Skip Navigation Links.
 

[This is a BETA! E-mail Axantum for info.]

Xecrets Downloads - Xecrets2Go

Xecrets is primarily an on-line service, but to provide off-line access as a complement, a simple application is provided that you can run in your PC without Internet connection to access your secrets in a read-only fashion.

Xecrets2Go is a stand-alone application that requires no installation. It can download your secrets from the Xecrets web site, and let you access them off-line.

Downloads

Xecrets2Go.exe - The offline application. Requires .NET Framework 2.0. Download and save on your hard-disk, or perhaps a USB memory stick.
Xecrets2Go-Source.zip - The full C# source code for Xecrets2Go. Requires Visual Studio 2005. See below for more info.
AxantumPublisher.bat - A script to enable running Xecrets2Go directly from a download, or from a network share. Download and run. Requires Administrator permissions, sorry. See below for more info.
AxantumPublisher.der - The Axantum Software AB Authenticode Certificate, if you'd like to avoid yet another Internet Explorer warning. Download, Open and Install in Trusted Publishers.

Code Access Security and Certificates

The .NET Framework enforces security in a very tight fashion. If you trust software from Axantum Software AB, you can let the .NET Framework know, by configuring it to recognize the unique digital signature by which all our software is signed and distinguished. No other party can sign software with our signature.

Run the batch file and install the certificate in "Trusted Publishers" to let your PC know that you trust us.

Source Code

The C# source code for Xecrets2Go is provided so that any developer can use it as a starting point to provide value-added software to Xecrets, as well as to provide full disclosure of the encryption employed and thus enable full peer review and searches for vulnerabilities.

It might also serve as a tutorial and reference to using the .NET Framework System.Security.Cryptography.Xml classes.

The encryption and decryption code is exactly identical to what is employed on the server. We are convinced that full and open disclosure is the best way to build trust and ensure the safety of your data on our servers, or your own computer.

Please note that this is primarily a reference implementation, and does not implement any extreme measures to keep decrypted data from being exposed via the page file for example.

If you find any problems, bugs or vulnerabilities in the code, please e-mail us immediately.