Notepad3 Encryption Feature

By | December 17, 2017

With Notepad3 Build 289 we updated the Scintilla component to version 3.6.3. We fixed the missing question marks and Wildcard Search on the Search and Replace dialog. We also added a new encryption feature from RaPeHoff’s build. Enjoy and keep us updated with bugs and suggestions so we can keep on improving Notpad3.

The Notepad3 Encryption feature

Notepad3 can now optionally encrypt the text files it edits. The encryption feature was constructed using a low level implementation of AES encryption and Sha256 hashing. Sha256 hash is used to convert an ascii pass phrase to a 256 bit encryption key. Pseudorandom data is used as an initialization vector for AES-256 encryption. Optionally, an encryption key (NOT the passphrase) is encrypted using a second master key, and included in the file header. This master key can be used as an emergency data recovery key, or as a second key to be used by programs to read encrypted files.

Overall File Format: Consists of a preamble, the encrypted data, and some padding at the end.

Encrypted files start with an 8 byte preamble, the first 4 bytes are a “magic number” to identify the file type (currently 0x04030201) and a 4 byte sub-file type, (currently either 0x00000001 or 0x00000002 if the file has a master key).

The next 16 bytes of the preamble are the initialization vector for the AES engine, to be used with the file key. Each file gets a unique 16 bytes of pseudo random noise.

Next, for master keyed files, is a 16 byte IV for the master key, followed by a 32 byte block containing the file key, encrypted with the master key, using the master key IV and CBC block chaining.

Next, is the actual file data, encrypted using the file key and the IV, and CBC block chaining.

Finally, are 1-16 bytes of padding to round out the last AES block. Note that there are never 0 bytes of padding.

Passphrase Management: 256 bit encryption keys are generated from the ascii passphrase by passing the passphrase through a SHA256 hash. The passphrase itself is never stored anywhere except in the dynamic memory of the encrypting program.

Key management over file generations: If the file is opened using a file passphrase, the passphrase is retained and used as the default for the passphrase dialog. If the file is opened using a master passphrase, the recovered file key is used as the default encryption for new files. This allows an editor who does not know the file passphrase to propogate a file key he could not create. If the file contains a master key, and neither the file or master passphrase is changed, then the retained, master-encrypted file key is copied into the next file generation (It is still valid). This allows an editor who knows only the file passphrase to propogate a master key he could not create.


Notepad3 Build 289

Download the new Notepad3 from here.

Sharing is Caring!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

3 thoughts on “Notepad3 Encryption Feature

  1. Khan

    Useful software application, maybe Microsoft will offer you the money to include it in their Windows operating system, as the default notepad that comes with windows is almost worthless compared to your version. They should be hiring you and promoting your work. At least your good enough to share your work for free, letting more people use the benefit and value. This will help establish your name, brand and company. Keep up the good work.

    A thought, take a look at the source code from and ask yourself how useful it is to include the ability to create hash checksum values for files, even txt files, so later you can prove they are the same, original and genuine. What is missing here is SHA3 as the older SHA1 and MD5 are now obsolete.

    It would be an advantage to include an alternate cipher other than AES, like Ring-LWE – (Ring-Learning with Errors), because it doesn’t have the defect of AES, the popular public-key cryptographic system that relies on the integer factorization problem or discrete logarithm problem, both of which would be easily solvable on large enough quantum computers using Shor’s algorithm.

    Because of this shortcoming, many cryptographers are researching new algorithms in case quantum computing becomes a threat in the future. Example: D-wave has been selling quantum computers.