Profile file encryption

How does the profile encryption work?

Profile files are encrypted on disk using AES with a key size of 256 bits and a block size of 128 bits in CBC mode. The encryption key is derived from a master password using Rfc2898DeriveBytes (PBKDF2) with 1,000,000 iterations. At runtime, passwords are stored as SecureString once the profile file is loaded. For some functions, the password must be converted to a normal string and may remains unencrypted in memory until the garbage collector cleans them up. If you found a security issue, you can report it here!

How to enable profile file encryption?

Follow these steps to enable profile file encryption:

1. Open the settings and go to the profile section.
2. Right click on the profile file you want to encrypt.
3. Select Encryption... > Enable encryption... and set your master password.

How to change the master password of an encrypted profile file?

Follow these steps to change the master password of an encrypted profile file:

1. Open the settings and go to the profile section.
2. Right click on an encrypted profile file.
3. Select Encryption... > Change Master Password... and enter the current master password and a new master password.

How to disable profile file encryption?

Follow these steps to disable profile file encryption:

1. Open the settings and go to the profile section.
2. Right click on an encrypted profile file.
3. Select Encryption... > Disable encryption... and enter your master password.