Secret! 4.0


Installation And Upgrade

Secret! runs on all Palm Powered(R) handhelds with at least Palm OS 2
and of course on all current devices with Palm OS 5. Simply unpack the
secretpalm.zip archive, and install the enclosed Secret!.prc file with
a double-click.

The first time you start Secret! you will have to define the new
master password. As a precaution against typos, you must enter the new
password twice.

If you have already stored data in Secret! and you are reinstalling
after a hard reset, cancel this dialog and install the file
secret2.pdb.

Note: You should install Secret! in main memory, not on an expansion
card. Applications on expansion cards are not synchronized during
HotSync and are not backed up.

If you upgrade from a previous Secret! version, don't remove Secret!
before you install the new version. This way your data will be
preserved. If you've put Secret! into ROM before, make sure you move
it back to RAM before installing the new version.

Left-handed users can use Secret! with either LeftHack or Lefty (but
not both at the same time).

 Password

Everything you store in Secret! is encrypted with a password of your
choice. This password is used to encrypt and decrypt your data and
only someone knowing this password can access your data. No back
doors, no hidden weakness! If you forget your password, you will have
to remove and reinstall Secret! as there's absolutely no way to get to
your data without knowing the password.

The password can be up to 24 characters long and may consist of
letters, digits, and special characters. The password is not
case-sensitive to avoid problems with accidental caps lock.

Whenever you start Secret! you are presented with an on-screen
keyboard to enter your password. You can choose between a standard
alphanumeric keyboard and a numeric keyboard (with extra large keys)
if your password only consists of digits. The default keyboard can be
set in the Preferences dialog. You can also enter the password with
the keyboard or Graffiti (if applicable). Use the menu to toggle
between showing the password in plain text or masking it with
asterisks (*).

You can encrypt different records with different passwords. This could
be useful if you want to protect some especially important records
with an extra-long and complicated password, or if you want to share
some information with others using a general password.

Records that cannot be decrypted with the current password(s) will be
marked with a hash sign (#) in the list. When you select such a
record, Secret! will ask you for the password for that record. All
passwords that you enter while you use Secret! are saved internally,
so you do not need to enter them twice.

To change the password for one record, all records in a given
category, or all records, select Options - Change Password. To protect
against typos, you have to enter the new password twice.

Note that changing the password for multiple records will only work
for those records that can currently be decrypted (i.e. are not marked
with a hash sign). The same applies to exporting of records.

If you use Secret! Desktop, please perform a HotSync before and after
changing the password. The double HotSync will ensure that all data is
encrypted with the same password both on the desktop and on your Palm.
If you forgot to hotsync before changing the password and have
modified desktop data, you may end up with a mix of old and new
encrypted data.

 Data

The Secret! data screen has the well-known Memo category/record style.
You can create up to 15 categories and store an arbitrary number of
records in each. One record can store up to 32,000 characters.

You can sort the list view alphabetically or manually by dragging
lines with the pen. In Secret! Desktop, records will always be listed
alphabetically.

You can store anything you like in Secret!, e.g. credit card
information, accounts, on-line passwords, transaction numbers,
one-time passwords and everything else that needs to be kept Secret!
We've even heard of people storing their diary or birthday present
lists in Secret!

To avoid accidental changes to very important data you can mark
records as read-only in the Details dialog. Read-only mode is
indicated by removal of the dotted lines.

Tap on the Font button to select from various fonts. The Fix font is a
special font with clearly separated characters for 0 and O and l and
1.

You can search in Secret! by tapping on the Palm Find button. Of
course, searching Secret! data only works inside Secret! and only with
records that can currently be decrypted. Search is not case-sensitive
and will find arbitrary sub-strings. Wildcards (*,?) are not
supported.

 Collapse Mode

To let you quickly navigate in long records on the small handheld
screen, Secret! features a special paragraph collapse mode. If you tap
on Details... and select Collapse Paragraphs, all paragraphs (text
blocks separated by an empty line) are collapsed to their first line.
Tap on the plus (+) sign to the left of a paragraph to expand it into
full view. The collapse mode is not available in Secret! Desktop
(because the PC screen is usually large enough to see the whole text).

Note: You cannot change data in collapse mode. However, you can select
and copy text to the clipboard.

TAN/OTP Mode

Do you use transaction numbers (TANs) for online banking or other
one-time passwords (OTP) for secure authorization? Secret! has a
special built-in TAN mode that makes using TAN lists easier than ever.

Enter your list of TANs line-by-line into a standard record, then tap
on Details and switch to TAN mode. Now you can use the TANs
one-at-a-time. If a TAN is used, tap on the Delete button and the
first entry will be removed from the list. You can undo the last
removed entry. To prevent accidental changes, new TANs can only be
entered in standard mode.

Used TANs are internally marked with an asterisk (*). You can always
see the complete list of TANs by unselecting the TAN/OTP mode.

You can enter additional information below the TAN list, e.g. your
account data. In normal mode, this text is separated from the TAN list
by a single empty line.

If your bank uses the new iTAN scheme which requests TANs in arbitrary
order, check the respective option in the Secret! Preferences and
select the TAN to be removed from the list.

Preferences

To configure various settings of Secret! tap on menu Options -
Preferences.

You can have Secret! automatically close the text screen and encrypt
all data after a certain time of inactivity. This works in addition to
the built-in auto-close at power-off. Data is always encrypted when
the handheld powers off, when you switch it off manually, or when you
change to another application.

To increase security against someone trying various passwords, you can
configure Secret! to erase all data after a certain number of wrong
password attempts. If the data is deleted, it can only be restored by
synchronizing with the desktop.

If your password consists only of digits you can choose to start
Secret! always with the Digits screen. Note that this makes it easier
for someone trying to break your password because they can assume that
you use only digits.

Secret! can open your text screen automatically when you have
completed your password, thus saving you the extra tap on OK. Note
that this makes it slightly easier to guess your password because one
does not need to know the length of the password.

Secret! remembers the last open record and lets you continue where you
last worked. If you often open different records, you can configure
that Secret! always starts with the list view.

To increase security, you can configure Secret! to clear the clipboard
after pasting text so the copied text is not accidentally left in the
clipboard. Note that this may not work if you have third-party
clipboard hacks installed.

To make the Secret! application inconspicuous, you can change the icon
and title of Secret! that is displayed in the launcher. The icon title
must not be empty. This will only affect the display in the Launcher
and in the Info and Delete dialogs. It does not change the database
name. Title and icon are changed by patching the program. If you have
Secret! stored in FlashROM, this feature will not be available. With
some third-party launchers you may need to perform a Soft Reset (enter
pin into reset hole at back of unit) so that the launcher gets
notified about the new icon/title.

Backup

Data stored in Secret! is usually very important to you. Make sure you
have a current backup available in case your handheld is lost or
breaks down. The backup is always encrypted, so there is no danger if
someone gets access to the file.

If you use Secret! Desktop, the provided conduit will store a
synchronized copy on your desktop in the directory \palm\\secret
(where is derived from your Palm user name).

If you do not use Secret! Desktop, the standard system conduit will
back up all the Secret! data as all other third-party data to
\palm\\backup\secret2.pdb. Please make sure to have HotSync configured
to System: Handheld overwrites Desktop (which is the default) to
activate this standard backup functionality.

If you had to hard reset your device or otherwise lost your Secret!
data simply install the file secret2.pdb together with Secret! to
restore the last backup.

It's a good idea to once in a while make additional backup copies of
the secret directory or the file secret2.pdb, respectively.

Expansion Cards

Secret! supports moving the Secret! database to an expansion card
(SD/MMC, CF or MemoryStick). The main application of this feature is
not saving memory, but rather added security: If you have your data on
the card and remove the card, the data is no longer in your handheld
and can't be accessed even if someone knows your password.

To move data from/to an expansion card, insert a card and select menu
Options - Expansion Card. You should not remove the card before you
leave the Secret! application.

Note: Because of Palm OS limitations, data on an expansion card is not
synchronized or backed up during HotSync.

 License

Secret! is shareware.You can try it out prior to your purchase, but
you must register (license) it if you decide to keep it.

Please contact us for volume discounts and site licenses.

Frequently Asked Questions

 I use Secret! Desktop. Suddenly, my data is no longer synchronized.

You may have moved the Secret! application or the Secret! data to an
expansion card. For technical reasons, applications on expansion cards
do not take part in the HotSync process. We suggest having Secret! in
the handheld's main memory, or put it in Flash ROM with a tool like
JackFlash or FlashPro.

The Secret! conduit may have been removed by another installation,
e.g. of a new Palm Desktop version. Please make sure that Secret!
appears in the list of HotSync manager conduits (right-click on the
HotSync icon, then select Custom...). If not, re-run the Secret!
Desktop setup, so that the necessary HotSync manager entries will be
created.

If you've moved the Secret! data to an expansion card, the HotSync
won't work (and you'll end up with your old data), because HotSync
accesses only data in RAM. If you use Secret! Desktop, you should not
use the expansion card feature of Secret!.

If the above does not help, have a look at the HotSync manager log and
see if there are any error messages. I had to reinstall Secret! after
a Hard Reset or an Upgrade. How do I get my data back on the handheld?

The easiest way to reinstall Secret! after upgrading to a new handheld
is to choose the same user name as before. At the first HotSync of the
new device, you'll be asked for the user name. Selecting the existing
user will automatically reinstall everything, including your Secret!
data and your registration.

Below are two ways to restore your Secret! data:

If you use Secret! Desktop, select "Desktop overwrites Handheld" once
in HotSync manager. Note that you must have Secret! installed (or
install at the same HotSync) otherwise the Secret! Desktop conduit
will not run.

If you do not use Secret! Desktop, the standard system conduit will
automatically back up your (encrypted) data in a file secret2.pdb in
the directory ...\palm\\backup. You'll have to leave the HotSync
System: Handheld overwrites Desktop setting at the default value for
this to work. Install this file with the standard installation program
and your data will be back on your handheld. Tip: It's a good idea to
make backups of this file once in a while.

To get your Secret! data onto a new PC, simply install Secret! Desktop
on the new machine, and perform a HotSync. This will copy all Secret!
data from your handheld to your desktop. I tried changing the Secret!
icon name and title in preferences, but the old icon is still
displayed in the launcher.

Many third-party launchers cache information about icons and program
titles. To have the launcher rebuild its information, perform a Soft
Rest (enter a pin into the reset hole on the back side). A soft reset
does not delete any data.

How come the Close button brings me back to the Enter Password screen
and not to the launcher?

It is standard Palm application behaviour that programs do not quit by
themself but are rather exited when the user switches to another
program. This is useful because PalmOS is a single-tasking operating
system, that is, at any time there's exactly one active application.
The same happens with Secret!, when you tap the application launcher
icon or one of the four plastic buttons to switch to another program,
Secret! will encrypt it's data and exit. The Close button on the data
screen is not really necessary and just for convenient fast
encryption. The only screen it can switch you to is the keyboard
screen.

Why are the record titles and category names not encrypted?

The record and category titles are stored unencrypted because we need
some reference to a record when something goes wrong during
synchronization (e.g. duplicated category). If you are concerned about
the names providing sensitive information, you should just use
unsuspicious names. Then again, everything stored in Secret! is
probably very sensitive, so a codebreaker might not gain that much
info from the record names and categories alone. I use an Apple
Macintosh. Do you plan to develop a Secret! Desktop for the Mac?

A third-party developer is currently working on MacSecret, a Secret!
Desktop for Mac with full synchronization. You can dowload a beta
here. There's also an older program called Secret Viewer for Mac by
Martin Demers.

 Version History

4.0

- Allow different passwords for records, e.g. a short one for general
  stuff, and a long and difficult one for extra secrecy
-  Better support for 5-way-navigator of Treo handhelds

3.6

- Support numeric password input on Treo handhelds without pressing
  option key

3.5

-  Fix for navigating in list by entering first letter
- Fix to allow select/copy text from readonly records on Palm OS 5.4
- Go To TAN field in TAN mode if TANs can be removed in arbitrary
  order (iTAN mode for online banking)

3.4

-  Option to allow removal of TANs in arbitrary order (iTAN)
- TANs are now always marked with a * internally and not really
  deleted
- Important bug fix for auto-close handling when reminders pop up
  which may have led to power drains in special cases

3.3

-  Improved navigation support for Treo 650 and Tungsten T5
-  Remember last search string (for easier search again)
-  Enhanced password generator
- Optionally mark used TANs with asterisk (*) only rather than
  deleting them

3.2

-  Support for navigation with Treo 600 5-way-navigator
-  Support for Dana Alphasmart wide-screen
-  Support for Sony Cli landscape and portrait extended screen
- Partially entered password is now erased on time-out (e.g. if you
  forgot to open Secret! after you've entered your password)
- Edit button on paragraph folded view for quickly getting back to
  normal mode
-  Redesigned OTP/TAN list screen
-  Duplicate records
-  Export all records in category
-  Make auto-close compatible with OS 6 (Cobalt)
- Increased record size limit from 6,000 to 32,000 characters per
  record. Note: you must use the corresponding Secret! Desktop 3.2 or
  later on all PCs with which you synchronize

3.1

- Support for virtual silk-screen of Tungsten T3
- Support for Tungsten five-way navigator
-  Find now also searches record titles
- Enter letter in list view jumps to first record starting with that
  letter
- Improved password generator with WEP key support
- Support for additional small font on high-res handhelds (Sony and
  Palm)
- Collapse paragraph mode (paragraphs are separated by a blank line)
- Bug-fix with auto-close

3.0

- Multiple records per category like memopad
- Records can be ordered manually or alphabetically
-  Import/export from/to Memopad
- Menu option to show/mask password
- Palm OS 5 support
- Support for virtual silk-screen of Sony NR70

2.7

- Additional fix font with clearly separated characters
- Expansion card support
- Support for extended screen of Handera-330
- Option to erase all data after several wrong password attempts
-  Info area in TAN/OTP mode (contains all text after blank line)

Older Versions

- 2.6 - option to always start with first category, improved
  auto-close, even if on-screen keyboard or system dialogs are shown,
  improved password entry screen, longer password of up to 24 char,
  thus reaching the whole 128 bit key space, improved TAN mode with
  Undo functionality, various smaller bug fixes
- 2.5 - scrollbar for text field instead of arrows, option to change
  icon and title in launcher, option to open when password complete
  (saves one tap on the OK button), improved close on power off (will
  now close the text screen in most situations), button to delete last
  character on password screen, bug fixes
- 2.4 - bug fixes, option to sort categories alphabetically (like
  Secret! Desktop), menu item to generate a random password
- 2.3 - search functionality, support for Secret! Desktop, one more
  display font
- 2.2 - bug fixes, read-only mode per category, support for
  PadlockHack, large bold Font on Palm III
- 2.1 - first public shareware version

Thanks to Daniel Bergman for the Swedish translation, Alex Appiani for
the Italian translation, Diego Astuy Gonzlez for the Spanish
translation, Rul Fernandes for the Portuguese translation, Mirek
Buczma for the Polish translation.

Copyright (c) 1998-2007 LinkeSOFT GmbH, Berlin, Germany

License
-------

This license agreement settles the relation between LinkeSOFT GmbH and the 
user concerning the use of the enclosed software product ("program") of
LinkeSOFT in its shareware version and its registered version.

 1
The user obtains through this license by LinkeSOFT the non-exclusive 
right to install and use this program on his PalmPilot.
The program remains the sole property of LinkeSOFT.
The user further obtains the right to make a back-up copy by means of 
the HotSync feature.

 2
The user may distribute the shareware version of this program or copies 
thereof. The shareware version may be published on the Inter- or 
Intranet or on software collections (on CDs etc.).
Each distribution must contain these provisions and the above copyright
notice. Except for publishing on software collections the distribution 
of this program has to be free of charge.
The program name or the name of LinkeSOFT shall not be used for
promotional purposes without prior written consent of LinkeSOFT.
The program may not be modified or tampered with in any way.

 3 THIS SOFTWARE IS PROVIDED BY LINKESOFT GMBH ''AS IS'' AND ANY 
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL LinkeSOFT BE LIABLE FOR ANY 
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
POSSIBILITY OF SUCH DAMAGE.

 4 For regular use the program has to be registered according to the 
general rules about shareware. Registration is made by payment of the 
registration fee according to the program and web site instructions. 
After registration the user receives a key that entitles him or her to 
unrestricted use of the program according to this license. Registration 
further entitles the user to get support by LinkeSOFT via email.

 5
The user shall in no way make copies of the registered version of this
program, except such as coming under  1. The user shall in no way 
resell or lend the registered program or copies thereof to third persons.
The registered program may not be made available to third persons.

 6
In the event that any provision of this Agreement should be or become 
invalid or if there is a gap in the Agreement, the validity of the other 
provisions shall not be affected. In lieu of the invalid provision or in 
order to complete the Agreement, a reasonable provision shall be 
effective approaching to what parties would have agreed upon if they had 
considered that issue.

 7 This Agreement shall be governed and construed in accordance with 
German law as it applies to German citizens and corporations and the 
parties hereby agree to submit to the exclusive jurisdiction of the 
courts of Germany. The place of proceeding will be Berlin.

 8
This software program is protected by international copyright law.

Palm, the Palm logo and Graffiti are registered trademarks,
and HotSync, PalmPilot, Palm OS and the PalmPilot logo are trademarks of
Palm, Inc.
