[xibo]

My first tutorial

Bit background:

There are circumstances where people might want to encrypt one or multiple files, or even a complete filesystem, most probably in order to prevent thirds to access your data. Much unlike preventing unwanted people to get your data by removing them from their ability to read the file per file access permissions encrypting will secure the file even if the unwanted user managed to overcome user management restrictions, commonly by abusing a bug or sniffing the network, though just stealing the hard disk containing the file is also an quite effective option.
If we consider the situation that someone unwanted already has the file he shouldn t be having, the only way to prevent him to make use of it is by having changed the data the file contains. Two options exist to acchieve this efficiently, namely

1. (en)coding
2. (en)crypting

the files.
A coding is the application of a logic function to the data, e.g. inversing the data ( each bit 'set' (=1) becomes unset(=0) and the other way around ) or just adding a certain value to each byte, word, or whatever .
A crypt is the application of an encoding that uses a or multiple keys to modify the data.
Both will immediately render the data useless to process that is expecting unsecured input, but encrypting is more secure then encoding...
different encoding and encryption algorithms have been developed in the past that are differently well in preventing to be brute forced ( brute force = generating any permutation and try if it is correct, generally the only approach to crack passwords ). Usually en- and de-coding happens transparently by some hardware device ( i.e. military communications between ww1 and the first iraq war were encoded ). However, the problem with coding is that once the algorithm is known to the 'spy', he can just apply it to decode the data.
With encrypted, not only the algorithm the original data was encrypted with has to be known , but also the key it was encrypted with. Encryption nowadays takes place in computer networks, namely ipv6 internet ( since it prevents the secret service from reading data unless they catch the complete transmission INCLUDING the crypt key that is transmitted in forward ipv6 is not widespread yet ), but also in most other kinds of telecommunication, too. The weakness of encryption compared to encoding is that encryption requires more complex 'programmable' logic - while basic encoding can be done with a chain of 2 transistors (=1 ic) the even most basic encrypt will require several thousands...

rather more practice now

Ok, since i saw people thinking to have security problems with their files on MU over here, and - in fact more by - [Only registered users can see links. ] , i wrote this useless programm that will apply __crypt_name_[1] on any files you give it via parameter. keep in mind that you canNOT use the files while they are encrypted.

Spoiler for vista 32 binary

i call it vista binary because i have no clue whether it also works on xp, but i didn t use *any* windows functions at all so it could be at least recompiled on xp/nt/3.11
[Only registered users can see links. ]
md5sum: 474962f10c56776d79095c093bd5cb68

Spoiler for source code

it's obviously c (++ or not) and doesn t require any special options at compile or link time

Code:

#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#ifdef WIN32 /* windows doesn t have inttypes.h */
  typedef unsigned  __int8  uint8_t;
  typedef unsigned __int16 uint16_t;
  typedef unsigned __int32 uint32_t;
  typedef unsigned __int64 uint64_t;
  typedef          __int8   int8_t;
  typedef          __int16  int16_t;
  typedef          __int32  int32_t;
  typedef          __int64  int64_t;
#else
  #include <inttypes.h>
#endif


void decrypt( void *const dptr, void const*const ekey, size_t const nmemb, size_t const nkeyb )
 {
  uint8_t      *const data = (uint8_t      *const)dptr;
  uint8_t const*const key  = (uint8_t const*const)ekey;
  size_t              i    = 0;
  
  assert(dptr && ekey && nmemb && nkeyb && "illegal input");
  
  for( ; i<nmemb; ++i )
   {
    int64_t k = data[i];
    k -= i;
    k -= key[i%nkeyb];
    k &= 0xff;
    data[i] = *((uint8_t*)&k);
   }
 }

void encrypt( void *const dptr, void const*const ekey, size_t const nmemb, size_t const nkeyb )
 {
  uint8_t      *const data = (uint8_t      *const)dptr;
  uint8_t const*const key  = (uint8_t const*const)ekey;
  size_t              i    = 0;
  
  assert(dptr && ekey && nmemb && nkeyb && "illegal input");
  
  for( ; i<nmemb; ++i )
   {
    int64_t k = data[i];
    k += i;
    k += key[i%nkeyb];
    k &= 0xff;
    data[i] = *((uint8_t*)&k);
   }
 }



struct fname_list
 {
  char fn[0xffff];         /* 65535 is the maximal file name lenght on extfsv2 and ntfs */
  struct fname_list *next; /* obviously it s a linked list */
 };

int verbose = 0;
int do_encrypt = 0;
int do_decrypt = 0;
struct fname_list *flist = 0;

void print_help( char const*const program_name )
 {
  printf( " * usage\n" );
  printf( " * %s --encrypt|--decrypt [--verbose] [--passwd=...|--passfn=...] file_a file_b ...\n *\n", program_name );
  printf( " * arguments\n");
  printf( " * --decrypt encrypt given files. must not be combined with --encrypt\n" );
  printf( " * --encrypt encrypt given files. must not be combined with --decrypt\n" );
  printf( " * --help show this and exit\n" );
  printf( " * --passwd=X use X as encryption key. may not contain spaces,tabs or other crap like that\n");
  printf( " * --passfn=X read file X and use it's content as key. content may contain anything including binary zeroes\n");
  printf( " * --verbose give more output\n");
  printf( " * --version print version information and exit\n *\n");
  printf( " * if no keyword is wanted/give zero/null will be used as key instead.\n" );
  printf( " * if passwd or passfn are combined or used multiple times only the last passfn or passwd option parameter will be used.\n" );
  exit(EXIT_SUCCESS);
 }

/* windows doesn t have a builtin functionality for this =.=" */

void proccess_args( int n_args, char ** args, char **key, size_t *keylen )
 {
  int i = 0;
  struct fname_list *c,*n;
  
  if( n_args < 2 )
    print_help( args[0] );
  
  while( ++i < n_args )
   {
    if( !strcmp( args[i], "--help" ) ) /* -.- */
      print_help(args[0]);
    
    if( !strcmp( args[i], "--encrypt" ) ) /* encoding requested */
     {
      do_encrypt = 1;
      continue;
     }
    
    if( !strcmp( args[i], "--decrypt" ) ) /* decoding requested */
     {
      do_decrypt = 1;
      continue;
     }
   
    if( !strncmp(args[i],"--passwd=", 9) ) /* read password from command line argument */
     {
      if( *key )
        free( *key );
      *keylen = strlen(args[i])-9;
      if( !*keylen )
       {
        *keylen=0;
        *key=0;
        continue;
       }
      *key    = (char*)malloc( *keylen );
      strcpy( *key, &args[i][9] );
      continue;
     }
    
    if( !strncmp(args[i],"--passfn=",9) ) /* read password from file */
     {
      FILE *f = fopen( &args[i][9], "rb" );
      if( *key )
        free( *key );
      if( !f )
       {
        *keylen=0;
        *key=0;
        if( verbose )
          printf("warning: \'%s\' not found or access to it was denied.\n", &args[i][9] );
        continue;
       }
      fseek( f, 0, SEEK_END );
      *keylen = ftell( f );
      fseek( f, 0, SEEK_SET );
      
      *key = (char*)malloc( *keylen );
      fread( *key, 1, *keylen, f );
      fclose( f );
      continue;
     }
    
    if( !strcmp( args[i], "--verbose" ) )
     {
      verbose = 1;
      continue;
     }
    
    if( !strcmp( args[i], "--version" ) ) /* very important */
     {
      printf( " ********************************************************\n" );
      printf( " * a very useless encryption program version 2008-08-28 *\n" );
      printf( " * (c) 2008 xibo <malloc@hotmail.de>                    *\n" );
      printf( " * the author and distributors are not responsible for  *\n" );
      printf( " * any kind of damage caused by this application        *\n" );
      printf( " ********************************************************\n" );
      exit(EXIT_SUCCESS);
     }
    
    /* since it's not an option it has to be a file name */    
    
    if( !flist ) /* head element not yet allocated */
     {
      flist = malloc( sizeof(struct fname_list) );
      flist->next = 0;
      strcpy( flist->fn, args[i] );
     }
    else
     {
      struct fname_list *last = flist;
	  struct fname_list *tail = malloc( sizeof(struct fname_list) );
      while( last->next )
        last = last->next;
      tail->next = 0;
      strcpy( tail->fn, args[i] );
      last->next = tail;
     }
   }
  
  assert( (do_encrypt ^ do_decrypt) && "exactly one of --encrypt or --decrypt have to be used" );
  assert( flist && "no input files specified" );
  
  for( c=flist; c->next; c=c->next ) /* let s remove duplicates */
   {
    n=c;
    while( n->next )
     {
      if( !strcmp(c->fn,n->next->fn) )
       {
        void *foo = n->next;
        if( verbose )
          printf( "warning: %s was given twice. doing it once only nevetheless\n", n->next->fn );
        n->next = n->next->next;
        free(foo);
       }
      else
        n=n->next;
     }
   }
  
  if( verbose ) /* i couldn t possibly have done this in the previous step, could i? >.>' */
   {
    printf("will %s the following files:\n", do_decrypt?"decrypt":"encrypt" );
    for( c=flist; c; c=c->next )
      printf( "%s\n", c->fn );
   }
 }

/* woah, this sucked */


int main( int n_args, char ** args )
 {
  size_t   keylen;
  char    *key=0;
  struct   fname_list *i;
  FILE    *f;
  size_t   flen;
  uint8_t *data;

  proccess_args( n_args, args, &key, &keylen ); /* why doesn t windows have getopts again? */
  
  if( !key ) /* neither passwd nor passfn were used */
   {
    if( verbose )
      printf("no encryption key given. using 0 instead.\n");
    key = malloc( 1 );
    key[0] = 0;
    keylen = 1;
   }
  
  for( i = flist; i; i = i->next )
   {
    f = fopen( i->fn, "rb" );
    if( !f )
     {
      printf("could not open file: %s\n", i->fn);
      continue;
     }
    fseek( f, 0, SEEK_END ); /* what is stat? i never heard of stat! i am windos! */
    flen = ftell( f );
    fseek( f, 0, SEEK_SET );
    if( verbose )
      printf("reading %d ko from %s\n", (int)(flen>>10), i->fn);
    
    data = (uint8_t*)malloc(flen); /* <-- \\>_<// */
    assert( data && "couldn t allocate enough memory." );
    fread( data, 1, flen, f );
    fclose( f );
    
    if( verbose )
      printf("%s data...\n", do_encrypt?"encrypting":"decrypting");
    if( do_encrypt )
      encrypt( data, key, flen, keylen );
    else
      decrypt( data, key, flen, keylen );
    
    if( verbose )
      printf("writing %d ko into %s\n", (int)(flen>>10), i->fn);    
    f = fopen( i->fn, "wb" );
    fwrite( data, 1, flen, f );
    fclose(f);
    free(data);
   }
  
  return EXIT_SUCCESS;
 }

Professional ( = costs money in theory ) software to do this job exists and is alot better but this one is for free

the program is command line only, which means you have to execute it via ms-dos command line or from a xterm, and name the files to be en or decrypted by arguments.
since the algorithm ( like, in fact all data encryption algrorithms ) is bijective ( = reversible ) it doesn t play a role whether you apply the crypt with the encoding or decoding algorithm, however you always have to use the opposite one in order to restore the data.

how to call:

Code:

# i will refer to the exe with encrypt ( the exe part can be dropped on windows and didn t ever exist in *x to begin with )
crypt --encrypt --passwd=test textfile.txt
# will encrypt the file textfile.txt in the same directory with the key 'test'
crypt --decrypt --passwd=test textfile.txt
# will decrypt the file textfile.txt in the same directory with the key 'test'.
# 
#
crypt --encrypt --passfn=test.txt textfile.txt image.svg
# will encrypt textfile.txt and image.svg in the same directory with the key that is readt out of test.txt (the key is ANY data in the file, it does not require to be text - in fact i tested it with an png image as key). it s still not smart to store passwords in text files though ....
crypt --decrypt --passfn=test.txt textfile.txt image.svg
# again, textfile.txt and image.svg will be decoded, with the content of test.txt
crypt --verbose blah
# will do the same as crypt blah but give more output
crypt --version
# is a very important functionallity, that will print my name on the screen and exit afterwards >_<
crypt --help
# will print all options and exit afterwards

Spoiler!

i was CERTAIN that using *.tif in a directory full of tif s would cause the programm to be called with alot of .tif file names as arguments, but again windows - or rather dos this time - disappointed me.

once again, the file is NOT useable while encrypted, and the key is NOT stored anywhere. if you forget the key you can go ahead and delete the file as it s not more then disk-space-taker any more.
the files given as input will be overwritten with their encrypted counterparts ( they have exactly the same size and by overwriting the originals the ability to restore the original files with fsck or chkdsk is removed ) without farter questioning. if you manage to cause the encryption program to encrypt itself delete it and download/compile again.
... again, "encrypt" and "decrypt" are just function names. you can use the "decrypt" function to encrypt something, but then you will have to use the "encrypt" one to decrypt it again.

Foreseeable Questions:

Q: I typoed on the password and the file got en/decrypted with the wrong key. what shall i do?
A: Since the algorithms are bijective, de/encrypt ( the opposite of what you just did ) with the TYPOED key, and use the correct one afterwards

Q: Someone crypted something with a non-ascii unicode key like 'パッスウオードなのだ！' but my dos command line doesn t let me type that in
A: that is why there is the ability to read passwords out of files. Keep in mind the files have to be encoded the same way as the key that was used to encrypt the data ( 'パッスウオードなのだ！' can be sjis, jis7, utf8 and utf16 ).

Q: I forgot to supply a key but the files got encrypted nevertheless, why didn t it abort?
A: It's not a bug, it's a feature! If you don t supply a key or the file that is supposed to contain it can t be opened, 0 ( zero ) is used as key, which causes the first octet in the file to remain same, the second to be incremented by 1, the next by 2, ... which is quite obvious, therefore supply a key >.<
Decrypt it without a key again to remove the encode.

Q: Whats the maximal length of a key?
A: (2^16) - 10 as argument, anything that can be loaded into your memory when loading it from a file. ~2^16 is probably more then any key you want to type by hand anyway, even if non-ascii characters are two and some kanji 3 octets long

Q: What characters are allowed in the keyword?
A: While reading out of a file *everything* is allowed. When given via argument it has to be ONE argument, so no spaces, tabs, linebreaks, cariage returns or stuff like that. See the --help help >_^

Q: RAR files also offer the ability to encrypt their content, however i can still open the rar and see the content without knowing the key. Why doesn t your programm offer the same functionality for e.g. ZIP or BZ2 files?
A: because i encrypt *all* the file, including the headers or signatures. ZIP and BZ2 formats offer encryption by themselves so if you need to be able to browse the content without the key use those instead

Q: What s the maximal file size of a file to be encrypted?
A: That depends highly on what you have running in background. I think it's safe to say half your system's RAM is the maximal size - data is read completely into ram and only started to be written again once it got en/decrypted.

Q: How long can i expect the encryption to take?
A: O(n) in theory, in practice my (raided ak1000s@ich9 running ntfs) system encrypts a gigabyte sized file on vista 64 sp1 in 17 seconds, and in 11 seconds on linux 2.6.26, but that is highly limited to the speed of your disks.

Q: How do i encrypt a whole directory at once?
A: Directories cannot be encrypted without the filesystem supporting it. Directories are virtual files. If you encrypt a directory the filesystem driver can t browse it any more and the next run of fsck/chkdsk will either regenerate the original directory or delete the directory with all thereby illegal-becoming data ( it's contents ). If you require a tree structure use TAR or a similar archive format to put all files in first.

So... Spam comments and crits ||>_<//

[1] __crypt_name_ it's a quite famous basic encryption algorithm named by a french mathematician, but i forgot his/her name

EDIT:

hmmm... it didn t become a tutorial -.-