonus.

A guide to creating encrypted partitions with VeraCrypt. And a guide to do the same thing with BitLocker.

Leave a comment