Inkjar, version 1.1

Download latest version

Copyright 2006 Tim Koop (

Licensed under the GPL (

See the project page at SourceForge:

Inkjar encrypts data using 256 bit AES (Rijndael)
The cryptography code is provided by Bouncy Castle.


Can I see a screenshot?
Scroll down.

What is Inkjar good for?
I can think of two things: Sending someone an encrypted message in a secure way, and saving your passwords encrypted without needing to install software. For instance, you could store passwords in an Inkjar and keep it on a USB key or some other removable storage. You could run it from anyone else's computer (that has Java) without having to install custom software.

How is the password protected?
The message data and password are encrypted, with the password as the key. You can't get the message without the password. (By "can't" I mean "it's not technically feasible". See the question about getting your password back to find out how possible it is.)

Isn't it insecure to store the password?
Since the password and data are both encrypted, the password is just as secure as the data.

Why is the password stored?
The only reason is so that Inkjar knows if you typed it in correctly. It tries to decrypt the password back into itself. If successful, it decrypts the data with the same key and displays whatever comes out. It would be possible to not store the password, but instead encrypt some known text to check for a valid password on. However, I think this would make it a teensy weensy bit less secure, because then you would have known plaintext you could look for when performing an exhaustive key search. Perhaps we could make it a teensy weensy bit less secure just so that we could say "the password is never stored in any way." What is more important, engineering or marketing?

What encryption algorithm is used?
The Advanced Encryption Standard (AES) Rijndael algorithm. (256 bit key, 128 bit block) This is probably the most or one of the most popular and trusted cryptographic algorithms in the world. The code is provided by Bouncy Castle (

Why is there no "Open" button?
Good question. The answer is because the data and application are stored in the same file. You can't give someone the data without the application, so there is no need to open anything. Just run the jar file

Somebody gave me an Inkjar. What do I do with it?
Double click it. If it asks for a password, type it in. If your computer asks what it should do with the file, then Java is probably not installed, in which case visit If you're running Linux and your distro doesn't launch Java by double clicking on a jar file, type in: java -jar the_jar_file.jar. If that doesn't work, try: java -cp the_jar_file.jar net.sf.inkjar.EditorFrame

Where did the name come from?
I wanted a name that could be used as a noun. It came from "Enc-Jar", as in "Encrypted-Jar", but Inkjar can better be associated with a picture. Pictures are important.

Are there any security concerns?
If someone gave you a jar file and you don't want to run it, for fear it might be something else, the only current way around that is this: Unzip the jar file you received (you may need to change the file name extension to .zip), take out the theData and thePassword files, and put them into an Inkjar that is known, then run it. This issue may be addressed in a later version of Inkjar, if one ever comes out--probably by adding an "open" button, if I can figure out how code can verify the hash of itself.

The other security concern is if someone uses a weak password. Inkjar doesn't test for weak passwords.

What makes a good password?
Make it at least 8 characters long, preferably 10 or more. Make it 20 to be really secure. Use upper case, lower case, numbers, and symbols. Don't use any names or dictionary words in any language, nor anything based on any dictionary word. Don't use any numbers that are associated with you or anyone you know of like a phone number or address. Don't use a password you've ever used anywhere before, or anything anywhere close to it. Make it something you can memorize so you're not tempted to keep it in a text file on your computer or write it down and store it under your keyboard or on a sticky note stuck onto your monitor.

Help! I've lost my password. Can you get it back?
The short answer: No. The long answer: If it would be easy to get the password back, Inkjar would be an exercise in futility. The only way to get the password back is to perform an exhaustive search on all possible passwords. Since the password is 256 bits, that's a lot of combinations: about 1 with 77 zeros after it. If you had a computer that could try 100 billion passwords every millisecond, and you gave a computer like this to each of 10 billion people on each of 10 planets in a billion solar systems, it would take well well over a billion billion billion millennia to find the answer. In reality, if your password is weak, which it probably is, then it might be possible to find it in your lifetime.

Can I add a file, besides just text?
Not currently. This may be the other feature in a later version, if another one ever comes out. Perhaps you could convert the file to something text-friendly like base64, pass that on, then convert it back to binary.

What versions of Java can it run on?
1.3, 1.4, and 5.0. I haven't tried 1.2 or 6.0

Windows XP