Security Features

MangoWriter is a Windows desktop editor built to protect sensitive text with modern, well-understood cryptography and a minimal attack surface. This page explains how it works under the hood.

Core Cryptography

  • Encryption & Integrity: All document data is protected with AES-GCM (256-bit). GCM provides authenticated encryption: if a file is modified, authentication fails and MangoWriter will refuse to open it.
  • Key Derivation: On entry, the user’s password is processed with Argon2 (pre-hash) and then strengthened with PBKDF2-HMAC-SHA256 (310K iterations) to derive the encryption key.
  • Optional 2FA (Keyfile): Users may add a 128-byte random keyfile. When enabled, the keyfile is combined with the password before derivation; both are required to decrypt.

Implementation notes: AES-GCM uses a fresh 96-bit nonce per encryption and a 128-bit authentication tag.

Key Management & Session Security

  • No password storage or caching: Your password is never saved. When you unlock, MangoWriter immediately derives key material (Argon2 → PBKDF2) and discards the raw password.
  • Secure in-memory handling: The derived key exists only in memory while a document is unlocked. On lock, timeout, or exit, key material is wiped. Sensitive buffers are actively zeroed after use.

Data Handling & Application Integrity

  • No plaintext on disk: MangoWriter writes only encrypted document data. It uses no caches or temp files that contain plaintext.
  • Secure clipboard: Clipboard data is encrypted to the current MangoWriter instance. It cannot be read by other applications—or even another MangoWriter process—because it’s sealed with that instance’s key.
  • Lock Session: Manually locking a document instantly masks on-screen content until re-authenticated.
  • Auto-Lock – Automatically locks and masks screen after inactivity; in-memory keys are cleared. Timeout is configurable.

Air-Gapped Architecture

As a standalone desktop application with no network connectivity or third-party DLLs, MangoWriter minimizes its attack surface and external vulnerabilities.
All releases are OV code-signed and RFC3161 timestamped.

Secure Export

  • Encrypted ZIP: Export documents as password-protected ZIP files using AES-256 encryption. You’ll re-authenticate before export to prevent unauthorized access.

Managed Export

  • Print & Plain Text: Print documents or save them as plain text. You’ll re-authenticate before export. Note: output is unencrypted—use in trusted locations.
  • Cleartext Clipboard (manual, temporary): Allows copying selected text to the system clipboard in plain text for use in other apps. Off by default and not saved—you must enable it each time. Enabling requires re-authentication. Disable when finished to minimize exposure.

All export operations—Secure or Managed—require re-authentication to prevent unauthorized data exfiltration.

Operational Guidance

  • Keyfile care: If 2FA is enabled, keep a safe backup of the keyfile. Losing the password or keyfile means the document cannot be recovered.
  • Integrity checks: Each release is signed and accompanied by SHA-256 hashes so you can verify downloads.

OS Paging & System Encryption
MangoWriter never writes cleartext temporary files or caches to disk — all document data is encrypted before it touches storage. However, as with all Windows applications, in-memory document content may be subject to operating system paging. For end-to-end protection, Tomasello Software recommends using MangoWriter on systems with full-disk encryption enabled (e.g., BitLocker). This ensures that any paged memory remains protected at rest.