Software Engineers with knowledge of Java and encryption technologies can write their own custom encryption plugins which work with Copernicus and can be distributed as third-party products designed to work along side Copernicus.
Copernicus supports third party cryptograhy plugins. The one that is shipped with Copernicus is a weak encryption designed mainly to obscure the text fending off casual users rather than hard core hackers. However it is quite easy to create your own plugin without modifying the Copernicus source (meaning other users can use it too).
Encrypted user files in Copernicus have the following format:
Copernicus Encrypted User File #title com.tanksoftware.juk.DefaultEncryption #plugin 1.23 #version ab93b2fg9370a2b28c9f9d9b9g98a #password double md5 hash [reserved] #reserved for future use [reserved] #reserved for future use -----BEGIN ENCRYPTED----- #Encrypted Contents #Encrypted Contents #Encrypted Contents #Encrypted Contents #Encrypted Contents #Encrypted Contents
Full example:
<dpass username="New User 1 (copy)" encrypted="true" > <site > <name>Example1</name> <login userid="My Primary Account" username="user1" pass="xyz" > <comment>Main Account</comment> </login> <login userid="My Secondary Account" username="user2" pass="xyz" > <comment>Secondary Account</comment> </login> </site> <site > <name>Example2</name> <login userid="My Primary Account" username="user1" pass="xyz" > <comment>Main Account</comment> </login> <login userid="My Secondary Account" username="user2" pass="xyz" > <comment>Secondary Account</comment> </login> </site> </dpass>
becomes (when encrypted with the NOCPLugin and the password ``asdf'')
Copernicus Encrypted User File
com.tanksoftware.juk.NOCPlugin
1.0
0e3d127a92a3b4069b1d0d9b101c9bd0
[reserved]
[reserved]
-----BEGIN ENCRYPTED-----
~o<qi4Y0Y&p4y&u=Hu4UBJ&'<q;'yD.<^<V,vU7"hj[Z)UC5PJ^C@~
4+_(=cg
WB<FfhG;w"d!{vYANny/a
V*x\Z^(o57V\[2Ke_rY,.1YEj.yAn;T5J1V49^2PX_SLoRkH_QZm ?ejQAx~wh$z
!l:QFpZ!@6b5c]Ao_*sYtCFy9ZY8{b]
,hcVh:\L
}voVu/(#1grB[0<yHH@_ntX8g?Bja$hw@h@&.yk>>w;-FLr!2@jgCXBu"p#P\GVvv-
B6X}\ta7-M^5ofjY]-S9DlE35;O~W5U4ncL9
tsyPvCGU
P13ix!R
]d=dE=Q
QWQS$b@|aiVT{bSQsKTX-
m|-OU_l8Y]T,t<F\LsLiBT+mvC'Z,JVUQjg%sGv@To1{b>fu?#1R.|s@"5^ik:!a
N[%V>dGOLEFB+%sP]Dp~ YrHNMtd_gc
LoQ+YKlL
M&3w.B|ru*T?l_|(J!Jqh&}^>0#n\k*:U<:]huT\/$k2c@f=mO,;g9uO]r{.9"] lJ
WJ=a(X|_?]NW)=^zng"#V-PA(|7B\xN1u[Ny
V!$)_s[I
R<aK@BD
@U:i>tNj
When Copernicus reads a user file, any file beginning with ``Copernicus Encrypted User File'' will always be passed though the decryption mechanism before parsing with the XML parser.
All of the data above the BEGIN ENCRYPTED text is read by Copernicus. It tells it what plugin was used, version and the password double hash of the user.
The plugin then returns the decrypted data for parsing.
Once the user enters the right password, the password and the text is passed into the plugin. The actual encryption can happen in any way. The password can be used as a key for example or maybe to unlock a private certificate.