The Business Master (4th Edition)

home *** CD-ROM | disk | FTP | other *** search

/ The Business Master (4th Edition) / The Business Master - 4th Edition.iso / files / utilfile / enc / manual.doc < prev next >

Wrap

Text File | 1993-11-12 | 53.1 KB | 1,199 lines

EEEEEEEE NN NN CCCCCC !!!! EE NNN NN CCC CC !!!! EE NNNN NN CC !! EEEEEEEE NN NN NN CC !! EE NN NNNN CC EE NN NNN CCC CC !!!! EEEEEEEE NN NN CCCCCC !!!! Version 1.0 Published By Apton Corporation P.O.Box 34620 Chicago, IL 60634 USA Tel: (312) 777-0282 Fax: (312) 777-2075 Program and documentation (c) 1993, Apton Corporation. All rights reserved. ENC! is a trademark of Apton Corporation. Other product and company names are trademarks of their respective owners. ====================================================================== IMPORTANT NOTES: If you run Microsoft Windows in enhanced mode and you use EMM386 and SMARTDRV, you must read Chapter 4 [Section - running Windows in enhanced mode]. If you use On-The-Fly compression programs such as Stacker and Double space, you must read Chapter 4 [Section - working with data compression programs]. ====================================================================== ENC! 1.0 [10-12-93] MANUAL.DOC page 1 ---------------------------------------------------------------------- CONTENTS ---------------------------------------------------------------------- Chapter 1 INSTALLATION Prepare install checklist Installing ENC! Chapter 2 ABOUT ENC! Welcome Features of ENC! Program limitations Chapter 3 ENC! BASICS Private and general access Encryption modes Encryption parameters Transport files DOS FCB system calls Renaming files Chapter 4 WORKING WITH ENC! Loading ENC! How to control ENC! Controlling ENC! from Windows Running Windows in enhanced mode Changing and viewing encryption parameters Working with application programs Working with data compression programs If you forget the passwords or encryption key Chapter 5 WORKING WITH UTILITIES Maintenance utilities Manual encryption and decryption Working with transport files ---------------------------------------------------------------------- Chapter 1 INSTALLATION ---------------------------------------------------------------------- PREPARE INSTALL CHECKLIST ENC! needs to know a few things during installation. They are primarily used as initial settings. You can always make changes after you have installed ENC!. If you are uncertain of the terms used in the checklist, please read the first three sections of Chapter 3. 1. Disk drive and directory you will like to install ENC!. Pathname:___________________________________ 2. For each local drive (disk drive that is physically in your computer not from a network server), select the encryption mode (details in Chapter 3 [Section - encryption modes]) you want to use and list the file extensions of all the files you want to encrypt. You can also select encrypt all files option instead of file extensions. Wildcard characters * and ? are allowed in the file extensions. If you select encrypt all files option for a drive, it does not count as a file extension. For this shareware version, you can only select 2 file extension/ disk drive combinations instead of 64 in registered version. But, you can elect to encrypt all files on any number of local drives. Drive A: [ ] Encrypt all files [ ] Use secure mode File extensions: __________________________________________ __________________________________________ Drive B: [ ] Encrypt all files [ ] Use secure mode File extensions: __________________________________________ __________________________________________ Drive C: [ ] Encrypt all files [ ] Use secure mode File extensions: __________________________________________ __________________________________________ Drive D: [ ] Encrypt all files [ ] Use secure mode File extensions: __________________________________________ __________________________________________ 3. Do you want ENC! to check all executable files before they are loaded? If you select to encrypt all files in any disk drive, we strongly recommend to select this option. You can also select this option if you just want to be sure. Details on this option are in Chapter 3 [Section - encryption parameters]. [ ] Yes [ ] No 4. What will be the private password, the general password, and the encryption key? Details on passwords and encrption keys are in Chapter 3 [Section - private and general access]. The passwords and encryption key can be any combination of printable characters including space except double quote (") and back slash (\). The length of the passwords and encryption key are at least 1 character and at most 12 characters. Uppercase characters are treated as if they were lowercase so that you do not have to worry above the shift and caps lock keys. Private password : __________________________ General password : __________________________ Encryption key : __________________________ 5. Do you want the ENC! to modify your AUTOEXEC.BAT so that ENC! will be automatically loaded when the computer is turned on? ENC! will also include its program path into your original path so that you can access ENC! utilities from any directory. [ ] Yes [ ] No To help you to determine the file extensions needed to be encrypted, we have compiled a list of data file extensions for some popular programs. This list is just a reference. Data file extensions may change with different versions of the programs. To be sure, you can check the file extensions of the actual files created by the programs or consult your software vendors. Ami Pro - sam Autocad - dwg Autosketch - skd Corel draw - cdr, eps Dac Easy - db Dbase - dbf, ndx, ntx, mdx Harvard graphics - hpg Lotus 1-2-3 - wk?, pic Lotus Freelance - pre Microsoft Word - doc, dot Microsoft Excel - xl? Microsoft Access - mdb Microsoft Powerpoint - ppt Object vision - ovd Org plus for Windows - opw Paradox - db, px Quattro pro - wq? Quicken for Windows - qdi, qdt, qmt, qnx Quicken for DOS - cdi, cdt, cmt, cnx Quick book - sdi, sdt, smt, snx Ventura publisher - chp, txt, cap, sty Windows write - wri Word perfect - wp? Standard backup file - bak Standard graphic file - tif, pcx, bmp, gif Standard text file - txt Windows temporary file - tmp INSTALLING ENC! ENC! installation is straight forward. Just insert ENC! program disk into drive A (or drive B), reach for your keyboard and type: a:install Now, all you have to do is to follow the instructions of the install program and answer a few questions. If you have prepared the install checklist, just go down the list and the answers are all there. If you are not sure about the settings of ENC!, use the following default settings: ENC! program directory = C:\ENC Check executables = N [no] Encrypt all files = N [no] Use secure mode = N [no] Modify AUTOEXEC.BAT = Y [yes] After you have completed the installation, please record your encryption key and store it in a safe place. The only time you will use the encryption key again is when you forget your password. Details on recovering from forgotten passwords are in Chapter 4 [Section - if you forget the passwords or encryption key]. Details about how to use ENC! are in Chapter 4 and Chapter 5. Please read the file README.DOC in ENC! program directory. The file contains additional information about ENC!. If ENC! has modified your AUTOEXEC.BAT file, you can start using ENC! by rebooting the computer. Otherwise, go to ENC! program directory and type: encdrv enc If you want to immediately adjust all files in a drive to encrypted files according to the encryption parameters you have just entered, use your private password to gain private access, then type: adjenc [drive]\*.* /s Where [drive] is the drive letter such as c:. ---------------------------------------------------------------------- Chapter 2 ABOUT ENC! ---------------------------------------------------------------------- WELCOME Welcome to Apton ENC!, the first and only universal real time encryption system for desktop computers. In today's business world, security of confidential files stored in desktop computer is a major concern. Anyone can turn on your computer and read anything he desires. What he reads may be some confidential files that will compromise yourself and your company. Traditionally, data security is achieved by controlling access to a computer. Users must enter a password to access the computer. However, this does not actually secure the underlying data in sensitive data files and it can be bypassed too. It cannot protect data that are stored in a diskette which may be laying around and falls in the wrong hands. There are programs that will encrypt their data files. But these programs only encrypt their own data and everytime the user wants to access the data, he must enter a password. The operation is cumbersome and it does not benefit the data generated by other programs. ENC! offers a simple solution to the data security problem. In fact, the most complex operation is to install ENC! into your computer and it is straight forward. After ENC! is installed, all you have to do is to enter a password when you turn on your computer. ENC! will take over and automatically encrypt and decrypt your data. ENC! is fast. ENC! uses a proprietary method to achieve lightning speed encryption and decryption. You will not even notice ENC!'s existence. ENC! is secure. If you happen to look at a file encrypted by ENC!, all you see is an unintelligible mess. No one can make head or tail out of it and certainly your programs cannot process it for unauthorized people to read. FEATURES OF ENC! ENC! is a state of the art real time encryption system. It is designed to be totally transparent to the user. After it is loaded, you will not aware of its existence. One thing you can be sure is that the data files you instruct ENC! to encrypt will be encrypted. ENC! works seamlessly with all types of programs; word processors, spreadsheets, accounting softwares, databases, presentation graphics, CADs, etc, etc. It works great with Microsoft Windows too. Once ENC! is loaded, only authorized person can access encrypted files. Of course, when you are not in your office, an unauthorized person can always stop the loading of ENC!. Don't worry, when he looks at your encrypted data files, all he sees are files of unintelligible data. There is one important feature of ENC!. If ENC! is not loaded and the unauthorized person is persistent enough to make a copy of your encrypted files, what he gets is a damaged copy. The original is perfectly safe. When you are using secure encryption mode and he later returns the damaged copy to you, even you cannot read it. If you are using the recoverable encryption mode, you are the only person who can recover the damaged copy. Imagine you are out of town and someone in your office desperately needs one of your confidential files for an important meeting. Should you give him your password? You do not want to be used as an excuse for his performance in the meeting. Certainly you will not like the idea that he can go through all your privates files. ENC! has solved this dilemma. ENC! has a built in two levels encrypted file access control. You can tell ENC! a certain file is private confidential file and another file is general confidential file. Both files will be encrypted. However, only you who know the private password can access both files. You can tell another person the general password and he can only access the general file. Most programs that have encryption capabilities work with file encryption on a one by one basis. If you want to encrypt ten files, you have to tell the program to encrypt file ten times and enter password ten times. This is cumbersome and error prone. ENC! works with files on an application basis. All you have to tell ENC! is the file extensions of the files and the disk drive they are located and ENC! will automatically encrypt all the files with those file extensions which are located on that disk drive. For example, you want to encrypt your Lotus 1-2-3 files in drive C. All you have to do is to instruct ENC! to encrypt files with WK1 file extension (or WK* if you want to encrypt all versions of Lotus 1-2-3 files) in drive C. That's it. If you desire to dedicate a drive to store encrypted files, you simply instruct ENC! to encrypt all file extensions in that drive. If you want to know more about different features of ENC!, please spare some of your precious time to read chapter 3 - ENC! basics. We strongly recommend you to read it. It will help you understand how ENC! works and to make decisions when installing and using ENC!. WARNING - PROGRAM LIMITATIONS ENC! does have a few limitations. Following is a short list of the limitations: 1. ENC! currently only supports MS-DOS 3.1 and above or its fully compatible equivalents such PC-DOS. It does not support other operating systems such as DR-DOS, OS/2, or Windows-NT. 2. ENC! does not support FCB system calls of MS-DOS. FCB system calls are remnants of MS-DOS 1.x versions. Practically no program has use these system calls for years. We do not want to unnecessarily waste your precious conventional memory in your computer by increase the size of ENC! resident encryption engine to support the obsoleted FCB system calls. 3. ENC! only supports local drives. It does not support remote drives connected to your computer by means of a local area network. You will not want to store your confidential files in a public area anyway. 4. ENC! only supports drives with a maximum of 1024 bytes per sector. Generally, disk drives are formatted to 512 bytes per sector. Before MS-DOS 4.0, a partition in a disk drive is limited to a maximum of 32 megabytes. Some disk management programs and OEM versions of MS-DOS attempt to overcome this limit by formatting the disk drive to 1024 bytes per sector. There are also some optical drives that use 1024 bytes per sector. We do not know of anyone using sector size larger than 1024 bytes. We just want you to aware of this limitation. 5. ENC! does not support programs that bypass MS-DOS to access data in the disk drives. There is a class of programs such as Norton Utility that bypasses the operating system to perform low level disk maintenance. ENC! will not interfere with their operations. These programs will not interfere with ENC! operations either. Whatever is encrypted stays encrypted and whatever is unencrypted stays unencrypted. This will not compromise the security of your data. 6. Due to the apparently random nature of encrypted files, On-The-Fly data compression programs such as Stacker, Superstor, Double space, and Double drive will yield a low compression ratio when compressing encrypted files. This is not something particular to ENC!. This happens with all encrypted files. ENC! has an advantage. Regular data compression programs such as Pkzip will not be affected. They will maintain the usual compression ratio under ENC!. ---------------------------------------------------------------------- Chapter 3 ENC! BASICS ---------------------------------------------------------------------- PRIVATE AND GENERAL ACCESS There are files that are for your eyes only. There are files that you allow someone you trust to access. There are also files that you do not care who can access them. ENC! features a multiple access control system that can limit file access according to your specifications. ENC! divides files into three access levels, namely, private files, general files, and unrestricted files. Private files can only be accessed by a person who knows a private password. Generally, you are the only person who knows it. Private files may be your personal files that you do not want anyone to access. General files can be accessed by anyone who knows either the private password or a general password. Generally, you will give the general password to a person who will handle your confidential documents when you are not in your office. Say, your secretary. General files can be some confidential company files that others in your company may occassionally need to access. Unrestricted files can be accessed by anyone. These are files that pose no security hazard. When you have private access privilege, you can create and access private files. ENC! provides you with a simple way to designate a file as private. If the first character of the filename is the character &, the file is a private file. When someone with general access privilege creates a file using & as the first character of the filename, the file is a general file. Do you have the uneasy feelings when someone is across your desk while you are typing a password to access a confidential file? I do. You can change the password after the person is gone. But, if you have a hundred confidential files, you will not enjoy changing password for each file a hundred times. I assume you can remember which hundred files you need to change. ENC! has a simple solution to this unpleasant problem. Traditionally, program with encryption capabilities uses the password as an encryption key to encrypt your files. The encryption key dictates how a file is being encypted. If the encryption key is changed, the file has to be decrypted with the old encryption key and re-encrypted with the new encryption key. This is why you have to change the password for all the hundred files mentioned above. It is slow and cumbersome. ENC! separates the password from the encryption key. The private password and general password are used only to establish the access privilege. They have no bearing on how your files are encrypted. When you change the passwords, there is no effect on your encrypted files. You can change the passwords for all encrypted files in seconds. Since you do not need to enter the encryption key again after installation, no one will know what it is. "But I can easily forget my password. I am screwed, am I?". No, you are not. When you install ENC!, it is important to write down your encryption key and store it in a safe place. When you forget your password, just go and get your encryption key. You can reestablish the passwords in minutes, that's it! Your encrypted files will be back online. Details are in Chapter 4. ENC! allows you to change the encryption key too. However, this process is more involved and time consuming. You have to decrypt all the encrypted files before you can change the encryption key. After you change the encryption key, you have to re-encrypt the files. Don't worry, ENC! comes with utilities to ease the pain. Details are in chapter 4. ENCRYPTION MODES ENC! will not allow unauthorized person to access encrypted files. However, it is possible for him to interrupt ENC! loading process. This will not be a problem since the encrypted files are in unintelligible form. The unauthorized person can read the files but he cannot understand what are in them. However, on the safe side, ENC! adds in a feature to safeguard from unauthorized copying of encrypted files. Any copying of encrypted files short of using diskcopy while ENC! resident encryption engine is not loaded will produce a damaged copy. The original is perfectly safe. This feature is particularly effective if encrypted files are stored in hard disk since they cannot be duplicated by means of diskcopy. You may worry about getting damaged copies if you happen to forget to load the ENC! resident encryption engine. This is quite unlikely. ENC! installation will place the command to load ENC! resident encryption engine in your AUTOEXEC.BAT file so that the engine will be automatically loaded when the computer is turned on. Nevertheless, ENC! offers an option to ease the your mind. You select the encryption mode. There are two encryption modes ENC! can use to encrypt data files. Namely, the recoverable mode (default setting) and the secure mode. As mentioned above, unauthorized copying of ENC! encrypted file will produce a damaged copy. If ENC! uses recoverable mode to encrypt a data file, the damaged copy can be repaired by an ENC! utility called FIXENC. The utility requires private access privilege to operate and it repairs the damaged copy according to your encryption key. You are the only person who can repair the damaged copy. If ENC! uses secure mode to encrypt a data file, the damaged copy is irreparable. The selection of encryption mode is on a drive by drive basis. You can change the encryption mode anytime you like. ENC! will automatically recognize the encryption mode used by an encrypted file and processes it accordingly. There are differences between the two encryption modes. They concern the security of your encrypted files. When files are encrypted in recoverable mode, it is possible for a computer expert who knows your general password and is knowledgeable with the internal working of ENC! to read your private files. If your private files are encrypted in secure mode, they are virtually impossible for anyone but yourself to read. When two identical files are encrypted in recoverable mode, the two files will contain identical encryption pattern. When two identical files are encrypted in secure mode, the two files will contain totally different encryption pattern which makes the encryption even more secure. For a person without knowledge of your private and general passwords, encrypted files generated by either encryption modes are virtually impossible to break. When ultimate data security is your goal, secure encryption mode is the better method. Generally, the recoverable encryption mode is secure enough. The choice is yours. ENCRYPTION PARAMETERS Traditionally, program with encryption capabilities works with encryption on a file by file basis. Each time you create a new encrypted file, you have to instruct the program to encrypt the file. ENC! uses a different approach. Generally, data files of a certain program will most likely contain confidential information. They may be your word processor, spreadsheet, or database files. Files of the same program have one thing in common, they have the same file extension. ENC! takes advantage of this trend. It uses file extension and the disk drive where a file is located to determine whether a file should be encrypted. You only have to inform ENC! what file extension and at what drive needs to be encrypted and ENC! will do the rest. You do not have to decide whether to encrypt when you create a file. This method may encrypt files that do not warrant the security. We do not think you will mind to overly secure your files in exchange for the convenience. If you are uncomfortable with securing files that do not warrant the security, you can create the files in another drive that does not use the file extension for encryption. During ENC! installation, the install program will request you to enter selections of this file extension and disk drive combination. You can make a maximum of 64 selections with ENC! registered version. You are only allow 2 selections with ENC! shareware version. Alternatively, you can instruct ENC! to encrypt all files in a disk drive. This does not count as a selection. If you have a lot of file extension/disk drive combinations, you could consider dedicating a disk drive to store encrypted files. It should be noted that a disk drive does not mean a physical disk drive. Rather, it means a logical drive created by DOS. Even though you may have only one hard disk drive in your computer, DOS can create multiple logical drives using different drive letters such as drive C, drive D, etc. ENC! will not encrypt files with EXE, COM, SYS, BAT, OVL, and DLL file extensions. They are executable files and encrypting these files will cause problem with their loading. There are some programs that use overlay files but do not follow the OVL file extension convention. If you instruct ENC! to encrypt all files in a disk drive then you install one of these programs into the disk drive, ENC! cannot distinguish data files from these overlay files. The overlay files will be encrypted and they will not work. To counter this problem, ENC! can optionally check all executable files before they are loaded. If ENC! finds an encrypted executable file, it will be decrypted. There is a slight speed penalty to enable this option. Normally, this speed penalty is not noticeable. When you want to change the encryption parameters, you can use the SETUP utility to make the change. It should be noted that when you change the encryption parameters, the encryption status of existing files will not change. The reason for ENC! to maintain the existing files encryption status is that sometimes you may want to have temporary change in encryption parameters. If ENC! adjusts the encryption status of all the files in your computer whenever you change the encryption parameters, it will waste a lot of your precious time. In any case, ENC! will automatically keep track of the encryption status of your files and you do not have to concern about the encryption status of your files. If you have to adjust the encryption status of your files such as right after you have completed the installation process, ENC! provides you with the tools. You can use ADJENC utility to adjust the encryption status of any or all the files in a disk drive according to the encryption parameters. You can use ENCRYPT utility to encrypt any or all the files in a disk drive. You can also use DECRYPT utility to decrypt any or all the files in a disk drive. After you adjust the encryption status of your files, you may want to make sure they are adjusted. CHKENC utility will show you the encryption status of any or all files in a disk drive. Details about these utilities will be discussed in chapter 5. TRANSPORT FILES You may need to send a diskette containing confidential files to some client across town. How can you be sure no one has looked at or copied the confidential file before it reaches the desk of the intended person? This is the reason ENC! provides you with transport file. A transport file is an encrypted file that has the same nature as the encrypted files in your computer. The content is unintelligible and any copying of the file short of using diskcopy will produce a damaged copy but the original is perfectly safe. There is one difference, you can specify any encryption key to generate the transport file. Before you send a person your file, you can make arrangement with the person as to what encryption key to use. After you decide what encryption key to use, you can use ENCRPYTK utility to convert existing files into transport files. Transport files are always encrypted in secure mode. Even if someone intercepts the files and makes an unauthorized copy using diskcopy, the encryption is virtually unbreakable. Once a transport file is created, even you cannot read it or copy it. A transport file can only be decrypted by the DECRYPTK utility. The decryption process will not alter the transport file. It will only create a decrypted copy of the transport file. This is to prevent the other person from accidentally using the wrong encryption key to decrypt the transport file and damages the transport file. If file extension of the copy is set to be encrypted, the decryption will be followed by encryption of the copy. DOS FCB SYSTEM CALLS ENC! does not support DOS FCB system functions except the FCB rename file and FCB delete file functions. FCB system functions are obsoleted since DOS 2.0. They are only used by some antique programs that are designed to work with DOS 1.x. We do not want to increase the size of ENC! resident encryption engine to accommodate something that nobody will use. If you are using programs that use FCB system functions, there will not be any problem. The only limitations are that ENC! will not encrypt data files created and used by these programs and these programs cannot access any encrypted files. Care should be taken to ensure the file extensions of the data files used by these programs are not included in the encryption parameters. If you are not certain whether a program uses FCB system functions to access data files, you can easily find out using the following steps: 1. Use the program to create a test file and then exit the program. 2. Encrypt the test file using ENCRYPT utility. Assuming the name of the test file is test.tst, type: encrypt test.tst 3. Run the program and open the test file. If the program does not recognize the test file exists, the program is using DOS FCB system functions to access data files. RENAMING FILES Encryption status of a file will automatically be adjusted after the file is renamed. If you rename an encrypted file to a name with unencrypted file extension, the file will be decrypted. The same holds true with private files. If you have private access privilege and you rename a private file to a general filename (that is, the first character of the filename is not the character &), the file will become a general file. When ENC! is loaded, person with lower access privilege cannot rename a higher privilege file. If you do not enter a valid password, you cannot rename any encrypted file. If you have general access privilege, you cannot rename a private file. Programs such as word processors usually use temporary work file. When you modify a document, the program will copy the original file to a temporary work file. All your modifications will be made on this temporary work file. When you have completed your modifications, the program will copy the original file to a backup file. The original file will be deleted and the temporary work file will then be renamed with the original filename. If there is a discrepancy between the encryption parameters and the encryption status of your file, this type of operation may affect the encryption status of your file. Example, you have created an encrypted file and then removed the file extension of the file from the encryption parameters. The file will stay encrypted. If you later use a program that uses temporary work file to modify the file, the renaming process of the program will change the file to an unencrypted file. Generally, most word processor programs use temporary work file and most database programs do not. ---------------------------------------------------------------------- Chapter 4 WORKING WITH ENC! ---------------------------------------------------------------------- LOADING ENC! ENC! provides real time encryption with two programs. ENCDRV.EXE is a resident encryption engine for performing all the real time encryption operations. ENC.EXE is the control program which verifies the passwords and controls the operation of the resident encryption engine. Normally, the install program will modify your AUTOEXEC.BAT to load the two programs automatically. However, if you want to load them manually, load ENCDRV.EXE first then load ENC.EXE. We strongly recommend to include both programs in your AUTOEXEC.BAT. If this is not desirable, at least include ENCDRV.EXE so that ENC! has control of your encrypted files and you can run ENC.EXE later. You can manually modify AUTOEXEC.BAT by adding the follows: 1. The path of ENC! program directory. 2. If you have a monochrome display, add SET enc=mono. 3. ENCDRV.EXE 4. ENC.EXE HOW TO CONTROL ENC! ENC.EXE controls the operation of ENC!. It verifies the passwords, it allows you to temporarily disable and then re-enable the encryption. It also allows you to reset ENC! so that you can change access privilege with another password. It further allows you to change the passwords and the encryption key. After you use ENC.EXE to gain private access privilege with the private password, the next time you run it, it will display the following options: F2 Reset This will reset the resident encryption engine. Next time you use ENC.EXE, it will require you to enter a password. If you are away from your office and you do not want to turn off your computer, use this option. F3 Disable encryption This will temporarily disable the resident encryption engine. Next time you use ENC.EXE, it becomes enable encryption. This option will toggle between temporary disable and re-enable the resident encryption engine. F4 Change private password F5 Change general password F6 Change encryption key Use this option to change encryption key. Before selecting this option, you should use DECRYPT utility to decrypt all encrypted files in your computer. Otherwise, you will have files with different encryption keys and ENC! will only process one encryption key at a time. Details are in Chapter 4. If you have general access privilege, only option F2 and option F3 are available. When you have private access privilege and you want to designate a file as private, use the character & as the first character of the filename. This is all you have to know to control ENC!. Details about using ENC! utilities are in Chapter 5. If you have a monochrome display, ENC! installation will modify AUTOEXEC.BAT to inform ENC.EXE. However, if ENC.EXE cannot get this information and display in color mode, you can add /M after the command. Example: enc /m CONTROLLING ENC! FROM WINDOWS If you want to run ENC.EXE from Windows, you can either use File|Run option in program manager or create an icon for ENC.EXE so that you can run it by double click the icon. Following is the procedure to create an icon for ENC.EXE: 1. While in program manager, make the program group you want to place ENC! icon active by double click on the group icon or click on the group window. 2. Choose File|New option of program manager. 3. Select the [add program item] box and click OK. 4. On [description] box type ENC! 1.0 Control. Click browse and select ENC! program directory. Select ENC.PIF then click OK. Make sure [run minimize] box is not selected. Click change icon. 5. Click OK when informed that there is no icon associated with the file. Click browse and select ENC! program directory. Select ENC.ICO or ENC2.ICO then click OK until returning to program manager. ENC.PIF is setup to run ENC.EXE in full screen mode. If you want to run ENC.EXE in a window, you can use the Pif Editor to change ENC.PIF setting to window mode. You must run Windows in enhanced mode to use this setting. RUNNING WINDOWS IN ENHANCED MODE When ENC! resident encryption engine is loaded, if EMM386 and SMARTDRV are also loaded, running Windows 3.x in enhanced mode will cause Windows to lock up during initialization. If either EMM386 or SMARTDRV is not loaded, there will be no problem. If you are not sure whether EMM386 and SMARTDRV are loaded in your computer, you can look at the CONFIG.SYS file in the root directory of the boot drive. If you find a line: device=[path]emm386.exe EMM386 is loaded. If you find a line in CONFIG.SYS file: device=[path]smartdrv.sys or, device=[path]smartdrv.exe or, if you find a line in AUTOEXEC.BAT file: [path]smartdrv.exe SMARTDRV is loaded. In all cases, [path] is the path where the drivers are located such as c:\dos\. The reason for the problem is that when EMM386 and SMARTDRV are loaded and Windows runs its enhanced mode initialization, they are not completely compatible with MS-DOS. During this moment, if some of the MS-DOS system functions are executed, they will crash the system. ENC! happens to use one of the functions. To get around this problem, you can use one of the following options: 1. If your programs do not need expanded memory and you do not load TSRs into high memory, eliminate EMM386 by deleting the line in CONFIG.SYS file that loads EMM386.EXE. 2. Use other disk cache program instead of SMARTDRV. We only experience problem with SMARTDRV. Other excellent disk cache program such as PC-CACHE that comes with PCTOOLS or QCACHE that comes with 386MAX all works well with ENC!. If you need to load a lot of TSRs into high memory, QCACHE with 386MAX is the better choice since 386MAX manages memory much more efficient than MS-DOS. 3. If you must use EMM386 and SMARTDRV, you can run Windows in standard mode using win /s option. 4. If you must run Windows in enhanced mode with EMM386 and SMARTDRV, you can use ENC! utility to suspend ENC! operations during Windows enhanced mode initialization. Details will be discussed below. ENC! utility SUSENC can be used to suspend all ENC! operations as if ENC! is not loaded. It has to be run before starting Windows. ENC! will automatically resume its operations after Windows initialization is completed. Care must be taken to use this option. You must make sure files needed for Windows enhanced mode initialization are not encrypted since ENC! is suspended and it cannot decrypt any files. Do not use encrypt all files option for the drive that contains Windows system directory. The following will show you how to setup and use the utility: 1. Go into ENC! program directory and insert ENC! program disk into drive A (or drive B) then type: copywin a: this command will copy all the necessary files from ENC! program disk into ENC! program directory. 2. Whenever you want to run Windows, type: wine You can use any Windows options such as /s with this command. If you do not like to use the command WINE, you can rename the file WINE.BAT in ENC! program directory to whatever name you desire as long as there is no conflict with other program. Do not change the name to WIN.BAT unless you rename WIN.COM in Windows directory and make the corresponding change in WINE.BAT. Example: 1. Rename WIN.COM to WIN31.COM 2. Use a text editor to change WINE.BAT in ENC! program directory: from win %1 %2 %3 %4 %5 to win31 %1 %2 %3 %4 %5 3. Rename WINE.BAT to WIN.BAT 4. When you want to run Windows, type: win CHANGING AND VIEWING ENCRYPTION PARAMETERS You can use SETUP utility to change the encryption parameters any time you like. The procedure is the same as what you have done during ENC! installation. If you have a monochrome display, ENC! installation program will modify AUTOEXEC.BAT to inform SETUP. However, if for some reason the program cannot obtain this information and display in color mode, you can add /M after you enter the program name. Example: setup /m You can run SETUP only when you have private access privilege. After you have completed the changes, you have to run ENC.EXE and use F2 to reset ENC! and then enter your private password. ENC! will inform you that ENC.SYS has been changed. Type P to instruct ENC! to proceed with the new encryption parameters. These procedures are to prevent unauthorized changes in encryption parameters. If you want to view the encryption parameters setting, you can run SETUP and select to use existing parameters. When you finish viewing the encryption parameters, type F10. SETUP will ask you whether you want to save the encryption parameters, type N to exit. WORKING WITH APPLICATION PROGRAMS When installing programs into a drive that encrypts all files and you have not selected the check all executable files option, always run ENC.EXE and use F3 to temporary disable encryption before you install the programs. After you finish installing the programs, run ENC.EXE again and use F3 to enable encryption. This is to prevent ENC! from encrypting overlay files that use unconventional file extensions. Most programs will generate backup files after you have modified the data files. If you want to keep your data confidential, do not forget to include the file extension of the backup files along with the regular files in the encryption parameters. Usually, the file extension of backup files is [bak]. However, some software vendors may use a different file extension. If you are not sure, consult your software vendors. Most Windows programs use temporary files to temporarily hold the data files they are working with. These temporary files will be erased when you exit the programs. However, the erase process does not actually erase the data in a temporary file. It just mark the file as being erased and the disk space previously occupied by the file is opened for other files. If the disk space is not used by other files, someone can use some undelete utilities to recover the data in the temporary file. The recovered data may be your confidential data. Windows always use the file extension [tmp] for temporary files. If you want to guard against others from undelete the Windows temporary files and look at the data in them, just add tmp file extension along with the regular file extension to the encryption parameters. WORKING WITH DATA COMPRESSION PROGRAMS If you use On-The-Fly data compression programs such as Stacker, Superstor, Double Disk, or Double space (comes with MS-DOS 6.x) to create a compressed drive and there are ENC! encrypted files in the original dirve, always gain private access privilege before you create the compressed drive. The reason is that the create compressed drive process will copy existing files into the newly created compressed drive. If you only have general access privilege and there are private files in the drive, the copying of private files will fail. Worse yet, if ENC! resident encryption engine is not loaded, the copying process will damage ENC! encrypted files. Normally you will use your private password when you are working with your computer so this will not cause any inconvenience. Data compression programs cannot effectively compress any type of encrypted files including ENC! encrypted files due to the apparently random pattern of the data in these files. For this reason, it does not make much sense to store any encrypted files in a compressed drive. ENC! has a feature that other programs with encryption capabilities cannot match. If you use any regular data compression program such as Pkzip to compress encrypted data files generated by other programs, the compression ratio is dismally low. With ENC!, the compression ratio is the same as if the files were not encrypted. The reason for this advantage is that ENC! automatically decrypt ENC! encrypted files when the data compression program is reading them. The program will only see the regular data. When the program writes the compressed file to the disk, ENC! automatically encrypt the compressed file. However, you have to remember to include the file extension of the compressed file into the encryption parameters. If you forget to do it, the ENC! encrypted files in the compressed file will no longer be encrypted. You can use one file extension for regular compressed files and another file extension for encrypted compressed files. Assuming you are using Pkzip, you can use the standard ZIP file extension for unencrypted zip files and ZEN file extension for encrypted zip files. Use SETUP to include ZEN in the encryption parameters. Example, when you want to compress files without encryption, type: pkzip -a abc.zip *.* when you want to compress files with encryption, type: pkzip -a abc.zen *.* When you decompress the compressed file, the encryption status of the decompressed files will be adjusted according to the encryption parameters. IF YOU FORGET THE PASSWORDS OR ENCRYPTION KEY If you forget the general password, you can simply change the general password using ENC.EXE. Following are the steps to do it: 1. Use your private password to gain private access privilege. 2. Run ENC.EXE and use F5 to enter a new general password. When you forget the private password, you can recover from it by re-establish new passwords provided you know the encryption key. You should record your encryption key and store it in a safe place. To re-establish new passwords, simply follow the steps below: 1. Go into ENC! program directory and insert ENC! program disk into drive A (or drive B). 2. Type: copy a:enc.enc enc.exe 3. Run ENC.EXE. It will ask you to enter the private password, general password, and the encryption key similar to ENC! installation. Simply enter a new private password and a new general password. Enter the same encryption key as you have recorded. Even though you have written down your encryption key and store it in a safe place, there is a chance you will forget where you have placed it. You can change the encryption key as long as you still remember the private password. Simply follow the steps below: 1. Use ENC.EXE to obtain private access privilege using the private password. 2. For every hard disk drive that contains encrypted files, type: decrypt [drive]\*.* /s where [drive] is the drive letter such as c: 3. If you have any floppy diskette that contains encrypted files, insert it into the floppy drive and type decrypt [drive]\*.* /s where [drive] is the drive letter of the floppy drive such as a: 4. Run ENC.EXE and choose F6 change encryption key option. It will remind you to decrypted all encrypted files which you have just done. Type P to proceed with the option and enter a new encryption key. 5. After you have change the encryption key, you can use ADJENC utility to re-encrypt your files by typing: adjenc [drive]\*.* /s where [drive] is the drive letter such as c:. ---------------------------------------------------------------------- Chapter 5 WORKING WITH UTILITIES ---------------------------------------------------------------------- MAINTENANCE UTILITIES All utilities discussed in the following sections require private access privilege to operate. Wildcard characters * and ? are allowed in filenames. ENC! has provided you with three utilities to maintain the encryption system: CHKENC allows you to find out the encryption status of files in a directory and its subdirectories. It also searches for encrypted files. Usage: CHKENC [path][file] [/s] [/l] path = optional pathname file = optional filename /s = optional check files in subdirectories /l = optional list encrypted files only If CHKENC finds an encrypted file, it will show the file's encryption status as filename [pgsrt], p = private file g = general file s = secure mode encryption r = recoverable mode encryption t = transport file ADJENC will automatically encrypt and decrypt files in a directory and its subdirectories according to the encryption parameters. It is primarily used to adjust encryption status of all files in a disk drive after ENC! installation or changing of encryption key. Usage: ADJENC [path]file [/s] path = optional pathname file = filename /s = optional adjust files in subdirectories FIXENC will fix encrypted files damaged by unauthorized copying. The files must be encrypted using recoverable encryption mode. It will fix files in a directory and its subdirectories. Care should be taken not to use FIXENC on unencrypted files. It will lead ENC! to consider the files encrypted and try to decrypt them when they are accessed. This will give you unintelligible data. If this happens, you can use /r option to remove the fix. Usage: FIXENC [path]file [/s] [/r] path = optional pathname file = filename /s = optional fix files in subdirectories /r = optional remove fix MANUAL ENCRYPTION AND DECRYPTION You can encrypt and decrypt files regardless of the encryption parameters setting with two utilities. ENCRYPT will encrypt files in a directory and its subdirectories regardless of the encryption parameters. It is primarily used to force files to become encrypted. Usage: ENCRYPT [path]file [/s] path = optional pathname file = filename /s = optional encrypt files in subdirectories DECRYPT will decrypt files in a directory and its subdirectories regardless of the encryption parameters. It is primarily used for one step decryption of a large number of files. Usage: DECRYPT [path]file [/s] path = optional pathname file = filename /s = optional decrypt files in subdirectories WORKING WITH TRANSPORT FILES You can convert files into transport files and decrypt transport files with two utilities. ENCRYPTK will convert files in a directory into transport files. The original files will not be altered. Usage: ENCRYPTK "key" [path]source [path]target key = encryption key for the conversion. The key should be enclosed by double quotes and spaces are allowed in the key. path = optional pathname source = original file filename target = transport file filename Once a transport file is created, even you cannot read or copy it. Always convert the file you want to send into the intended storage medium such as a diskette. Example, if you want to send a file test.org in drive C as file test.trn using a diskette in drive A with an encryption key of key, do not use the command: encryptk "key" c:test.org c:test.trn and then try to copy test.trn to the diskette in drive A. The copying will fail. Use the following command instead: encryptk "key" c:test.org a:test.trn After the command is executed, test.trn will be on the diskette in drive A and ready to send out. DECRYPTK will use the transport files in a directory to generate a copy of normal files. The transport files will not be altered. Usage: DECRYPTK "key" [path]source [path]target key = encryption key for the conversion. The key should be enclosed by double quotes and spaces are allowed in the key. path = optional pathname source = transport file filename target = normal file filename Even though the encryption key should be enclosed by double quotes, it is only the general case that will work with all encryption key combinations. If the encryption key consists of all alphanumeric characters (1,2,3,...,A,B,C,...) without any space character, the double quotes can be omitted. ---------------------------------------------------------------------- END ----------------------------------------------------------------------