HamCall (October 1991)

home *** CD-ROM | disk | FTP | other *** search

/ HamCall (October 1991) / HamCall (Whitehall Publishing)(1991).bin / util / encrypt / iris.doc < prev next >

Wrap

Text File | 1990-10-14 | 47.4 KB | 1,273 lines

IRIS ---- A Cryptographic Security System Version 3.7 July 1989 IRIS A goddess, the daughter of the Titan Thaumas and the Oceanid Electra. Iris carried the messages of the Gods. Iris means 'rainbow' in Greek, and the personification of this phenomenon was considered by the Greeks to connect sky and earth; hence her function as messenger. Callimachus portrays Iris as sleeping under Hera's throne, ever shod so as to be ready to carry her messages on the instant. Contents -------- Introduction Overview of IRIS The Data Encryption module The RSA cipher The DES cipher The VERNAM cipher The PLAYFAIR cipher The BAZERIES cipher Reference IRIS startup IRIS command reference Maintaining key files Future enhancements Appendix A - IRIS syntax conventions B - IRIS error messages C - Bibliography Overview of IRIS ---------------- IRIS implements commercial cryptographic techniques under the DOS environment: RSA public key cryptography DES cryptography VERNAM (XOR) cryptography PLAYFAIR cryptography BAZERIES cryptography CRC (checksum) generation Secure file erasure IRIS is intended to be used by users with a need to store or exchange sensitive information in a secure manner. A file containing sensitive information such as a spreadsheet detailing company annual results prior to publication, may be encrypted by IRIS effectively precluding unauthorised disclosure. The (encrypted) file may be copied to floppy disc and send via public mail (an insecure channel) to another party, who, having access to IRIS and the KEY used to encrypt the document, will be able to decrypt the file, producing the original spreadsheet. The IRIS software is written in the 'C' language, and has been ported to MS-DOS, UNIX, and VAX/VMS. The RSA cipher -------------- 'Defendit Numerus' [ There is safety in numbers ] In 1976 Whitfield Diffie and Martin Hellman introduced the revolutionary concept of a public key cryptosystem. Unlike classical cryptosystems, the public key cryptosystem has two separate keys, an encryption key and a decryption key. The major concept of this encryption scheme is that publicly revealing the encryption key does not reveal the corresponding decryption key. This has two important consequences: o Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the person who wishes to receive the message, and this publicly revealed key yields no useful information about the decryption key. o A message can be 'signed' using a privately held decryption key. Anyone can verify this 'Digital Signature' using the corresponding publicly revealed encryption key. Applications ------------ o Electronic mail - A public key cryptosystem can ensure that the two most important properties of 'paper mail' are preserved: (a) Messages are private, and (b) Messages can be signed. o Key distribution for conventional cryptosystems - Since conventional cryptosystems rely on the privacy of the 'key' to ensure privacy of the message, distribution of the key requires a secure channel, A public key cryptosystem can provide this channel. The Limitation of Conventional Cryptosystems -------------------------------------------- A conventional cryptosystem uses only one key, which must be made available to both the encryptor (Sender) and decryptor (Receiver). Therein lies the most serious problem of conventional cryptosystems: Some secure method must exist for distributing secret keys to the encryptor and decryptor, if that secure method exists, then surely it could be used to transmit the secret message. This is known as the 'Key Distribution Problem' A public key cryptosystem has two keys which have the following, almost magical properties: o For each encryption key there is a decryption key which is NOT the same as the encryption key. o It is feasible to compute a pair of keys, consisting of an encryption key and a corresponding decryption key. o It is not feasible to compute the decryption key from knowledge of the encryption key. Because of these properties, two people can use a public key cryptosystem to communicate privately without transmitting any secret keys. To set up, you generate a pair of keys, and send the encryption key to, say Mary by any convenient means. It need not be kept secret. It can only encrypt messages - not decrypt them. Revealing it discloses nothing useful about the decryption key. Mary can use it to encrypt messages and send them to you. No one but you, however, can decrypt the message (not even Mary!), as long as you do not reveal your private decryption key. Digital Signatures ------------------ Very closely related to the RSA cipher is the concept of digital signatures. One problem with corresponding electronically, such as via a large scale computer network, is that messages can easily be forged - you usually cannot be certain that the sender of a received message is actually the person claimed in the message. A public key cryptosystem, however can be used to provide positive identification of any sender who has a public key. If, for example Mary has filed a public key in some public access file, she can digitally sign a message by decrypting it with her private decryption key before publishing the message. Anybody can reveal the plaintext by encrypting the message with Mary's public encryption key; if the plaintext is revealed, then Mary must have authored the message. One can take this idea a step further, Mary can decrypt a message with her private decryption key, then encrypt it with your public encryption key. To reveal the plaintext, you must decrypt the message with your private decryption key, then encrypt it with Mary's public encryption key. The result is a message which only Mary could have created, and only you can read! The Rivest Shamir Adleman (RSA) cryptosystem -------------------------------------------- In 1978, a group of researchers at MIT published a paper describing the now celebrated, RSA cryptosystem. The security of the RSA cryptosystem is based on the fact that although finding large prime numbers is computationally easy, factoring the product of two such primes is at present computationally infeasible. In fact, this is an ancient problem which has resisted attack by the worlds greatest mathematicians for many centuries. Fermat (1601?-1665) and Legendre (1752-1833) both developed factoring algorithms; some of todays more efficient algorithms are based on the work of Legendre. 'The problem of distinguishing prime numbers from composites, and of resolving composite numbers into their prime factors is one of the most important and useful in all of arithmetic.... The dignity of science seems to demand that every aid to the solution of such an elegant and celebrated problem be zealously cultivated.' - K.F. Gauss, Disquisitiones Arithmeticae, Art. 329 (1801) The Mathematics of the RSA Cipher --------------------------------- The RSA key has three elements, 'N' & 'E' which can be made public knowledge, and 'D' which must be kept private to the individual who owns the RSA key, as 'D' is the means of decrypting a text which has been encrypted using 'N' & 'E'. Assuming that we have computed a 125 digit prime, p and a 130 digit prime, q, a 250 digit RSA key can be computed thus: N: N = pq E: Any Random integer in the interval 3 ... phi(n) -1 provided gcd(E,phi(n)) = 1 where phi(n) is the Euler totient function (p-1)(q-1) and gcd is 'greatest common divisor' D: D = multiplicative inverse of E mod phi(n) The number of 250 digit keys producible is much greater than 10 to the power 200. (It is worth considering that the number of atoms in the known universe is roughly 10 to the power 80.) IRIS supports RSA keys of up to 500 digits in length. Encrypting and Decrypting ------------------------- For the purposes of encryption and decryption, the plain / cipher text is converted into its numeric ASCII equivalent. For example, the text: ITS ALL GREEK TO ME Becomes the integer: 73848332657676327182696975328479327769 (since in ASCII 'I' = 73, 'T' = 84 etc) The text may now be treated as a simple (but large!) integer. RSA Encryption: ciphertext = plaintext ^ E modulo N RSA Decryption: plaintext = ciphertext ^ D modulo N For example ----------- N = 11023 E = 11 D = 5891 Plaintext = Ho = 3314 Ciphertext = 3314 ^ 11 modulo 11023 = 10260 Plaintext = 10260 ^ 5891 modulo 11023 = 3314 = Ho nb: IRIS converts characters into 3 digit integers (0-255) in order to support the full ASCII character set. RSA Performance --------------- The generation of sufficiently large prime numbers is a non-trivial problem, and this perhaps explains the scarcity of implementations of the RSA encryption scheme. It is only since the arrival of fast 16/32 bit microprocessors that microcomputer implementations have become feasible at all. In order to use realistic RSA keylengths, ie: 80 digits and above, a fast PC is essential. We advise the use of the following minimum hardware configuration: 12 Mhz 80286, 0 or 1 Wait states. Norton SI: > 11 Development and testing was performed on the following hardware configuration: 16 Mhz 80286, 1 wait state. Norton SI: 15.6 With CPU performance at this level, it is perfectly feasible to generate 300 digit RSA keys, although generation of keys of this size will require several hours of compute time. The user may prefer to run IRIS RSA key generation as a background task under a DOS multitasker such as DESQview, to allow the PC to be used for other purposes during key generation. Table 1 : Security of the RSA cipher Key Length Estimated time to cryptanalyze cipher text 50 3.9 hours 75 104 days 88 11 years 100 74 years 150 1.0 million years 200 3.8 billion years 250 5.9 trillion years 300 4.9 * 10 ^ 15 years 500 4.2 * 10 ^ 25 years ( Assuming one computer operation per microsecond ) The reader may wish to consider that the Universe is considered to be roughly 15 billion years old. A key length of 100 digits provides reasonable security against attack using current technology; using 150 digit keys ensures security against forseable future developments. The user can select a key length to suit the particular application, depending on the relative importance of operational speed and security. Unlike many conventional cryptosystems, there is currently no proven or theoretical 'sneak path' method of attack to the RSA cryptosystem. It is believed that the RSA cipher is unbreakable, even by government agencies. The DES cipher -------------- In 1977 the US Federal Bureau of Standards approved an IBM developed cryptographic algorithm for data security. The Data Encryption Standard (DES) was approved for non-classified governmental purposes. Since then, DES has been widely adopted in industry in hardware and software. Its dominance in the marketplace increases daily, and in respect of practical cryptography, is the most important algorithm ever devised. DES is completely specified in a Federal Bureau publication known as 'FIPS PUB 46 - Data Encryption Standard'. DES is very much a traditional cipher in the sense that it employs traditional cryptographic techniques of transposition and substitution. However, it is designed to interrelate them so as to produce an algorithm that is so complex that mathematical cryptanalysis is impossible. The DES algorithm is a 64 bit block cipher, and applies a 56 bit key to blocks of data 64 bits in size. The DES key is generally represented as a 64 bit value, the redundant 8 bits provide parity checking for the key. Although the DES algorithm is immensely complex, each step generally consists of some simple bit-manipulation operation and the overall algorithm runs rather quickly when compared to, say, RSA. (Of course hardware DES implementations run much faster still). Commercial users of IRIS are advised to use the DES algorithm for any application NOT requiring the properties of a public key algorithm. This is for the following reasons: 1. DES is an industry standard 2. DES provides a formidable level of cryptographic security 3. DES will be acceptable to any audit 4. DES uses keys that are short and easy to store and use 5. DES is fast For these reasons, DES is the default cipher algorithm within IRIS The VERNAM cipher ----------------- The VERNAM cipher is probably the fastest algorithm around - its speed is limited only by the I/O rate of the PC's disk and controller. The key for the VERNAM algorithm may be chosen to be any easily remembered sequence of letters/digits. However, the user should be aware that VERNAM does not offer the same high level of security as offered by DES or RSA. Whilst the VERNAM algorithm is commercially secure, it is most certainly breakable by government agencies such as the NSA and GCHQ. The origins of this cipher go back to 1917, when MIT graduate Gilbert Vernam proposed a new idea for enciphering teletype communications to his employers AT&T. At the time, teletype transmission was by 5 bit wide paper tape, utilising Baudot code. Vernam's idea was to run a second synchronised key-tape during transmission, which would be XORed with the message tape, thereby transmitting encrypted text. At the receiving end, an identical key tape would be synchronised to run along with the incoming message, and the teletype would churn out the decrypted text. The IRIS implementation of VERNAM XOR's the plaintext / ciphertext with the output of an additive type random number generator, which has a period of roughly 2^55. The keyvalue used determines the start point of the random number generator. To achieve maximum speed from VERNAM, one should specify /BRIEF in the cipher command, in order to suppress any output during cipher processing. From a mathematical point of view, the VERNAM cipher may be considered to be: ciphertext = plaintext XOR key-stream plaintext = ciphertext XOR key-stream Where the key stream is a pseudo-random number generator, the start point of which is defined by the key used. The PLAYFAIR cipher ------------------- The playfair cipher is a simple but effective polygram cipher which saw active service with the British Army during the Boer War and First World War. The cipher is named after an active Victorian public figure, Lyon Playfair, but was invented by his long term friend, Charles Wheatstone, professor of philosophy at Kings College, London. The Playfair cipher is well documented in the literature, but here follows a simple description: The key is provided by a 5*5 matrix of 25 letters, usually 'J' is ignored. For each PAIR of plaintext letters m1, m2 the following rules are applied to produce ciphertext c1, c2: Rules: R1. If m1 and m2 are in the same row, then c1 and c2 are the two characters to the right of m1 and m2. R2. If m1 and m2 are in the same column, then c1 and c2 are the two characters below m1 and m2. R3. If m1 and m2 are in different rows and columns, then c1 and c2 are the other two corners of the rectangle having m1 and m2 as corners, where c1 is in m1's row and c2 is in m2's row. Subrules: S1. The first row of the matrix is considered to be below the last row. S2. The first column of the matrix is considered to be to the right of the last column. S3. If m1 = m2, a null letter is inserted between the two to eliminate the double. S4. If the plaintext has an odd number of characters, a null letter is appended to the end of the plaintext. For decryption, the same rules apply except for R1 and R2: R1. If m1 and m2 are in the same row, then c1 and c2 are the two characters to the LEFT of m1 and m2. R2. If m1 and m2 are in the same column, then c1 and c2 are the two characters ABOVE m1 and m2. Creation of the key matrix: The key matrix may be loaded by any means, but is usually loaded from a 'keyword mixed alphabet' allowing a simple word or phrase to be used as a key. The IRIS implementation of PLAYFAIR IRIS implements a 16*16 matrix which allows the entire ASCII character set to be represented. The user should be aware that the NUL character is not supported, and will be suppressed on input. Therefore, PLAYFAIR is not suitable for binary data such as program images etc. In terms of cryptographic security, PLAYFAIR is very effective, and may be considered to be commercially secure, however PLAYFAIR will not withstand attack by government authorities. The BAZERIES cipher ------------------- The BAZERIES cipher is a cylindrical system devised by Commandant Bazeries of the Black Chamber, the French Army's cryptographic department. The Bazeries cylinder has been used by security agencies throughout the world, and has survived the testing of several decades. Historically, the Bazeries system used a cylinder made up from 20 disks, each having 26 character positions around the rim. IRIS implements a cylinder of 23 disks each having 256 character positions around the rim. This improves security, and permits the full ASCII character set to be processed. The Bazeries cipher is reasonably fast during encrypt/decrypt operations, but the key cylinder construction is somewhat slow, requiring some 90 seconds on a fast (16 Mhz) PC-AT class machine. The keyvalue supplied is used in the following manner: 1: The 1st 8 characters are used to seed an additive type random number generator (which has a period of roughly 2^55), which then provides (pseudo) random data to be loaded into the cylinder. 2: The keyvalue is expanded to be at least as large as a cylinder row. The bytes of the keyvalue are sorted, each byte-pair transposition being duplicated as a transposition of the cylinder rows. 2: The keyvalue is expanded to be at least as large as a cylinder column. The bytes of the keyvalue are sorted, each byte-pair transposition being duplicated as a transposition of the cylinder columns. 4: The product of the value of cylinder coordinates [0][0] & [22][255] are used to determine the initial cylinder row used by the bazeries cipher function. The contents of these cylinder elements are, of course, key dependent. Users wishing to persue the workings of this algorithm are referred to the literature. Starting IRIS ------------- The IRIS system is started by typing 'IRIS' at the keyboard: C:>iris IRIS-cmd> Alternatively, a command line may be entered: C:>iris checksum /filename = ozy.txt In this case, IRIS will perform the command requested and then exit to DOS. This is particularly useful when writing batch files which call IRIS. Stopping IRIS ------------- To finish using IRIS, type EXIT or CTRL-Z, <enter> at the command prompt. IRIS may be interrupted at any time by use of the CTRL-BREAK function, but this may leave temporary files in the curent directory. Temporary files always have the extension '.XYZ' and are therefore easily found and deleted. IRIS Command Reference ---------------------- HELP - Display simple help screen Syntax HELP Description The help command displays a single screen of help information. Example IRIS-cmd> help PC-Iris v3.7-0 syntax summary Commands ------ Help Set Show Cipher Genkey Erase Checksum Listkey Register Exit Qualifiers ---- /plain = <filespec> /cipher = <filespec> /output = <filespec> /filename = <filespec> /keyfile = <filespec> /keyname = <keynam> /keyvalue = <keyval> /keylength = <nnn> /iterations = <nn> /function = <encrypt,decrypt> /mode = <ecb,cbc,cfb,mac> /algorithm = <rsa,des,vernam,playfair,bazeries ...> /erase = <automatic,confirm,none> /crc = <ccitt,ccittr,crc16,crc16r,bytesum> Switches ------ /[no]echo_plain /[no]echo_cipher /[no]brief /[no]binary /[no]debug /[no]space /[no]control /[no]punct /[no]upcase SET - Set Default values Syntax SET /plain = <filespec> /cipher = <filespec> /output = <filespec> /filename = <filespec> /keyfile = <filespec> /keyname = <keynam> /keyvalue = <keyval> /keylength = <nnn> /iterations = <nn> /function = <encrypt,decrypt> /mode = <ecb,cbc,cfb,mac> /algorithm = <rsa,des,vernam,playfair,bazeries ...> /erase = <automatic,confirm,none> /crc = <ccitt,ccittr,crc16,crc16r,bytesum> /[no]echo_plain /[no]echo_cipher /[no]brief /[no]binary /[no]space /[no]upcase /[no]punct /[no]control /[no]debug Description The set command allows the user to change a default value for a qualifier, which will then be used for any command if the user does not explicitly specify that qualifier in the command string. Example IRIS-cmd> SET /algorithm=RSA SHOW - Show current default settings Syntax SHOW Description The show command displays the current default values for each command qualifier. Example IRIS-cmd> SHOW PC-Iris v3.7-0 Current Defaults Assignments --- Plaintext : Undefined Ciphertext : Undefined Output : Undefined Keyvalue : Undefined Keyfile : KEYS.DAT Keyname : Undefined Filename : Undefined Mode : ECB Function : Undefined Algorithm : DES Erase : AUTOMATIC CRC algorithm : CCITT Switches ------ Brief : No Echo plain : No Echo cipher : No Binary : Yes Space : Yes Control : Yes Punctuation : Yes Upcase : No Sizes --------- Iterations : 10 Keylength : 100 CHECKSUM - Calculate CRC checksums Syntax IRIS-cmd> CHECKSUM /filename=ozy.txt /crc = <ccitt,ccittr,crc16,crc16r,bytesum> Description The checksum module enables the calculation of CRC polynomials on a per file basis. The CRC values generated may be used to 'validate' or 'authenticate' an MS-DOS file periodically as any change, intentional or unintentional will show a change in the CRC value generated. Five CRC algorithms are provided: CCITT polynomial: X^16 + X^12 + X^5 + 1 CCITTR reverse CCITT CRC16 polynomial: X^16 + X^15 + X^2 + 1 CRC16R reverse CRC16 BYTESUM simple arithmetic sum of each byte in the file (not a CRC) A file checksum may be calculated thus: IRIS-cmd> CHECKSUM /filename=memo.txt /CRC=CRC16 CHECKSUM: CRC16 for MEMO.TXT is 044A (The default CRC algorithm is CCITT) GENKEY - Generate an RSA Key Syntax GENKEY /keylength=<nnn> /keyfile=<filespec> /keyname=<keynam> /iterations=<nn> /algorithm=RSA Enter P0 seed: Enter P1 seed: Enter Q0 seed: Enter Q1 seed: Enter E seed, <cr>: Description The GENKEY command will generate RSA keys of up to 500 digits in length. The prime number search procedure is due to Knuth, and the primality test algorithm is due to Fermat / Rabin. In practice, the maximum size of keys which can be generated by GENKEY is limited by the CPU power of the host computer since the generation of large prime numbers is computationally expensive. Example The minimum form of the command would be: IRIS-cmd> GENKEY /alg=RSA /keyname=minotaur Enter P0 seed: Enter P1 seed: Enter Q0 seed: Enter Q1 seed: Enter random E: GENKEY will prompt for four separate 'seeds'. These seeds are used to randomize the prime number search algorithm. in response to these prompts, make random key depressions of your numeric keypad, when GENKEY has enough digits, it will stop prompting. When the four seeds have been entered, GENKEY will prompt for the 'E' seed. One should enter a random number of a similar size to the key being generated. Therefore, if you are generating a one hundred digit key, enter a value of E with maybe, 80 to 120 digits. Whatever value of 'E' that you enter, the algorithm will produce a suitably large 'E'. Once GENKEY has been 'seeded', it will begin searching for large prime numbers suitable for use in construction of RSA keys. This process is likely to be lengthy, but progress reports are issued by GENKEY as various milestones are reached. It is possible to alter the number of tests performed by the probabilistic primality test used by GENKEY. By default, GENKEY will use 10 iterations of the primality test as proof that a number is in fact prime. Since this test is probabilistic and based on 'Monte Carlo' mathematics, the number being tested for primality can only be said to be probably prime, not definitely prime. In fact, the chance that this algorithm will fail when using 10 iterations is 9.53 * 10 E-7. (Over a million to one against failure). One may adjust the number of iterations used by using the /ITER=nn qualifier. Increasing the number of iterations will slow down the generation of keys, but improve their reliability and vice versa. When GENKEY has completed a key search, the computed RSA key values, 'N', 'E' & 'D' are stored in the key file with the keyname specified. This key may then be used for encryption or decryption via the CIPHER command, by specifying the same keyname. A more advanced use of GENKEY might be: IRIS-cmd> GENKEY /keyfile=mykeys.dat /keyname=minotaur /keylen=115 /iter=12 /alg=RSA This will generate a key of 115 digits length, called 'minotaur' to be stored in the keyfile 'mykeys.dat'. Twelve iterations of the probabilistic primality test will used during validation of primes. The 'owned by user' field of the key as stored in the keyfile is intended to indicate the name of the user who created, and therefore owns the key. In order to allow GENKEY to load this field, define the following environment variable in your AUTOEXEC.BAT file: SET USER=your_name ERASE - Totally erase the contents of a file Syntax ERASE /filename=<filespec> Description The MS-DOS file delete command has a significant drawback from the security point of view; it does not delete data! Instead, 'delete' simply removes the filename from the disk directory, leaving the data intact. A subsequent user of the PC may 'scavenge' the disk and retrieve (possibly sensitive) data from these un-allocated disk blocks. To overcome this deficiency, IRIS provides an 'ERASE' command which applies the US Government Department of Defence (DOD) file erasure algorithm to guarantee that erased files may not be retrieved. Essentially, ERASE repeatedly overwrites a file with a changing pattern before deleting the directory entry, thereby removing the data from disk. Example IRIS-cmd> ERASE /filename=garbage.txt LISTKEY - List key(s) held in a keyfile Syntax IRIS-cmd> LISTKEY /keyfile=<filespec> /keyname=<keynam> /output=<filespec> Description The listkey command is used to display details of keys held in a key file. The following command will display all key details held in the default keyfile (KEYS.DAT): IRIS-cmd> LISTKEY To select just one key, issue the following command IRIS-cmd> LISTKEY /keyname=condor To write the output to a file, suitable for mailing to another person use: IRIS-cmd> LISTKEY /keyname=condor /output=key.txt Example output: --------------------------------------------------------------------------- PC-Iris v3.7-0 Keyfile: KEYS.DAT --------------------------------------------------------------------------- DES Key Found: Key name ----------------- CLAUDIUS Owned by user ------------- DEMO Date & Time created ------- Tue Jan 03 21:51:27 1989 Keyvalue ------------------ f7-7c-88-cc-a2-54-66-88 VERNAM Key Found: Key name ----------------- CHARON Owned by user ------------- DEMO Date & Time created ------- Mon Mar 20 15:15:22 1989 Keyvalue ------------------ Bewaretheidesofmarch PLAYFAIR Key Found: Key name ----------------- EREBUS Owned by user ------------- DEMO Date & Time created ------- Mon Mar 20 15:17:02 1989 Keyvalue ------------------ Mys-ti-cism RSA Key Found: Key name ----------------- HERMES Owned by user ------------- DEMO Date & Time created ------- Tue Mar 21 21:04:20 1989 Public key element N ----- 46575243895608955350340733197 Public key element E ----- 15525081298535680925471754839 Private key element D ----- Not revealed Encryption key length ----- 29 Encrypt-Decrypt Blocksize - 8 --------------------------------------------------------------------------- REGISTER - Display IRIS registration details Syntax REGISTER Description The register command displays details of IRIS registration thus: PC-Iris v3.7-0 UNMODIFIED copies of this program may be given to others for evaluation. This program CANNOT be sold without written permission from Digital Crypto. If you intend to make use of any Digital Crypto product, we would appreciate your prompt registration. In return for registration you will receive: The latest Digital Crypto disk The latest full documentation set A license agreement Update notification & Telephone support Single PC registration is $39.00 (USD) or equivalent local currency Payment to DIGITAL CRYPTO at: DIGITAL CRYPTO PO BOX 1 Penarth South Glamorgan United Kingdom CF6 2WB Telephone UK: (0222) 711370 18:00 - 23:00 GMT Contact Digital Crypto for details of VMS-Iris / UNIX-Iris / OS2-Iris, access to source code / cipher libraries, customization, site licensing etc. CIPHER - Perform MS-DOS file Encryption / Decryption Syntax CIPHER /plain = <filespec> /cipher = <filespec> /keyfile = <filespec> /keyname = <keynam> /keyvalue = <keyval> /function = <encrypt,decrypt> /mode = <ecb,cbc,cfb,mac> /algorithm = <rsa,des,vernam,playfair,bazeries ...> /[no]echo_plain /[no]echo_cipher /[no]brief /[no]binary /[no]upcase /[no]space /[no]control /[no]punct /erase=<automatic,confirm,none> Description The cipher command is used to perform file encryption or decryption. A minimum cipher command to encrypt a file is: CIPHER /plain=ozy.txt /keyvalue=1C-72-9F-61-CB-A3-17-88 /function=encrypt and to decrypt: CIPHER /cipher=ozy.txt/keyvalue=1C-72-9F-61-CB-A3-17-88 /function=decrypt The user may prefer to use the keyphrase packing feature thus: CIPHER /plain=ozy.txt /keyvalue=bewaretheidesofmarch /function=encrypt CIPHER /cipher=ozy.txt /keyvalue=bewaretheidesofmarch /function=decrypt Note that IRIS overwrites the input file in both these cases, using the DOD secure file erasure algorithm. If the user wishes to retain the input file unchanged, the following command may be specified: CIPHER /plain=ozy.txt /cipher=ozy.cpr /keyvalue=1C-72-9F-61-CB-A3-17-88 /function=encrypt /erase=none And to decrypt: CIPHER /plain=ozy.txt /cipher=ozy.cpr /keyvalue=1C-72-9F-61-CB-A3-17-88 /function=decrypt /erase=none Qualifiers: /plain Plaintext filespec /cipher Ciphertext filespec /function Cipher function: ENCRYPT DECRYPT /algorithm Cipher algorithm: RSA DES PLAYFAIR VERNAM BAZERIES /mode= Cipher mode: ECB - electronic code book (default) CBC - cipher block chaining (Unsupported in v3.7) CFB - cipher feedback (Unsupported in v3.7) MAC - message authentication (Unsupported in v3.7) /keyfile Specify name of keyfile holding key to be used /keyname Specify name of key to be used /keyvalue Directly specify key value or key phrase /erase Select file erasure mode: AUTOMATIC - erase the input file automatically CONFIRM - prompt for confirmation before erase NONE - do not erase input file /[no]echo_plain [Do not] echo plain text as it is read / written /[no]echo_cipher [Do not] echo cipher text as it is read / written /[no]brief [Do not] inhibit display of key details being used /[no]binary [Do not] permit use of binary data /[no]space [Do not] permit space characters /[no]control [Do not] permit control characters /[no]punct [Do not] permit punctuation characters /[no]upcase [Do not] convert lower case input to upper case EXIT - Exit from IRIS to DOS Syntax EXIT Description The exit command returns the user to DOS Example IRIS-cmd> EXIT C:> Maintaining key files --------------------- Keys may be submitted to the CIPHER command via keyfiles. It is the users responsibility to edit and maintain these files using a text editor. When editing IRIS keyfiles, use your editor in ASCII mode, eg: 'non-document' mode in Wordstar. The format of an IRIS keyfile is thus: hash[Keytype][Keyname][Keyowner][wkd mmm dd hh:mm:ss yyyy][key1][key2][key3] For example: #[DES][CLAUDIUS][DEMO][Tue Jan 03 21:51:27 1989][f7-7c-88-cc-a2-54-66-88] #[VERNAM][CHARON][DEMO][Mon Mar 20 15:15:22 1989][Bewaretheidesofmarch] #[PLAYFAIR][EREBUS][DEMO][Mon Mar 20 15:17:02 1989][Mys-ti-cism] #[RSA][T3][][Mon Mar 20 16:36:01 1989][1062961][353639][624059] Any line NOT beginning with '#' is considered to be a comment. Each field has the following function: Hash - Indicates start of record Keytype - Indicates the type of key: RSA, DES, VERNAM, PLAYFAIR Keyname - Indicates the name of the key Keyowner - Indicates the owner (user) of the key Date - Indicates when the key was loaded Key1,2,3 - Keyvalue(s) Future enhancements to IRIS The next major release of IRIS is expected to contain at least the following enhancements: Encrypted keyfiles Individual key records may be stored in DES-encrypted format requiring the submission of a key prior to use by CIPHER. Support for all common cipher modes ECB (Electronic code book) is currently supported CBC (Cipher block chaining) to be implemented CFB (Cipher feedback) to be implemented MAC (Message authentication) to be implemented Support for further cipher algorithms More historically interesting ciphers will be implemented such as the German WW2 ENIGMA cipher, the 'RUSSIAN SPY' cipher etc. Non-volatile setup parameters The SET function will be modified to store changed parameters permanently. Full screen menu A full screen interface to IRIS with pull down menu's will be provided, although the current 'IRIS-cmd>' command line interface will be retained as an alternative. Cryptogram support IRIS will support ASCII cryptograms which will be able to be exchanged via E-Mail and BBS services. Currently, encrypted output is binary (except for RSA) which causes problems with simple message transfer. The format of an IRIS cryptogram will be as follows: <<<::: PC-Iris v4.0-0 :::>>> <<<::: Cryptogram Start :::>>> 1C AE 00 07 F3 ... (up to 80 cols) FA 3B 12 6D ... etc <<<::: Cryptogram End :::>>> <<<::: RSA Public Key is N:12345678912345 E:123456789 :::>>> Comments and suggestions regarding enhancements are always welcome. Appendix A - IRIS Command Syntax Conventions -------------------------------------------- An IRIS command is built up from three components: i] Command verb ii] Symbolic assignment iii] Directive (Symbolic assignments and directives are collectively known as qualifiers.) Command verb A command verb is the name of a command. Valid command verbs are HELP, SET, CIPHER etc. Symbolic Assignments A symbolic assignment occurs when a symbol is equated to some text; for example /KEYFILE = mykeys.dat is an example where the symbol /KEYFILE is equated to the text 'mykeys.dat' Directives A directive occurs when a part of a command demands a true or false reaction. For example: /NOBINARY and /ECHO_PLAIN. Command parsing and syntax analysis The IRIS command parser has several properties: i] It ignores all whitespace (LF, TAB, SP etc) ii] It converts lower case to upper case iii] It expects symbols to be separated with a foreward slash (/). iv] It allows abbreviation of any command down to a single character, and resolves ambiguities on a first found basis. v] It is not concerned with the order in which the various parts of a command are entered. Therefore, the following command: CIPHER /PLAIN = ozy.txt /KEYVALUE = AC-1F-43-6B-11-73-8D-9A /FUNCTION=encrypt Could be expressed as: Cipher /FUN=encrypt /plaIN = OZY.txt /KEYV = AC-1F-43-6B-11-73-8D-9A Appendix B - IRIS Error Messages -------------------------------- Message Classes IRIS can produce two classes of error message: i] Standard IRIS format messages ii] Internal error messages Standard IRIS format messages Most of the messages produced by the IRIS software will be standard IRIS format, and have the following format: SEVERITY: IDENT, TEXT. QUALIFICATION Where: SEVERITY Severity level indicator, can have the following values: SUCCESS INFORMATIONAL WARNING ERROR FATAL IDENT An abbreviation of the message text TEXT The explanation of the message QUALIFICATION Not always present. Describes problem in more detail. Internal Error messages Internal errors should never occur. An internal error is produced when a software trap detects an exception condition which should not exist. Receiving an internal error message is an indication that there is a serious problem with the computer hardware, operating system or IRIS. Internal errors have the following format: INTERNAL ERROR nn - TEXT Appendix C - Bibliography ------------------------- R.L. Rivest A method for obtaining digital signatures A. Shamir and public key cryptosystems L. Adleman - Communications of the ACM February 1978 Donald E. Knuth The Art Of Computer Programming Volume 2 / Seminumerical Algorithms - Addison Wesley 1969,1981 John Smith Public Key Cryptography - Byte January 1983 Martin E. Hellman The Mathematics of Public Key Cryptography - Scientific American August 1979 Whitfield Diffie Privacy And Authentication: An Introduction Martin E. Hellman To Cryptography - Proceedings of the IEEE March 1979 D.W. Davies An Annotated Bibliography of recent W.L. Price Publications on Data Security and Cryptography - National Physical Laboratory January 1980 Brian Beckett Introduction to Cryptology - Blackwell Scientific 1988 Meyer CRYPTOGRAPHY: A new dimension in computer Matyas data security - Wiley Interscience 1982 David Kahn The Codebreakers - Macmillan. New York. 1967