WhisperNote™ is a portable encrypted message container. WhisperNote is free, simple to use, open source and compatible with most modern devices such as computers, tablets and phones.
- Portable - use it on any modern web browser
- AES 256 - very strong encryption
- File based - no reliance on Internet availability or continuity of service
- Tiny - everything you need is less than 70kb of data
- No installation - just use it, no need to install anything
- Open Source - see how it works or contribute to the project
- Responsive Design - adapts to your device's screen size
Take it anywhere
WhisperNote is a self contained HTML file so you can take it anywhere. Save it to your hard drive, USB stick, Google Drive, SkyDrive, Dropbox or even store it on your phone. You own the data so you keep it and accesses it however is convenient for you! The software and your data all reside in the single HTML file.
The file size of WhisperNote is limited by your browser because all the file operations have to be performed in memory. Our testing shows that anything up to 10Mb works well. To store the file in HTML document it needs to be base64 encoded, with the side effect of increased file size. If you are storing a 6Mb file the WhisperNote file might be around 8Mb in size.
WhisperNote makes use of the following open source projects:
WhisperNote uses your browser as the execution environment, the same browser you most likely use to access your online bank accounts. With WhisperNote, your data is not saved onto a server on the Internet; it’s saved to the device you are using. Once saved locally, you can transfer the file to your other devices.
There are no "back doors" to your content in WhisperNote once it is encrypted. This means that if you lose your main password, your data can not be recovered.
If you intend to use WhisperNote to send data to others you will need to ensure that you exchange the password over a different channel to the note. For example, if you are emailing a WhisperNote to someone, call them to tell them the password.
WhisperNote, like other security applications, has known weak points. It is important that you understand these so that you can make an educated choice on whether WhisperNote meets your security requirements.
- The browser you use could be susceptible to side channel attacks or could leak information through a design fault, nevertheless Internet banking relies on the very same browser to protect access to your money. Similar problems are also found in other runtime environments and establishing a 100% trusted environment is nearly impossible on modern day devices, especially when you are connected to the Internet.
The checksums are provided to help verify the authenticity of new copies of WhisperNote downloaded. When you download WhisperNote directly from Consunet, it is served over a secure HTTPS connection. This means that you do not have to perform further authenticity checks, however when you download from a third party, you should verify that the files have not been modified by using the signatures provided.
The checksums provided are MD5 and SHA256. To calculate a checksum of your WhisperNote copy, use one of the following applications for your operating system.
- linux terminal> md5sum WhisperNote.html
- linux terminal> sha256sum WhisperNote.html
- osx terminal> md5 WhisperNote.html
- osx terminal> shasum -a 256 WhisperNote.html
- windows: install Microsoft's PsFCIV tool
Once you start using WhisperNote, the original signatures will no longer match since you add your data to the file, you can however use our Validator service to check files you are unsure about. If you do not want to send your encrypted data to our Validator service, you should make use of the import function from a trusted copy of WhisperNote. This retrieves only the encrypted data from an untrusted copy of WhisperNote and validates it using the AES 256 encryption.
Create your note
- Just type or cut and paste the text content you want to encrypt in the Message area.
- You can optionally select a single file from your device to be included with your note. This file should be less than 10Mb in size
- Once you're done editing your note, at the bottom of the screen type in a password to protect the note contents.
- Optionally, provide a hint for yourself, but don't make it obvious.
- Hit the Encrypt button. This will encrypt the note and package everything neatly into a single HTML file. You can save it to your local disc or perhaps a cloud service.
Share your note
- Due to technical limitations of current browsers, if you send a WhiperNote through email (or other insecure channel) the recipient needs do one of three things to read it securely:
- Download a new WhiperNote and Import your note into theirs.
- Use the Consunet Validator service to check that the note has not been maliciously modified in transit.
- Temporarily disconnect from the Internet when they are reading the note.
- When sharing the password you should use a different channel to the one you sent your note through (i.e. call the recipient over the phone).
If you find any problems or have suggestions for WhisperNote, please report them using our public GitHub repository.
Example use 1
Carol is collaborating with an international company on a new business proposal. During the fast paced negotiations there is an urgent need to provide some sensitive company information by email. Carol is concerned about sending this type information via unencrypted email but hasn't purchased an encryption certificate yet. Carol also isn't sure what operating system the recipient is using. To prevent business interruption Carol uses a WisperNote to create an encrypted HTML file that includes the sensitive information and a frank assessment of its strategic value. Carol emails this WhisperNote file and provides the password over the phone. The recipient uses the Validator to ensure that it has not been tampered with in transit. To prevent loss of this password Carol saves it using EveryPass password manager.
Example use 2
Drew has a collection of food recipes that have been a well kept family secret for generations. Drew would like to privately share these with the other family members over the Internet but doesn't trust Facebook to not use them for marketing purposes. Drew creates a WhisperNote for each of the recipes and uploads them to a DropBox account. Not all family members use DropBox so Drew creates a public link for the encrypted WhisperNote files containing the recipes. Now only the family members with the WhisperNote password can access the recipes, however they can do so from their smart phones, tablets, smart TVs as well as Windows, Linux and Mac computers. They can also store the WhisperNote files on their own devices so that they can access them without needing the Internet.