After a lot of inactivity a new version has been released. The version number has jumped to 0.9.0 and will be incremented to 1.0 soon as the project is more than five years old now.

This release contains a number of new features implemented by Mikhail Blinov:

  • You can now change the structure of the entries, i.e. you can add new fields or remove unnecessary ones from individual entries.
  • You can make encrypted backups of the safe given that your phone supports file system access (JSR75). The backup file will be created on your phone, or the memory card if you choose to do so. You can then copy it to your PC for archival using the tools supported by the phone manufacturer.
  • There is now support for a simple form of deniability. You can create multiple independent 'profiles', each with its own password.

    You can use this feature to create one or more false 'honeypot' profiles in addition to your real one(s) and fill them with made up (but of course plausible data). If you are ever forced to reveal your safe password you can give away one of these and thus show false data to your attacker. The profiles are not listed or named in any way, they are simply identified by the password you use when you start the application, so there is no indication that there are more than one of them.

    But of course the attacker might know the application or be intelligent enough to guess it from looking at the menus. It's also evident that there is more data inside if one looks at the size of database stored on the phone.

  • You can now discard all changes you made during a session and exit the application without saving.


0.2.7 is out. If you were'nt able to install the previous version please try this one.

It seems that I'm making misteaks after misteaks... Unfortunately there were two problems with the release. The first problem was that the direct or OTA )Over-the-Air) download JAD file contained a typo. It had a semicolon instead of a colon in a URL. Then the next problem was that actually the is not a valid MIDlet version number as it has to consist of exactly three digits. This is kind of silly but this way know we have 0.2.7 with the same functionality as The only difference is that it works :).


Version fixes a bug with item deletion. Deleting more than one item could cause a crash or database inconsistency with 0.2.5 and 0.2.6. This seems to be fixed now.


Version 0.2.6 fixes a bug: SHA1 OTP generation was disabled in 0.2.5 (and possibly in earlier versions as well). It is now re-enabled.

From now on I'll tag the CVS tree at each release. I should have done it since the first release.


Version 0.2.5 released. It adds three new features requested by the jFreeSafe users:

  • Entries in the password list are now alphabetically sorted.
  • Automatic logout - if you don't touch the application for 4 minutes it will exit automatically. Currently the timeout is not configurable, later versions might add this feautre.
  • A simple about dialog that contains some information about the application.
  • Nokia 7610 and SonyEricsson P900 are reported to run jFreeSafe and have been added to the list of supported devices.


    0.2.4 is a bugfix release: SHA1 OTP generation is broken in 0.2.3. Somehow it was compiled with an old (and wrong) version of the SHA1OTPGenerator.java. Please upgrade.

    The list of devices known to run jFreeSafe now includes the SonyEriccson T610.


    jFreeSafe 0.2.3 released. New features in this version:

  • Password change. Not a revolutionary step, but this one was definately a missing one :).
  • You can use MD4 and SHA1 hashing with OTP. (You could choose these in the previous versions as well, but it wasn't implemented.)
  • It's not really a feature of the applications, but it can be downloaded directly from the website to your phone using this url: http://freesafe.sourceforge.net/jfreesafe.jad
  • Known bugs:

  • If the store is empty then the application accepts any password on startup and uses that password to save the new entries that you add. This can be a bad surprise if you misspell your master password. (Again: this only happens if your store is completely empty.) It will be fixed in the next version - if you delete every entry from the store, the store itself will also be deleted and thus you will have to reinitialize it by typing the master password two times (just as the first time).
  • Things to be done:

  • Backup. This has been on the list for a while, but I'm not sure if anyone needs it. With smarter phones you don't need it, because you can do it with the software of the phone. With dumb ones you might need it when you want to upgrade but don't want to loose your database. If you have an oppinion (i.e. if you miss this one) please drop me a line.
  • Change the password fields to ordinary text fields (i.e. the passwords won't be hidden on input). On some dumb phones you don't see the actual character being typed in a password field, so you don't really know whether you typed A, B or C by pressing button '2' a several times. However, as the other ones show it for a few seconds, they are not that safe anyway. If you feel that this change is unacceptable, don't hesitate to object (drop me a line :) ) and I might add an option to choose between the two modes.
  • Add six words output (does anyone need it?). This will probably mean two versions - one with the sixwords dictionary and one without it, as on low-end phones it may not fit into the memory.
  • 02.12.2003

    Version 0.2.2 is released. It contains some bugfixes, no new features since 0.2.1. The next things to be implemented are sorting of entries by name, a password change dialog and a progress dialog. (Opening the safe can be really slow on low-end gadgets.)

    This release fixes the following bugs:

  • jFreeSafe didn't work on some phones (e.g. the Nokia 3410) because the jar file contained a class in the java.security package. (Error message 'Can't define class in system package', or similar.) This class (java.security.SecureRandom) is now moved to the org.bouncycastle.java.security package and should work. (Tested with a Nokia 3410)
  • Previous versions crashed if you selected 'Show' or 'Edit' when there were no entries in the store.
  • In 0.2.1 if you created a new entry and then you edited it again (by selecting it from the list and using the 'Edit' command) then it wasn't saved at exit at all.
  • Despite the low version number jFreeSafe is quite stable and definately usable. Please try it and give feedback.


    Version 0.2.1 is out. It is not compatible with earlier versions, you will not be able to open databases saved with 0.1.5. If you feel that this is a problem for you, drop me a line and I might finish the backup/restore feature and even port it back to 0.1.5 so that you will be able to backup your database and restire it into the new version.

    This version adds support for One Time Passwords (OTPs). When you choose 'Add' in the password list you can choose between two type of entries: 'Password' and 'OTP'. Choosing password you get the plain old password dialog that you had so far. Choosing OTP gives you the OTP dialog where you can specify parameters for the OTP. Only MD5 hash is supported. After adding an OTP entry you can generate a new OneTime Password by selecting an OTP type entry in the password list and choosing 'Show'.

    Here you can change some of the parameters (in case it is needed): the sequence number, the seed and you can calculate the OTP by choosing 'Calculate OTP'. The OTP will be shown in a new dialog. If your login succeeds using the generated password, press OK, and the sequence number will be decreesed by one in the OTP details dialog. If you press OK in the details dialog as well, then the new sequence number will be saved to the store as well. The six word format is not implemented yet.

    It seems that there is a bug in the Nokia 9210 midlet runner: if you edit an entry that was added during an earlier session, then the database can be corrupted! I have a workaround this problem, but have not implemented it yet. I'm working on porting the application to PresonalJava (a better solution for the Nokia Communicator).


    New version (0.1.5) available. This version has one new feature: automatic password generation. It generates random passwords of 8 character long.

    I started implementing the backup facility, there are menu items already for backup and restore, and most of the code is already written, however, there is no UI for entering the server address, username, etc., so it doesn't work yet.

    The next step is going to be adding support for one time passowrds (because I use them to access my machine from my work place). I would be nice to have some feedbacks (anyone using it or at least considering it at all?), as I plan to move on to the PersonalJava version and if there is no need for a j2me version then refactoring will be a lot easier (just drop out some code and write some new).


    Database handling has been optimized a little bit. Only modified and new entries are saved upon exit. This should speed up exiting from the application, The display handling bug has been corrected, however, I'm still not able to show an alert, so you won't see an error message when you mistype the login password.

    Improved code is in the CVS, I will release install packages tomorrow.

    I'm planning to implement a backup facility, so that you'll be able to backup/restore your passwords via HTTP (i.e. to a server application, that can tun on your machine, or on the internet).

    Planning to add a new record type for one type passwords so that you won't have to type the same things over and over again to an OTP generator.

    I'm also thinking of creating a PersonalJava based version using some advanced GUI toolkit (e.g. ThinLets, because I'm quite dissapointed by the usability and the speed of the 9210 j2me runtime.


    Created news section on the website.

    05.10.2003 - First release

    First release of j is here! It should work on any J2ME capable device, however, I only tried it on my Nokia 9210, a Nokia 3650 and of course the j2meWTK emulator. You can download it from here. Just extract the erchive contents and upload it to your device.


    The current version in the CVS is mostly feature complete. There is a bug in the screen handling that has to be solved: the password list doesn't appear after pressing OK in the password dialog, you have to press the OK button once more. I will release an installable version in two days.


    I put the idea of implementing a native Symbian version of this application away, as I thought it would take too much time to learn Symbian GUI programming. However, I'm working on a j2me (java MIDlet) version of this application as I thought it would be faster to create it first in java, which I'm more familiar with. One thing I didn't expect is that j2me has some nasty traps. There was a nasty bug in either my application or the j2me implementation in the 9210, that perevented freesafe from starting up. Being unable to resolve this problem, I suspended working on freesafe again. However, I decided to finish it now, as I really need it, and I do work on it.

    Though it's not finished yet, what I have works without a problem in the emulator (the one shipped with the j2mewtk), but I'm still not able to make it work on my 9210 communicator. I would appreciate any help from anybody, who ever made a midlet work on the Nokia Communicator. I decided to finish the application first, and then try to fix this problem as it still might be usable on other devices in its current form.

    The first usable version should be ready in weeks. If you have any requests, ideas don't hesitate to contact me.

    SourceForge.net Logo Sponsored by Origamind
    Last updated on Tue Mar 03 03:03:00 CET 2009