Cryptosystem ME6 — User Manual

 



When Cryptosystem ME6 starts up for the first time it looks like this:

Cryptosystem ME6 initial startup screen

There are two modes of operation: You can encrypt and decrypt either (a) a single file or (b) a set of files in a folder.


Encrypting a Single File

output file same as input file ME6 folders and fles You can encrypt a single file so that either (a) the output file is different from the input file (in which case you must first specify a location and a name for the output file) or (b) the output file has the same location and name as the input file (in which case the input — plaintext — file is replaced by the output — ciphertext — file). The locations and names of the input and (if different) the output file are displayed after you have specified them.

Ways of specifying an encryption key Before encrypting you must specify an encryption key. There are several ways to do this, but the easiest is to enter a key via the keyboard. For example:

Type an encryption key with display

A key should not consist only of normal words, because that would make it vulnerable to a dictionary attack (that is, an automated key search by trying all keys made up of words from a dictionary). Better to use an easily-remembered phrase such as "Now is the time for all good men" with some character inserted within each word, as above. Or one might simply use the first and last letters of each word, as in "nw is te te fr al gd mn", or eliminate the vowels, as in "nw s th tm fr ll gd mn" (but the key must consist of at least 16 characters).

The checksum changes with each keystroke. If you use a key regularly then you should memorize the associated checksum, so that if you make a mistake when typing the key you will notice that the checksum is not what is should be.

If you want to enter they key without it being displayed on-screen then 'Type key (without display)' allows you to do this, as in:

Entering an encryption key without display

There are other ways of specifying a key, involving a keyfile; these are
explained below.

To perform the encryption click on the button of that name; you will then be asked to confirm the operation (this is again an opportunity to make sure that the checksum is correct):

confirmation of encryption operation

A report window will then appear:

Report of encryption of a single file

You could now get a randomness report, but the explanation of this will be given later.

When encrypting a single file 'in place', the confirmation window and the report window are very similar to the case of when the output file is different.


Decrypting a Single File

output file same as input fileDecryption is very similar (select 'Decrypt'). As when encrypting, you can decrypt a file so that either (a) the output file is different from the input file (in which case you must first specify a location and a name for the output file) or (b) the output file has the same location and name as the input file (in which case the input — ciphertext — file is replaced by the output — plaintext — file).

Specify the decryption key (which must be the same as the encryption key) as shown above. To perform the decryption click on the button of that name; you will then be asked to confirm the operation:

confirmation of decryption operation

A report window will then appear:

Report of decryption of a single file


Anti-Malware Software

The Cryptosystem ME6 program is malware-free (see Virus Total's report). However, when it is encrypting a file 'in place' it wipes (by overwriting) the original plaintext file (so that it cannot be recovered by special software), and if the file is of a type that an anti-virus program is watching — such as a 'doc' or a 'js' (Javascript) file — this may cause that anti-virus program to stop program execution, issue a warning ("Program behaving badly"), offer to 'disinfect' the offending program and to reboot the computer, or might even delete the ME6 program without asking permission. This is the result of a "misdiagnosis" on the part of the anti-malware software. (See, for example, this notice of misreport from Kaspersky Labs, and see also here.)

When encrypting a file or a set of files in a folder (see the next section) Cryptosystem ME6 checks for the presence of such 'sensitive' files, and if any are found then it issues a warning.

If a sensitive file is present among files to be encrypted, and any anti-malware software present is not disabled then it may interrupt the encryption, leaving some files encrypted and some not. Thus if a warning is given then it is advisable to disable your anti-malware software, temporarily. (If a multiple-file operation is interrupted then you can discover which files have been encrypted by checking their randomness values, as given in the explanation of 'List files' in the following section.)

To be safe, however, it's best simply to disable any anti-malware software while running Cryptosystem ME6.


Encrypting a Set of Files in a Folder

When encrypting or decrypting multiple files in a folder the output files are in the same folder and have the same names as the input files: plaintext files are replaced by ciphertext files in an encryption operation, and ciphertext fies are replaced by plaintext files in a decryption operation. If you wish to retain the original files (plaintext or ciphertext) then first copy the folder then perform the operation on the original folder or on the copy.

When 'Files in a folder' is selected, the controls within the frame are activated (they are inactive when 'Single file' is selected). The operation can be modifed either (a) by specifying whether to include subfolders (if any) of the folder and (b) by specifying whether to include only files whose names match a given pattern (as explained below).

Here is an illustration of encrypting eight files in a folder \temp plus (since two of them are 'htm' files) two subfolders (holding images and other files associated with the two 'htm' files), for a total of 44 files, using the same key as above. Here is the initial setup. Note that 'Include all subfolders?' is set to 'Yes', and the textbox for a file pattern is empty (thus all files are included).


Before performing an operation it is highly advisable to list the files to be encrypted. In this example we get:

File list showing maximum number of files exceeded

The current maximum number of files acts as a check on whether you are attempting to encrypt more files than you thought you were. In this case we simply set the maximum number to a larger number. Setting it to 50 and re-listing gives:

Listing of files to be encrypted

The decimal number preceding the filename is the randomness value of the file (this concept is explained below). Ordinary text has a low randomness value (usually 0.1 to 0.2) whereas encrypted and compressed files have a high randomness value (typically more than 0.8 and always less than 1.0). Other files (such as PDF files) have an intermediate value such as 0.4 to 0.5. The value next to the filename thus shows whether or not the files are already encrypted. This protects you against accidental double-encryption.

Another good reason to list the files before encrypting is that this will check for the presence of 'sensitive' files (which could trigger anti-malware software — see above), and a warning will be issued if any are found.

When we click on 'Perform the encryption' we get this confirmation window:

Confirmation for encryption of files in all subfolders

During encryption a report window opens. The operation can be paused or stopped before encrypting the next file, but not during the encryption of a file, so if a large file (say, more than 5 MB) is being encrypted then it will be necessary to wait a bit before the operation pauses or stops.

At the end of the operation the report window looks like this:

Report after encrypting files


Decrypting a Set of Files in a Folder

Decryption of multiple files is the same as encryption except that you first select 'Decrypt'.

As with encryption, it is highly recommended to list the files to be decrypted. In this case we obtain:

Listing of files to be decrypted

Note that all the randomness values are greater than 0.9, showing that the files are encrypted. Noting the randomness values of files to be decrypted protects against an accidental attempt to decrypt files which are not encrypted.

The confirmation window for decryption, and the report window, are very similar to those for encryption as shown above.


Use of a File Pattern

It may happen that you have a folder with many files, including (for example) a few Excel files, and you want to encrypt only the Excel files. These usually have a file extension 'xls' or 'xlsx', so if you enter "*.xls*" into the file pattern text box then only files with file extensions beginning with "xls" will be acted upon. ("*" stands for any sequence of characters; you can also use "?" for a single character, as in "*.xls?".)

file pattern

When decrypting, you have to be careful to specify the same file pattern to ensure that only the encrypted files will be decrypted. But if you forget, and attempt to decrypt all files, then listing the files before decryption will reveal that there are unencrypted files (those with low randomness value).


Randomness Report

A file which has been encrypted using a good encryption method should appear to consist of random bytes, i.e., bytes whose values are randomly drawn from all 256 possible byte values (0 through 255). Cryptosystem ME6 includes a way to measure randomness, and thus it provides a way to tell whether a file has been encrypted or not.

A randomness value near zero means "very non-random" and a larger randomness value indicates a greater degree of randomness. Randomness values may range from close to zero up to nearly 1 (seldom above 0.975), with 0.9 and above indicating a high degree of randomness. Compressed files (such as 'zip' files often have a randomness value of about 0.8.

Randomness values are given in any listing of files to be encrypted or decrypted. A files must have at least 256 bytes in order to have a randomness measure. Files whose randomness is at least 0.9 are marked (in the listing) by an asterisk.

It is also possible in Cryptosystem ME6 to obtain a graphical display of randomness. This is done by taking each successive pair of bytes and treating them as an x-coordinate and a y-coordinate, and (with a black background) placing a white pixel at that point.

After selecting a single file for encryption, clicking on 'Randomness report' will give such a graphical display (such as below at left). If you then encrypt that file to a different output file, the randomness report will be like the image at right:

Randomness report for file   Randomness report for encrypted file

You can inspect the randomness of any file by specifying it as a single file then clicking on 'Randomness report'. In particular, if you are unsure as to whether a file you wish to encrypt is or is not already encrypted then specify it as the file to be encrypted and click on 'Randomness Report'. If the graphical display shows a randomness value > 0.9 (like the image at right) then the file is encrypted. Conversely, if you are unsure as to whether a file you wish to decrypt is in fact encrypted then specify it as the file to be decrypted and get a randomness report (a randomness value of < 0.8 means the file is not encrypted).

When you encrypt a single file 'in place', after the encryption the output file has the same location and name as the input file, and clicking on 'Randomness report' will show that the file is encrypted (the display will be the same as what you would get by encrypting the input file to a different output file).


Use of a Keyfile

Ways of specifying an encryption keyAs noted above, there are several ways to enter an encryption key, the easiest way being via the keyboard. Another way is to select a file — most files will do. Cryptosystem ME6 will then extract 64 bytes from this file to use as a 64-byte key (which you can inspect). The advantage of this method for specifying a key is that you only have to remember the location and name of the file. The disadvantage is that if you forget that, or you accidentally delete the file, then you no longer have the key, so can't decrypt files which were encrypted using that key.

The most secure key that you can use is a 64-byte random keyfile, since there are 25664 such keys possible (more than 10154). After clicking on 'Create random keyfile' the program asks for the location and name of the file to be created, then the byte values are obtained from your random mouse movements.

You can then inspect the bytes in the keyfile.

Inspect the keyfile


The Setup

The setup consists of the settings (other than the key, if specified) just prior to performing an encryption or decryption operation. If you usually perform an operation on a particular file or folder then it is convenient to save the setup for the next run (in which case it will be loaded when you run the program again). You can also save the setup to a file and re-load it as needed.

Saving the setup, however, involves a security risk, since a setup file contains information about which file or folder was used in an operation. In the case of the setup-for-next-run file you are given the option, when quitting, of wiping (by overwriting) this file.


Decryption Using the Trial Version

The trial version of Cryptosystem ME6 can be freely download via this page. After installation it is fully functional for 5 days, and thereafter can be used to encrypt only single or multiple ANSI text files or MS Word DOCX files each not larger than 4 Kb.

The trial version has no restrictions on decryption. Thus all (ciphertext) files created using this program can be decrypted with the trial version, regardless of the type or size of the original file.

It is possible to purchase a time-limited user license for Cryptosystem ME6 (limited either to 3 months or 1 year). This provides full functionality for the specified time period. After expiry of that time period the program reverts to the trial version. Any file encrypted during the period of the user license can be decrypted after the expiry of the license period. (A new user license can be purchased to restore full functionality if desired.)