Chapter 6 Encryption Encryption refers to the scrambling of information within a file so that it cannot be deciphered. PROTEC NET encryption prevents users from deciphering confidential information without authorization. PROTEC NET provides two types of encryption: Automatic and Manual. ========================= Automatic File Encryption ========================= PROTEC NET Automatic Encryption provides an extra level of security since only authorized users with the appropriate permissions may access encrypted files. This feature is transparent to the user because PROTEC NET encrypts and decrypts files as they are accessed. PROTEC NET Automatic Encryption will not encrypt program files with the extension .EXE or .COM. A file will only be encrypted once. To obtain a list of all files specified for Automatic Encryption, refer to PROTEC NET Programs, REPORT.EXE. If users select files to be encrypted, copy the Encryption program, ENCRYPT.EXE, to the users PUBLIC directory. A User can automatically encrypt any program to which he has been granted access. NOTE If files, directories or drives have been specified for automatic encryption, supervisors must logoff the workstation for changes to take affect. Encryption Key An encryption key is required to encrypt files. The key is not case sensitive. The encryption key length must be at least 1 character long and at most 8. If you are using the DES Hardware option, the maximum encryption key length is 8. Valid characters are as follows: A-Z, a-z, 0-9 ` - = [ ] ; ' . / , ~ ! @ # $ % ^ * ( ) _ + { } : " < > ? \ | Encryption Method There are two methods of encryption which can be utilized with PROTEC NET. Both methods are described below: Proprietary encrypts files by a PROTEC NET proprietary 64 bit algorithm which is software based. DES (Hardware) encrypts files using the Data Encryption Standard as defined by NIST (US National Institute of Standards and Technology). This method requires the Jones Futurex Encryption 300 circuit board. To Specify Drives, Directories or Files to Encrypt/Decrypt Automatically 1 Access the Encryption program, ENCRYPT.EXE. 2 Select the appropriate resource. To select files, highlight them and pressing the SPACEBAR, or F3 to select all. If you do not know where a file is located press F8 to search. 3 Press F6 to encrypt or F5 to decrypt. 4 Enter an encryption key and select an encryption method. 5 Choose the ENCRYPT button. 6 Choose the OK button. Once encrypted, the encryption method is displayed to the left of the filename. ================================ Command Line - Manual Encryption ================================= PROTEC NET also provides a command-line encryption program which may be used by the supervisors and users alike. To encrypt a file, you must use the PROTEC NET utility, PCRYPT.EXE. Files may be encrypted to function with PROTEC's automatic encryption security module using this utility. If users other than supervisors may use encryption, copy PCRYPT.EXE into a directory that users may access. If all users are allowed to use encryption, copy PCRYPT.EXE to the PUBLIC directory on the C: Drive. For more information on PCRYPT.EXE, refer to PROTEC NET Programs. NOTE Users may encrypt any file that they are allowed to access. ============================== Encryption and Backup Programs ============================== Backup programs which back the system up by file, such as Norton Backup, will create a backup of your system where files specified for automatic encryption are backed up in an decrypted format. If the system needs to be backed up where files must sustain their encrypted format, unload PROTEC NET temporarily and then back up the system. For information on unloading PROTEC NET temporarily, refer to Supervisor Login Function. Files that have been manually encrypted will be backed up in their encrypted format.