Support, help and instructions for abylon BASIC

Unfortunately, it is very difficult to reproduce such an error in the laboratory. Here are a few attempts at explanation:

Why does it work with the old version and not with the new one?

It is possible that the error occurred later. We are checking the file and directory data more intensively to avoid possible data loss.

What else could be the reason?

1. Directories too long - file+directory must NOT exceed 255 characters.
2. Missing write access to individual folders or files - e.g. B. because they are in use (opened) or simply lack user rights (NTFS).
3. The hard disk has a logical or physical defect. For logical defects, please open a command window (cmd.exe) with admin rights and enter CHKDSK C: /F /R (optionally use a different drive letter). A restart may be necessary.
4. There may be hardware errors on the hard disk - please check with DiskInfo (can be downloaded from the Internet).
5. Illegal file or directory names/entries. Under Windows, files/directories may be created that, for example, use characters that are not permitted in the file name. We also check this in abylon BASIC.

Cause of the manager problem:

The reason for this is that Windows 10 starts the tray icon by itself. This results in a double start of the manager tray icon, as shown in the following picture.

(c) Self made screenshot of Win 10 settings -> Autostart

Aid for double start

To prevent the double start of the manager tray, the "Autostart page" must be opened in the settings. This can be reached via Settings -> Apps -> Autostart. There the program APMPMgrX64.exe, APMBMgrX64.exe or APMRMgrX64.exe is displayed twice. Here one of the programs must now be switched off via the slider. Now the abylon MANAGER should run smoothly again. Restart the computer once to test.

The key containers are managed by the system, on which our software has no influence. According to the error message, this can be a rights problem or a defect. A third-party software could also lock the key container.

You should check in the event display whether corresponding messages are available. It might also be useful to check the rights. As a further step, you can log on to the computer with admin rights and execute the action here once.

NOTE Unfortunately we cannot offer you a clear solution to this problem. An Internet search for the corresponding error number might also be helpful.

The files are not corrupt and can be decrypted after uninstalling the faulty update from Microsoft "Updaterollup 1 for Windows 2000 SP4". For Windows XP and Vista, a comparable update should be responsible for the error.

When saving files, the operating system often uses a temporary cache without writing directly to the storage medium. This has the advantage of increasing performance, which means that the data can be accessed more quickly. However, a disadvantage can occur when using external storage media (e.g. USB sticks) if these are pulled without logging off. If not all the data from the buffer is written to the storage medium, this can lead to data loss or incorrect files. Such corrupt files show the error message "The decryption failed! ASN1 Invalid flag value". In this case, the file was not stored correctly or completely on the external storage medium and is defective.

TIPP When removing an external storage medium (e.g. USB stick), this should ALWAYS be removed after the correct logout. This causes the operating system to write all buffered data to the storage medium.

Encryption uses the public key (PKSC#7) of a certificate. To decrypt a certificate, you need the corresponding private key (PKCS#12). Make sure that the certificate is identical for encryption and decryption and meets the following minimum requirements.

If your decryption fails, the following causes may be the reason:

1. You are using a pure signature certificate!
   Certificates can be created for various purposes, such as signature, encryption, Windows login or SSL. The purpose is defined in the certificate under "Details -> Key usage". For example, pure signature certificates can only be used for a digital signature so that no decryption operations are possible. Please contact the certificate issuer and request a certificate that also supports encryption.
2. The selected encryption algorithm (Encryption (RSA-OID)) is not supported.
   For decryption, the Crypto Service Provider (CSP) and the certificate (e.g. on the smart card) must support the selected encryption algorithm. This algorithm can be defined in the settings under Key management and should be tested thoroughly. Encryption with TrippleDES (OID_RSA_DES_EDE3_CBC: 1.2.840.113549.3.7) is the most widely used. (NOTE From version 5.30.XX.6 a switch for testing compatibility is offered!)
3. You have changed your certificate in the meantime or try to decrypt the file on another computer (with different certificate).
   In this case you will have to install and activate your original certificate again.
4. You are trying to unpack an SME file and the decryption fails.
   In this case, you do not have the corresponding private key (PKCS#12). Normally SME file (secure message envelope) is used for transmission over insecure lines. The creator selects the recipient's public keys and encrypts the file(s). Only persons with the appropriate private key (PKCS#12) can unpack the SME file. NOTE When creating SME files, the unencrypted original files are not deleted.
5. You have changed your login password in the meantime.
   In very rare cases (so far only with Windows XP) there are problems with software certificates, so that you can no longer access your private key (PKCS#12). This means that you are no longer able to decrypt your encrypted files. You should delete the defective certificate and reinstall your original certificate on your computer.
6. You have a Web.de certificate
   In rare cases, Web.de generates certificates that encrypt but can no longer decrypt. Normally such certificates are tested and sorted out (only not at Web.de). For this reason you should always test the encryption and decryption with unimportant data at the beginning. If the decryption should fail, get a new certificate or generate a certificate with abylon SELFCERT.

For apmSelf (WinCrypt) and the abylon protection manager (apm) up to and including version 4.00 (module 'apm - create self-signed certificates') the term of self-signed certificates was limited to one year (360 days). However, the certificate can be used beyond the period of time - it is now not the case that it no longer functions from this day. The user only gets a warning that it has expired - nothing else.

HINWEIS Starting with version 4.50 the runtime of self-signed certificates can be defined in the module abylon SELFCERT itself. Now the maximum runtime is 9999 days (approx. 27 years).

The abylonsoft modules work together with the Simple-MAPI (MAPI = Mail Applications Program Interface) as interface between the application and the email program. Under certain circumstances an error may occur when sending a file (e.g. *.SME) directly with your email program. There are three reasons for this error:

1. You do not have a MAPI-enabled email program
2. Your email program is not registered as default email program!
3. Your MAPI (mapi32.dll) was corrupted by installing a browser or replaced by an older version

MAPI-enabled email programs: Netscape, Outlook, Outlook Express, Thunderbird, AOL (from version 7.0), Eudora, Pegasus Mail, Lotus Notes (from version 4.5 ???) and others!

Necessary settings:

• Outlook or Outlook Express:
  In Internet Explorer, under Tools, select Internet Options (or Properties) and select the Programs tab. There you have to select your desired email program under Email and confirm with the button OK. Alternatively you can also do this in the Control Panel under Internet Options.
• Netscape:
  Under Edit, select Settings from the menu. Under the item Mail & Discussion forums or Mail & Newsgroups activate the item Use Netscape Messenger for MAPI-based applications or Use Netscape Messanger for MAPI-based applications. 
  The names and the location of the settings can vary from version to version! (use help)
• AOL:
  AOL supports Simple-MAPI from version 7.0 on. To activate it select the button keyword and enter in the field default settings. Then select America Online under Shortcuts for Web, E-Mail and Newsgroups.
• Eudora:
  For Eudora, you must set up the default MAPI client by selecting Extras->Options->MAPI and then Use Eudora as MAPI server by selecting Always. Then you have to select Eudora as default mail program in Internet Explorer (see Outlook above)
  . The names and the location of the settings can vary from version to version! (Use help)
• Notes:
  Lotus Notes seems to be a difficult business. So far we haven't found any clear information about it. Also the information about the MAPI support of the different versions is very vague. First, however, you should check in Internet Explorer (as with Outlook) whether Notes is set as the default e-mail program there (Extras->Internet Options->Programs->Email). If this does not help, the Notes MAPI Service Provider must be installed. In the help you will find the exact instructions. 
  In a Lotus Notes forum I read that the easiest way to set up the MAPI interface is: 1.Uninstall Notes 2. Install Microsoft Outlook or Microsoft Office 3. Install Notes! ;-))

Repair the damaged or old MAPI32.dll:
A note from Microsoft describes that running the fixmapi.exe file in the Windows system folder (for example, c:\Windows\System32\) can resolve the problems. If necessary search this file in Explorer. Unfortunately we do not have any experience in how far this works and in which Windows versions this file is available.

There are different security levels for certificate access (Low / Medium / High)!

• You have currently set "Low" and the files can be decrypted by you in the logged in state. Others who log on to your computer cannot decrypt your files.
• When you go to "Medium", only the following changes: The system notifies you that the private key has been accessed and you must confirm this in each case. However, this is not absolute security!
• Best security you get with the setting "High", where you can define a password. This is valid for all applications based on this certificate (so also for the software of abylonsoft). 

You can only set the corresponding security level at IMPORT of your certificate. We therefore recommend that you make a backup copy of your certificate (PFX - File) and delete it from your system database (abylon CERTMANAGER). Then reinstall the PFX file and select the security level "HOCH" in the import wizard - now you can assign a password after the installation.

This is because executable files (*.exe, *.com, *.bat) always contain a security risk. It is not easy to check whether the program has been infected with a virus or Trojan. In addition, this type could only be solved with a symmetrical encryption method. That would be another security risk. You would first have to send the recipient the key for this file.

The primary advantage of asymmetric encryption is that no individual key (password) has to be transmitted to the recipient through the use of certificates.

For comparison: You want to move an important document from point A to point B. So put the message in a vault and let a messenger take it to point B. The person at point B needs your key to open the vault. So you would have to send the key to point B first. The variant with only one key for locking and unlocking (or encrypting and decrypting) is called symmetric encryption. At asymmetric encryption, which is used by the software of abylonsoft (up to version 5.2), the safe is equipped with a slot (like a mailbox). You simply throw the message through the slot and send the safe to person B. Only person B has the key for the safe and can open it with it. So here two different keys are used. One to encrypt and one to decrypt.

NOTE From version 5.3 the software of abylonsoft also supports symmetric encryption, like Blowfish or AES.

Definitely No! Encryption does not prevent destruction or manipulation by viruses or the like. You should therefore always back up your encrypted files to an external medium (e.g. CD, floppy disk, tape drive, MO, etc.). Thanks to encryption, your data on the storage medium is protected from prying eyes.

In addition, you should always use a current Virus_Scanner to exclude a virus attack.

Yes! the software of abylonsoft is backward compatible, i.e. it reads without problems the old WinCrypt or abylon protection manager (apm) files, provided that also the correct certificate is set. Unfortunately we had to change the technical procedure when creating a SME, so that SME files created with the new software are not backwards compatible to WinCrypt. However, the new software is able to read SME files created by WinCrypt and offers automatic conversion.

Workaround via flag in the registry

Open the Windows registry (for instructions, see the glossar) and change under X the value REG_SZ Y from YES to NO!

This change launches the .NET framework via an alternate call.

In this case we can offer the following workarounds.

1. Check plugins

Open the settings dialog and switch to the "Explorer Plugins Settings" page. Check here whether the corresponding PlugIn is activated (check mark).

2. Disable / activate modules

Open the settings dialog and switch to the "Explorer Plugins" page. First deactivate the plugins via the traffic light icon. Then you can activate the plugins again.

3. Registration of the Plugin-DLL

Start the command line entry with administration rights (Start -> Run -> cmd.exe). Then change to the abylon program directory (with cd). Enter here the command "regsvr32 [Plugin-Dll].
". As a plugin dll, enter the following files:

- abylon BASIC: 32bit = APMBOle.DLL, 64bit = APMBOleX64.DLL
- abylon READER: 32bit = APMROle.DLL, 64bit = APMROleX64.DLL
- abylon ENTERPRISE: 32bit = APMPOle.DLL, 64bit = APMPOleX64.DLL
- abylon SHREDDER: 32bit = SAWOle.DLL, 64bit = SAWOleX64.DLL

4. Check if all registry entries are present

Open the registry editor (Start -> Run -> regedit.exe) and check if the following 10 entries exist. The menu is only displayed in the File Explorer if all values are present and there are no errors.

1. HKEY_CLASSES_ROOT\*\ShellEx\ContextMenuHandlers\apmcrypt -> REG_SZ: ID see below
2. HKEY_CLASSES_ROOT\CLSID\{ID see below} -> REG_SZ: apmcrypt
3rd HKEY_CLASSES_ROOT\Directory\background\shellex\ContextMenuHandlers\apmcrypt -> REG_SZ: {ID see below}
4. HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\apmcrypt -> REG_SZ: {ID see below}
5. HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\apmcrypt -> REG_SZ: {ID see below}
6th HKEY_LOCAL_MACHINE\Software\Classes\*\ShellEx\ContextMenuHandlers\apmcrypt -> REG_SZ: {ID see below}
7. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ID see below} -> REG_SZ: apmcrypt
8. HKEY_LOCAL_MACHINE\Software\Classes\Directroy\background\shellex\ContextMenuHandlers\apmcrypt -> REG_SZ: {ID see below}
9. HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\apmcrypt -> REG_SZ: {ID see below}
10th HKEY_LOCAL_MACHINE\Software\Classes\Ddrive\shellex\ContextMenuHandlers\apmcrypt -> REG_SZ: {ID see below}

The following IDs must be used for the individual programs:
- abylon READER = {5fbcd2e0-73dd-11ce-993c-43aa004adb6c}
- abylon BASIC = {5fbcd2e0-73dd-11ce-993c-42aa004adb6c}
- abylon ENTERPRISE = {5fbcd2e0-73dd-11ce-993c-41aa004adb6c}
- abylon SHREDDER = {5fbcd2e0-73dd-11ce-993c-00aa004adb6c}

Dazu wurde ab Version 19.10.1 und 2020.1 programmatisch ein Maus-Klickevent eingefügt. Sollte es hiermit Probleme geben so kann dies über die Registry ein oder ausgeschaltet werden. Dazu unter HKEY_LOCAL_MACHINE\SOFTWARE\abylon\[PROGRANNNAME, z.B. ENTERPRISE]\FLAGS den Wert FWACTIVATEWINDOW von YES auf NO setzen.

Nach der Passworteingabe zeigt die Software die Meldung "Das eingegebene Passwort ist falsch bzw. die Schlüsseldatei (Zertifikat) gehört nicht zu diesem Objekt!" an. Woran liegt dies?

Bitte prüfen Sie zunächst, ob dass Passwort wirklich korrekt eingegeben wurde oder sich nicht vielleicht das Tastaturlayout geändert hat.

Eine andere Möglichkeit besteht darin, dass der Passwort-Scrambler gewisse Sonderzeichen in andere Zeichen umwandelt. Aus diesem Grund ist es in solchen Fällen notwendig, entsprechend der Anlage des verschlüsselten Elements den Passwort-Scrambler zu aktivieren oder deaktivieren. D. h., wenn bei der Verschlüsselung der Passwort-Scrambler aktiviert war, so muss dieser auch bei der Entschlüsselung aktiviert sein.

Der Passwort-Scrambler muss auf jeden Fall deaktiviert sein, wenn ein Passwort oder die SecureID über Kopieren und Einfügen (Copy&Paste) ins Passwortfeld eintragen werden. Andernfalls erkennt das Programm keine Tastatureingabe und das Passwortfeld bleibt sozusagen leer.

Bei der SecureID handelt es sich um ein so genanntes Notfallpasswort. Dieses kann bei Defekt oder Verlust der Chipkarte oder USB-Stick alternativ für die Entschlüsselung eingegeben werden.
Die Ermittlung der SecureID erfolgt während der Verschlüsselung auf der Seite 'Schlüsselverwaltung->SYMM-System'.
Die SecureID ist für jedes verschlüsseltes Objekt (abylon KEYSAFE, abylon CRYPTDRIVE, abylon BASIC, abylon SHAREDDRIVE) identisch und baut sich wie folgt auf:

# + 32 Zeichen + . + 32 Zeichen + # 
(Zeichen nur Zahlen 0-9 oder Buchstaben A-F; z. B. #A54E1CB23F31464AC3B7D65F4557C1D1D. 50F4B4A9EC30705944EB12870284C419#

HINWEIS
- Ab Version 8.3 können sowohl Groß- als auch Kleinbuchstaben eingegeben werden. Bei älteren Versionen ist die Eingabe Case-Sensitive.
- Zur Eingabe sollte der PasswortScrambler deaktiviert werden!
- Die SecureID sollte an einem sicheren Ort aufbewahrt werden!
- Die SecureIDs sind für Verschlüsselung und Windows-Anmeldung unterschiedlich. 

Unter einem "Brute Force Angriff" versteht man das Ausprobieren aller möglichen Zeichenkombinationen von Passwörtern. Zum Beispiel beginnt der Prozess mit 00000001 und geht dann mit 00000002, 00000003, 00000004... weiter. Ein Passwort, das nur 4 Stellen hat und nur aus Zahlen besteht, kann leicht innerhalb wenigen Sekunden "geknackt" werden. Ein gutes Passwort sollte aus mindestens 12 Zeichen mit Kleinbuchstaben, Großbuchstaben, Zahlen und Sonderzeichen besteht. Zudem sollten keine Wörter aus Wörterbüchern, Namen oder einschlägigen Passwort-Datenbanken verwendet werden. Wer diese Regeln berücksichtigt, kann sicher sein, dass eine wirtschaftliche Entschlüsselung der geschützten Daten in absehbarer Zeit nicht möglich ist.

Es ist leider / zum Glück nicht möglich, geschützte Daten ohne das zugehörige Passwort zu öffnen. D.h., die Software von abylonsoft bietet weder eine Hintertür noch einen sogenannten "Generalschlüssel". Wenn Sie also ihr Passwort verloren haben, kommen Sie nicht mehr an ihre gespeicherten Daten dran.

Sie sollten sich die verwendeten Passwörter gut merken und evt. an einer geheimen Stelle aufschreiben. Dies sollte aber nicht auf der Festplatte oder in der nähe des Computers sein. Alternativ bieten so-genannte Passwortmanager (wie z. B. abylon KEYSAFE) die Möglichkeit die unterschiedlichen Passwörter in einer gesicherten Datenbank zu hinterlegen. In diesem Fall müssen Sie sich nur noch ein Passwort merk

Ein unsicheres Passwort ist immer ein Geburtsdatum, eine Nickname, eine Name prinzipiell oder irgend ein anderes Wort, welches häufig gebraucht wird, oder welches im Lexikon steht.

Ein sicheres Passwort ist ein Passwort, das aus verschiedenen zufälligen Zeichen besteht, z.B. myz<_/k)),%06YLbcw3pU. Es besteht aus Sonderzeichen ( ! »§$%&/()==?´*?+#´\ß^.;:_@<>|{[]}), Zahlen (1234567890), Großbuchstaben (QWERTZUIOPÜÄÖLKJHGFDSAYXCVBNM) und Kleinbuchstaben (qwertzuiopüäölkjhgfdsayxcvbnm).

Sollten Sie sich ein solches Passwort nicht merken können, so können Sie auf einen Trick zurückgreifen. Zwar ist das Passwort dann nicht so sicher, wie das vorherige, jedoch immer noch um einiges sicherer wie ?Otto? oder ?Müller?. Und so funktioniert es. Denken Sie sich einen langen Satz aus, den Sie sich leicht merken können, wie z.B. : Ich wohne in der Musterstadt 134b. Meine Telefonnummer ist 123456789.  Nun nehmen Sie von diesem Satz einfach die ersten Buchstaben / Zeichen. In diesem Fall wäre das? IwidM1.Mti1.?. Sie sollten aber darauf achten, dass wenigsten einige Zahlen und Sonderzeichen in dem Satz vorhanden sind. Zudem müssen Sie auf Groß- und Kleinschreibung achten.

Um ein wirklich sicheres Passwort zu erzeugen, sollten Sie den integrierten Passwortgenerator benutzen. Sie finden ihn beispielsweise im abylon KEYSAFE.

Antwort:

Nein, ab Version 24.0 (bzw. Jahresversion 2024.1) wird Windows XP nicht mehr unterstützt.