| Cryptosystem ME6 — User Manual |
| Chapter 4: Use of Cryptosystem ME6 |
 |
 |
4.1 Function: encryption or decryption
There are three things you can use Cryptosystem ME6 for: encryption of files, decryption of files and analysis of files for randomness. The Function button allows you to specify encryption or decryption. (The randomness report is described in Section 4.10 below.)4.2 Single file
Whether encrypting or decrypting you first have to specify the file or files which will be acted upon. To specify a single file click on the Single file button. A file selection dialog box will then open:
After you have selected the file the filename and the folder name will appear on the main screen, e.g.:
If the file is being encrypted or decrypted "in place", so that the output file has the same name as the input file, then simply click on the Output file(s) same? button so as to get Yes and the output filename will be the same as the input filename.
Otherwise you have to specify the output folder and the output filename as explained in Section 4.6(b) below (and use Encrypt to a new file or Decrypt).
4.3 Input folder and Input file(s): specifying the input files
(a) Specifying the input folderTo encrypt or decrypt more than one file in a single operation first click on the Input folder button to specify the folder (a.k.a. subdirectory) in which the input files are located. A window such as the following will then appear:
Highlight the folder and click on OK.
(b) Specifying the input files
Click on Input file(s) to specify the input files. There are several ways to specify the input files:
For example, you might want to encrypt all files (in a selected folder) with .doc extension, in which case first select Encrypt all files with a particular extension then enter doc in the appropriate box:
If you are familiar with DOS or Unix file specifications then you can specify files using the asterisk, for example, a*.d* means: All files with filenames a... and with extension d...
4.4 Subfolders?: whether to include files in subfolders
ME6 allows you to operate on files in subfolders lower than the one you specify using the Input folder option.
This means that if you have specified a set of files in a particular folder to be encrypted or decrypted, and that folder has subfolders (which may have subfolders) then if Subfolders? is set to Yes then, in addition to all the files in the top folder being encrypted or decrypted, all the files in the subfolders will be encrypted or decrypted, plus all the files in the subfolders of the subfolders, and so on.
For example, suppose \foxbase\aruba has exactly three subfolders, namely, docs, memos and reports. Suppose also that you have specified \foxbase\aruba as the input folder:
and have specified that all files be encrypted.
If you then click on Subfolders? (setting it to Yes) then ME6 will be set up to encrypt all files in \foxbase\aruba, \foxbase\aruba\docs, \foxbase\aruba\memos and \foxbase\aruba\reports plus all files in any subfolders of any of the three subfolders of \foxbase\aruba.
This allows you to operate on all files (or a subset of them) pertaining to a particular project (provided that all such files are in a folder below a single folder).
If Subfolders? becomes Yes then Output file(s) same? also becomes Yes.
4.5 Output file(s) same?: whether the output files should be the same as the input files
Cryptosystem ME6 allows you to encrypt or decrypt a file "in place" or alternatively to produce an encrypted or decrypted version of the input file. In the first case the output file has the same name as the input file; in the second case the names of the input file and the output file are different.If you select the Output files same? option then the input files will be encrypted or decrypted and emerge with their names unchanged.
In this case what actually happens during, say, encryption of each file is that the ciphertext is first written to a temporary file. Upon successful completion of the operation the original file is purged and the temporary file is given the name of the original file. Thus if an error occurs during the encryption, or the operation is interrupted for some reason (for example, power to the computer is suddenly shut off), the input file remains intact and the temporary output file will contain the partial result of the attempted encryption (in this case a message will be displayed with the name of the temporary output file).
A file which is purged is not simply deleted, but is overwritten with random bytes (see Section 6.7, Purge process) so that the data in that file is unreadable. Thus when you encrypt a file in place the original plaintext is destroyed and thus cannot be recovered by a disk search or sector reading program.
As noted above, if Subfolders? is Yes (so that all specified files in lower folders are encrypted or decrypted) then Output file(s) same? is also set to Yes. Thus when encrypting or decrypting files in multiple folders then the output filenames will be the same as the input filenames.
4.6 Output folder and Output file(s): specifying the output files
Output files are specified in two ways:(a) Setting Output file(s) same? to Yes.
Then the output folder and the output file specification is set to whatever is currently specified for the input files.
(b) Specifying the output files in the same way as input files, that is, by first clicking on Output folder to specify the output folder and then specifying the pattern for the output files, as in:
(In this example, enc, .enc and *.enc have the same effect.)
If you have set Output file(s) same? to Yes then it is not possible to change the output file specification from what is displayed.
4.7 Encryption key: how to supply it
Whenever Cryptosystem ME6 is used to encrypt or decrypt a file an encryption key must be supplied. The key can be up to 64 characters long and must be at least 16 characters long. The specification of a key is the most critical step in any encryption operation and must be done with care, since a mistake in specifying the encryption key is likely to have significant consequences when the time comes to decrypt.Click on Encryption key to tell ME6 from where it should get the key. There are four possibilities:
In brief these are:
(a) type the key and see it as you type
(b) type the key but suppress the display (then retype to confirm)
(c) get the key from a file (called a "keyfile") and
(d) create a 64-byte random key (which is saved in a keyfile).
The creation and use of keyfiles is explained in (c) and (d) below.
When supplying a key at the keyboard this is the preferred method.
ME6 takes the key as entered at the keyboard, converts all lower case letters to upper case and removes all spaces. Thus you don't have to be concerned about whether some letters in the key are in upper or in lower case, or whether you have accidentally typed an extra space. Thus the key in this example is equivalent to "The quickbrown fox" and " THEQUICK brownfox ". However you do have to be concerned about punctuation marks (e.g., whether you end the key with a period).
The checksum is a number in the range 1 through 9999 which is calculated from the key and will be different for different keys. It is advisable to memorise this key checksum so that when you subsequently enter the key (or when it is subsequently read from a keyfile) you can verify that the key is what it should be. If you have inadvertently mistyped a single character then the key checksum will be noticeably different, allowing you to detect the error and to correct it.
(b) Type key (without display)
The reason for this way of supplying the key is that you may wish to peform encryption or decryption in the presence of observers to whom you don't wish to reveal the key. Once you enter the key ME6 asks you to re-enter the key to confirm that you entered the key you intended to. ME6 then gives you the opportunity to take a quick look at the key.
It is possible to make the same mistake twice when typing in the key, in which case (if the error were not detected) you would be encrypting files with a key other than the one you believe you have specified. Thus even when you feel it advisable to enter the key without display you should still inspect the key before proceeding just to be sure. This is not necessary when decrypting, since if the key is incorrect then the result will simply be an error message, and you can then re-enter the key.
There is a slight problem connected with using a key that you type in at the keyboard, namely, that for such a key to be easily remembered by most people it must either be short or else consist of a natural language phrase. A short key is vulnerable to a brute force attack, and a key which consists solely of natural language words plus punctuation marks is vulnerable to discovery by means of a dictionary attack.
A dictionary attack assumes that the key consists of words from some, generally large, set of words (to which set may be added the digits and punctuation marks) and proceeds to test all combinations of such words. Although the number of keys made up of elements from some dictionary may be very large, it may also be much smaller than the theoretical size of the key space, and may be sufficiently small to be searched by means of a fast computer, or by the use of parallel processing. Cryptosystem ME6 provides a way to foil such an attack by using a long key consisting of apparently random characters, such as:
Such a key eludes a dictionary attack but since it cannot be remembered (by people with normal memory) it must be stored in a file so that the program can access it. Such a file is called a "keyfile".
A keyfile need not have been created to hold a key. Any file, text or binary, can be specified as a keyfile. Most, but not all files, are suitable for use as keyfiles.
When you specify a keyfile ME6 will check to see whether the file exists already. If it finds the file it will attempt to open it and to read the key from the file. ME6 reads the first 64 bytes of the file (or all bytes of the file if there are fewer than 64), throws away spaces, converts lower case letters to upper case and does things with any zero bytes. The resulting key must contain at least 16 characters whose ASCII value is greater than 32, otherwise it is rejected.
A keyfile can contain ordinary text or binary data. For example, you could choose some driver file (although this is not really advisable because the file might someday be replaced by a new version without your being aware of this):
As noted above, if you instruct Cryptosystem ME6 to get the key from a keyfile it will check to see whether the file exists already. If it does not (or if ME6 can't find the file) it will ask if you wish to create a random keyfile. You can also request that ME6 create a new random keyfile by clicking on Create random key.
A random key is created on the basis of random movements of the mouse (this takes about half a minute):
There are (256-32)64 = 22464 possible keyfiles which can be generated in this way, and each of these sets of 64 bytes is a possible ME6 encryption key. Thus the size of the ME6 key space is 22464, which is approximately 10150 or about 2500. In other words, ME6 uses a 500-bit key.
A keyfile should not be left lying around on your hard disk unless there is no indication of its use as a keyfile. It could be moved to a floppy disk, and the disk locked away somewhere, or it could be encrypted. You could maintain a set of random key files, all encrypted using a random key contained in a file which is stored only on a floppy disk which is itself stored in a safe place.
4.8 Do it!: performing the operation
When you click on Do it! to perform the specified operation, Cryptosystem ME6 first checks the setup to see that all is in order. It checks that the input files and the output files have been properly specified, that there is sufficient space for the output files, etc. If it finds anything amiss then it displays an error message.If all seems OK then ME6 displays a description of the operation you have requested, and asks for confirmation, for example:
You should peruse this description to make sure that ME6 is about to do what you intend.
ME6 then performs the operation and reports the progress and results in a report window:
The report can be copied to the clipboard and then pasted into a word processing program to be saved to a file or to be printed.
When Cryptosystem encrypts a file and the output file has the same name as the input file then what happens is as follows: ME6 first opens a temporary output file. It reads the input file in blocks of about 8K in size and writes the encrypted blocks to the temporary output file. After each block is encrypted the memory buffers used for the plaintext, the ciphertext and the keytext are cleared (overwritten by zero bytes). (If there is a power failure during the encryption then the plaintext remains unaffected.) When the encryption has been completed the input file is not simply deleted, rather is purged: it is overwritten with random bytes (see Section 6.7, Purge process) and then the file is deleted. After the original input file is deleted the temporary output file is renamed to have the same name as the input file. Thus after the encryption has been completed there is no plaintext left lying around for forensic software to find (for more on this see Section 6.5, Anti-forensic software measures in ME6).
Cryptosystem ME6 does not encrypt certain files, including the currently specified keyfile (if any) and exe and dll files (unless these are encrypted to an output file with a different name). See Section 6.6, Excluded files, for more information.
4.9 Report screen
If you close the report window then it can be re-opened by clicking on Report screen.The report screen is cleared when a new operation is begun.
4.10 Randomness report
A file which has been encrypted using a good encryption method should appear to consist of random bytes, i.e., bytes whose values are randomly drawn from all 256 possible byte values (0 through 255).ME6 includes a means for analysing files as to randomness, and thus it provides a way to tell whether a file (or a set of files in a folder) has been encrypted or not.
This is a very useful feature of ME6 because if you are encrypting and decrypting a set of files frequently then you may become unsure as to whether your last operation was one of encryption or of decryption. If you wish to encrypt a file then you should be sure that the file is not already encrypted, and if you wish to decrypt a file then it is helpful to know that the file is in fact encrypted.
A randomness value near zero means "very non-random" and a larger randomness value indicates a greater degree of randomness. Randomness values may range from close to zero up to nearly 1 (seldom above 0.975), with 0.9 and above indicating a high degree of randomness.
A file encrypted using ME6 will usually have a randomness value of greater than 0.9. If a set of files all have randomness values below this then they are not ME6-encrypted, and if they all have values above this then they are probably encrypted (although not necessarily with ME6, and perhaps they are not encrypted files at all but are compressed data, such as is found in a .zip file).
So before performing an encryption operation it is helpful to click on Randomness report, after having specified the file(s) to be encrypted, to make sure that they are not already encrypted.
If the input file specification specifies only a single file then a graphical display of randomness is given, otherwise the files are simply listed with their randomness values. Examples are given below, first for the case when only a single input file is specified:
After clicking on Input file(s) click on Display in the new window to obtain something like:
This (unencrypted) file is clearly non-random (randomness measure is 0.237), in contrast to the encrypted (output) file (with a randomness measure of 0.951; this value differs slightly for different encryption keys):
Here are randomness reports for input files co*.tst encrypted to co*.enc:
Files must have at least 256 bytes in order to have a randomness measure. Files whose randomness is at least 0.9 are marked by an asterisk.
4.11 Setup: Saving the setup
The setup is the particular configuration of operation (encryption or decryption), input folder, input files, etc., that is currently specified. Since the same operation may be performed often it is useful to be able to save and load a particular setup so as not to have to re-specify the configuration.Clicking on Setup produces the setup submenu:
Clicking on Save setup produces the save setup submenu:
If you save the setup for the next run then when ME6 is next run the current setup will be loaded automatically.
If you wish to use this setup frequently, whether or not on the next run, then save it to a an "operation file".
Operation files must have .opn extension, which is supplied by the program if you do not include it in the name for the operation file.
4.12 Setup: Loading a setup
A setup which has been saved to an operation file can be loaded again when needed. To do this click on Setup then on Load setup and click on the operation file to be loaded (or first change the folder if the setup file is in a folder other than the one displayed).
4.13 Help
Clicking on Help brings up a help window. This contains an abbreviated version (without graphics) of this chapter. You can scroll through this help window in the usual way.If you right-mouse-click on any of the command buttons on the main screen then the help window will open at the section appropriate to that command.
4.14 Quit: Exiting
Click on Quit to exit the program. The current setup will not be saved automatically, so if you want ME6 to start with the same setup when it is run next time then save the setup before quitting as explained in Section 4.11 above.| Top of page | Contents | Cryptosystem ME6 | Data Destroyer |
| Hermetic Systems Home Page | |||