PATRONHUBDEVS // DOCS

Documentation

Installation guides, API reference, security architecture, and contribution notes for all PatronHubDevs products.

Getting Started

All PatronHubDevs desktop products are standalone Windows executables. No Python installation required on the end-user machine.

# For developers running from source:
git clone https://github.com/j3fcruz/<product>
cd <product>
pip install -r requirements.txt
python main.py

Python 3.10+ required. Windows 10 / 11 (64-bit) for all products.

NoteArmor Secure Notepad Pro

v3.2.0
Current version
AES-256
Encryption cipher
RSA-4096
License validation
Authentication sequence
  1. User provides password → PBKDF2-HMAC-SHA256 (600,000 iterations) → master key
  2. Keyfile SHA-3-512 hash → mixed into key derivation chain via HKDF
  3. TOTP code validated against RFC 6238 secret → final session token issued
  4. Three independent subkeys derived: encryption, HMAC, metadata — none stored
Product page

Atlas PDF Secure Vault

Atlas PDF wraps existing PDF files in an AES-256 encrypted container. The original PDF is never modified — the encrypted container is a new file. Access requires Password + Keyfile + TOTP (same architecture as NoteArmor).

Product page

MG SDK Licensing

Embed the same licensing engine used by NoteArmor into your own product.

# Validate a license in your application:
from mg_sdk import LicenseValidator

validator = LicenseValidator(public_key_pem=PUBLIC_KEY)
result = validator.validate(license_file_path)

if result.valid:
    launch_application()
else:
    show_license_error(result.reason)
Product page

Products API

Public read-only endpoint returning the product catalogue.

GET /products/api

# Response:
[
  {
    "slug": "notearmor",
    "name": "NoteArmor Secure Notepad Pro",
    "price": 12.99,
    "status": "available"
  }, ...
]

Security notes

  • Never use the development Flask server in production. Use Gunicorn behind nginx.
  • SECRET_KEY, MASTER_SECRET, and JWT_SECRET must be set as environment variables. The app will refuse to start if they are missing.
  • RSA private keys must never be committed to version control. Use the provided key generation script.
  • Internal maintenance routes are network-restricted via Cloudflare WAF and bearer-token guarded.
  • Rate limiting uses in-memory storage by default. Set RATELIMIT_STORAGE_URL=redis://... for multi-worker production deployments.
Full security architecture

Contributing

  1. Fork the repository on GitHub
  2. Create a feature branch: git checkout -b feature/your-feature
  3. Write tests for any new behaviour
  4. Ensure no secrets, compiled files, or runtime state is committed (see .gitignore)
  5. Open a pull request with a clear description of what changed and why
View repositories

FAQ

No. All PatronHubDevs desktop applications are offline-first. Activation, encryption, and validation happen entirely on your machine.

Your license is HWID-bound. Contact support with proof of purchase and a new license will be issued for your new hardware.

Free tools are fully open source on GitHub. Paid tools ship with an open application layer but a Cython-compiled licensing core.

AES-256-GCM with keys derived via PBKDF2-HMAC-SHA256 at 600,000 iterations and HKDF three-subkey derivation. No key is ever stored to disk.