FILE ENCRYPTION SYSTEM A Powerful System to Protect Your Sensitive Data Version 4.xS (C) Copyright, Bennett Scott 1985-1991 PREFACE The File Encryption System is a simple but powerful tool for keeping your sensitive data safe and secure. It does this by encrypting (scrambling) the data in a file based on a password that you choose. The encryption is performed automatically as you run your application programs. The File Encryption System allows the user to select different levels of data security (1 - 2). (Note: a more powerful version is available with your registration, with 5 levels of encryption, with level 5 meeting the U.S. National Institute of Standards and Technology (NIST), formerly the National Bureau of Standards, Data Encryption Standard (DES). See documentation on the distribution disk for more details.) The encryption algorithm thoroughly randomizes the data and is virtually impossible to decrypt without the password. The File Encryption System is a shell program which allows you to run word-processing, spreadsheet, database or any other programs that use files for data storage. This capability can be very useful if you have proprietary information such as business plans or financial data that you do not want anyone to be able to access. This manual describes how to use the File Encryption System. Chapter 1 is an introduction to file security and how it is approached. Some fundamental theory is presented to give you a basic feel for how this system works and how you can use it. Chapter 2 describes the utility programs included in the File Encryption System software. Chapter 3 describes how to install the software on your computer. Chapter 4 describes how to use the software. Chapter 5 illustrates examples using different word- processing, spreadsheet, and data base programs. Chapter 6 describes some limitations of the File Encryption System. 1 Chapter 7 describes how to use the LOGIO file I/O logging program to analyze your application programs so that you can properly set up the File Encryption System. Appendix A contains explanations of error messages that you may encounter when using the File Encryption System. Appendix B contains information for configuring the File Encryption System for some of the widely used application programs in use today. Appendix C contains a list of application programs that must be configured to use algorithm modification 1. Appendix D contains a hexadecimal to decimal conversion table. Before continuing with this manual, you should be familiar with the DOS operating system. You need to know how data is organized into files, and how programs can use these files. You will need to know what program files and what data files your programs use when you are ready to set up your secure system. The File Encryption System provides a utility program for analyzing what files are used by your applications programs if you need it. This is explained later. 2 INTRODUCTION The File Encryption System is a file encryption program meant to protect your sensitive data. The File Encryption System includes a shell program that runs under PC/MSDOS 2.1 (and later versions) that is loaded into memory by the user when running normal application programs. Once in memory, the program remains active until the user exits the program and returns to DOS. This way, the File Encryption System is always ready to protect your files, no matter which program you are running. It will work with spread-sheets such as Multiplan(c), Microsoft EXCEL(c), and Lotus 1-2-3(c). It will work with word processing programs such as Microsoft Word(c), Word Perfect(c), and Multimate(c). In fact, it will work with just about any program that uses files for data storage. In addition to the shell program, utility programs are included to encrypt the data in a file, to decrypt the data in a file, generate a configuration file (to configure the File Encryption System) and a file logging program to log file access I/O (so you can tell what files are used by your program). 3 HARDWARE REQUIREMENTS: To run the File Encryption System you need - An IBM PC, XT, 286/386, PS/2 or compatible PC - At least 256K of RAM - MS/PC DOS 2.1 or higher NETWORKS: The File Encryption System is compatible with standard local area networks (LANs) networks, such as Novell or 3COM, since a file on a network file server looks like any other file to the program. 4 THE FILE ENCRYPTION SYSTEM AND DOS The shell program (SECURE.EXE) works by sitting between the operating system (MSDOS) and your software (application) program, e.g., Lotus 1-2-3, dBase III, etc. It continually watches for when your software program asks the operating system to either get data from a file or to put data into a file. Then, SECURE steps in, intercepts the data, and changes it by encryption (scrambling) or decryption (unscrambling) before sending the data on its way again. For example, if your program wants to put the line: THIS IS A LINE OF DATA. into a data file, the security system intercepts this data and may change it to something like: Q%26,Kap+!Q,ORYkd74$#$= before actually putting it in the file. When the program wants to read this line from the file, the security system again steps in and changes what looks like "garbage" back to the original data. Of course, the "garbage" data can be changed back to the good data only if the program uses the same password to decrypt (unscramble) the data that it used to encrypt the data. If you write a file with a password, and then remove the password, anyone else who looks at the file will see nothing but garbage. SECURE will work with almost any program that runs under MS/PC DOS (we have yet to find one that does not work). Whenever you give the security system a password, all data going to or coming from files will be encrypted or decrypted. This is an advantage in that NO data need ever be put on a floppy disk or hard drive without being protected. But if all files are encrypted and decrypted as long as a password is in effect, what happens if the software program needs to read in data from some other file, such as text in a HELP file, or another part of the program itself? If the security system changes this data, it might be disastrous. This problem is solved by being able to tell the program which files are or are not encrypted. This is done by specifying filename extensions (such as .EXE for programs, or .HLP for help files) when the security system is configured. This will be covered in more detail later, 5 but it is important for you to know which files your programs will need to use without altering the data in them, on which files you want encrypted. 6 DATA SECURITY The purpose of any data encryption system is to provide data security. But the responsibility of data security is not a one-way street. You need to take an active role in determining what needs to be secured, how it needs to be secured, and keeping it secured. This section will help you make those decisions. The File Encryption System was designed to make it as easy as possible to use. Once the program has been properly installed, all you need to do is enter your DOS commands like always, but in addition, you will be prompted for a password. The basis of any security system is PASSWORDS. A file is encrypted based on a password. Different files can have different passwords, or all files used by a particular program can have the same password. You can change passwords by decrypting the file with the old password, and encrypting it with a new one. The password is not saved in any way with the file. If you forget your password, you will have lost your data. The File Encryption System is the electronic equivalent of a paper shredder. Loss of your password will prevent your own access to your data. Passwords can be any printable character (any character on the keyboard) up to sixteen characters in length. To the File Encryption System, upper and lower case letters are not the same -- "PASSWORD" is not the same as "password". Also, embedded spaces are considered part of the password ("pass word" is not the same as " password "). Choose your password(s) with care; it is not a good idea to choose a password that is too "easy" to remember, such as your name - - such passwords are also too easy to guess by other people. Of course, you should protect your password(s); if everyone knows what it is, your data is not secure. The File Encryption System has two (2) levels of encryption. The level of encryption is determined by the configuration file. The level you should use depends upon how "secure" your data needs to be. Level 1 is known as a "polyalphabetic cipher". It merely substitutes characters for other characters, based on the password. While not the ultimate in security, it is good enough for many applications. The advantage of this level is that it does not add any time to get data from your files. A level 1 encrypted file could be broken by an expert in cryptography, but you need not worry about this unless your business deals in highly sensitive data. Level 2 is based on the Data Encryption Standard (DES) approved by the NIST. This is an extremely complex algorithm adapted as a standard way to encrypt data. It is considered by many to be unbreakable. 7 The disadvantage to this is that it takes a long time when done in software. Level 2 is actually a compromise. It uses the same algorithm as the DES algorithm, but instead of 16 iterations of encryption (as required by the standard), level 2 performs 1 iteration. The version sent to you with your registration will support 5 levels, with the 5th level being the DES algorithm in its entirety. Level 2 is the default value suggested for use with the File Encryption System. If you are using a slow PC (a 4.8 MHz 8088), you may want to go to level 1. 8 COMPONENTS OF THE DATA ENCRYPTION SYSTEM There are five files associated with the data encryption system. They are SECURE.EXE, ENCRYPT.EXE, DECRYPT.EXE, EDITCFG.EXE and LOGIO.EXE. Another file, SECURE.CFG contains configuration information used by SECURE.EXE. Once the system is set up, only SECURE.EXE and one or more configuration files (default = SECURE.CFG) are required. SECURE.EXE is a program file which acts as a command shell. It allows you to give normal DOS commands, just as if you were giving them to DOS itself. You will also give a password. This program will take your password, enable the encryption system, and will then start your requested program running. Thereafter, all data read from files or written to files will be protected by encryption. When your program terminates, the shell program will start to run again. It will turn off the encryption system, and will then ask for the next command, and password. The file SECURE.CFG is a configuration file which tells SECURE.EXE how to encrypt data. This file contains information regarding the level of encryption, whether the desired files are to be included or excluded, the file extensions (e.g., .WK1, .PRN, etc.), valid passwords, and other options. Although there is a SECURE.CFG file supplied, it can be changed by using EDITCFG.EXE. You may also create your own configuration files using EDITCFG. It should also be noted that multiple configuration files can be used. SECURE.EXE uses SECURE.CFG as a default if no other configuration file is entered when SECURE.EXE is executed, but you may name your configuration file whatever you like. You can have as many configuration files as you need, each having whatever name you desire. The files ENCRYPT.EXE and DECRYPT.EXE are standalone command files (programs) which will encrypt and decrypt a data file. These programs can be called from DOS, from the SECURE.EXE program, or any other way you would normally call a program. EDITCFG.EXE is a configuration editor utility that is used to generate or edit the configuration file(s) used by SECURE.EXE. The program displays screens that the user completes in order to configure the program. 9 LOGIO.EXE is file I/O logging utility used to display what files are being used by a program. By running LOGIO, the user can determine the extensions of the files being used by your application program. The results from running this program can be used to determine the extensions that must be specified in the configuration file(s). 10 INSTALLING THE FILE ENCRYPTION SYSTEM This section is designed to assist you in installing the File Encryption System on your system. To install the File Encryption System on a hard disk: We recommend that you copy the File Encryption System to its own directory. Use the DOS "mkdir" command to create the directory FES. (You may use any name you like.) At the DOS prompt type: mkdir c:\fes and press ENTER. Throughout this procedure, substitute the letter of the drive you want the File Encryption System installed on, if appropriate. If you've named your File Encryption System directory something other than FES, substitute that as well. Place the File Encryption System distribution diskette into your "A" drive and enter: copy a:*.* c:\fes You will now need to modify the "path=" statement in your autoexec.bat file so that DOS knows where to find the File Encryption System program files. Append: c:\fes; to the end of your "path=" statement. You must then reboot the computer for this change to be in effect. To install the File Encryption System on a floppy disk: Assuming you have two floppy diskette drives, begin by placing the your DOS diskette in drive A, then enter: diskcopy a: b: 11 DOS will respond with the message: Insert SOURCE diskette in drive A: Insert TARGET diskette in drive B: Press any key to continue Remove the DOS diskette from drive A and replace it with the original File Encryption System distribution diskette. Then put a new diskette or one containing data you know longer need or want in drive B and press any key to start the copy process. After you have made a master diskette, store the distribution diskette in a safe place, where it will be available if the master diskette ever becomes damaged. 12 USING THE FILE ENCRYPTION SYSTEM This section is designed to guide you through setting up and running a secure system. Once you have installed the File Encryption System, a number of decisions must be made before running the SECURE program: - encryption by inclusion or exclusion, - level of encryption (1 - 2), - encryption modification, - file extensions to be included or excluded, - definition of a menu screen, - running single or multiple application programs from a single configuration file These questions must be answered in order to properly set up the configuration file. The utility program EDITCFG.EXE will allow you to generate a customized configuration file for your own secure system. The first step is determining whether you want to set up your system to encrypt by inclusion (+) or exclusion (-). With the inclusion method, all files having the specified extensions are encrypted. Using the exclusion method, all files except those with extensions specified are encrypted. If you are using the inclusion method, you will specify the extensions of all the data files used by the application programs (e.g., .wk1, .wks, .dat, .doc, .dbf, .txt). If you use the exclusion method, you will specify the extensions that the application programs use internally, such as device driver, dictionary, font, configuration and overlay files (e.g., .dvc, .dic, .fnt, .cnf, .ovl). If the data file has no extension specified, you indicate the file by using a period (.) without any extension. Since there is no difference, you may specify either upper or lower case letters (e.g., .WK1 or .wk1). You may also use the question mark (?) as a wildcard character (e.g., .WK? for .WK1 and .WKS). The commonly used extensions .EXE, .COM, .SYS, .BAT and .HLP are automatically excluded. Determining whether to encrypt by using the inclusion or exclusion method depends on how you wish to configure your secure system and how your program stores its data in files. Note that either method can be used for any 13 application program; it's just that one method may be more convenient than another. If you are running a single application program from a configuration file or there are a limited number of data files to be encrypted or the application program assigns the file extension, you may want to use the inclusion method. If you are running multiple application programs from a single configuration file or if a large number of data files are to be encrypted or the user can assign the file extensions, you may want to use the exclusion method. For example, if you are using Lotus 123 (c), all your worksheets will be stored in a xxxxxxxx.WK1 file (123 release 2). It is very easy to use encryption by inclusion since you only need to specify the one extension: .WK1. However, if you are using Microsoft Word (c) as your word processor, even though Word uses .DOC as a default for its data files, you may be using quite a few different extensions for all your Word documents. In this case, you might want to specify encryption by exclusion, and specify all the program files that Word uses. Identifying the file extensions to be specified in the configuration file requires you to determine which files are data files and which files are program files. Generally, the application software documentation will describe which file extensions are data and which are programs. If this cannot be determined from the documentation, a utility program LOGIO.EXE is included. This program will log all file access I/O. From this report, you should be able to identify the proper extensions to specify in the configuration file. Even if the documentation specifies what files are used, you should run LOGIO to verify those files; many programs use temporary files that are not documented. If these temporary files contain data, you may want to have these files encrypted as the program runs. If you do not, even though the files will be erased when the program is through with them, those files can be restored by several available utilities, and the data can be retrieved. More on how to use LOGIO is explained in Chapter 7. The second step is selecting the encryption level (1- 2). Level 2 is the default level. As discussed previously, the encryption level is determined by how secure you want your data. It should be noted that the higher the encryption level, the more time involved in reading and writing the data to the disk. Although the File Encryption System was designed to be transparent to most programs, some programs may not work properly, due to the method the encryption algorithms encrypt the data files. Some programs require that the exact number of bytes be written in the data file. Therefore, it may be necessary to modify the encryption 14 algorithm to work with those programs. This is accomplished by specifying a one (1) instead of the default zero (0). Most programs work fine with the modification parameter set to 0. Some will not work at all, unless you set this parameter to 1. A list of the known programs that require this parameter be set to 1 is listed in Appendix C. Most programs will also work fine with this parameter set to 1. The only difference is that when the algorithm modification parameter is set to 1, up to the last 7 characters in the file will not be encrypted. It is rare that any sensitive data will be contained in the last 7 bytes, or that the last 7 bytes will make any sense by themselves, but why take a chance? We recommend that you start with the modification parameter set to 0. If you have a program listed in Appendix C, or your program does not work, set the modification parameter to 1. Note that there is no in between: your program will either totally work with the parameter set to 0, or it will not be able to read and write data files at all. If desired, you may define a menu that will be displayed when the SECURE program is executed. You may put anything you like in this menu to make your application easy to use. 15 SETTING UP YOUR SECURE SYSTEM To set up your secure system you must first generate a configuration file with the desired features by running EDITCFG.EXE. Sample configuration files are included for your examination. USING EDITCFG.EXE The utility program EDITCFG.EXE allows you to generate a customized configuration file for your own secure system. To execute EDITCFG, at the DOS prompt type EDITCFG or EDITCFG . C:\SECURE>EDITCFG , or C:\SECURE>EDITCFG DEMO1 The default filename used by SECURE is SECURE.CFG (this default is used by SECURE, not by EDITCFG). If you don't enter a filename, you will be prompted to enter the name of a configuration file. You can select any name you want for the configuration file. You may enter a full pathname (the disk drive, directory, and filename) on the command line or in response to the prompt. During the following discussion, references will be made to screens that appear when setting up a configuration file. These are for example only; you may configure your configuration files for whatever purpose you might like. Once you have selected a name for the configuration file, the utility will search all directories in the path for the named file. If the file is not found you will be asked if you want to create the file. 16 For editing purposes the following keys can be used whenever data is to be entered: KEY FUNCTION TAB, ENTER, DOWN ARROW Next field SHIFT TAB, UP ARROW Previous field LEFT ARROW Move left one character RIGHT ARROW Move right one character Insert Delete single character Delete to end of field Move to beginning of field Move to end of field When using EDITCFG the function keys are predefined and allow you to go from one screen to another. The function key definitions are shown below. FUNCTION KEY FUNCTION F1 File Extensions F3 Menu Screen F10 Save file ESC Abort 17 After starting the EDITCFG program, and specifying the configuration file to edit, the Edit File Extension screen will be displayed. On this screen, you select the encryption method, level, modification, and file extensions. In the file extension portion, the field must begin with a period (.). To specify files without any extensions, use just a period in the field. An example configuration file is shown below. Edit File Extensions Encryption by inclusion (+) or exclusion (-) : <+> Encryption level (1 - 4) : <2> Encryption modification (0 - 1) : <0> File Extensions: <.WK?> <.PRN> <.DAT> <.TXT> <.DOC> < > < > < > < > < > F1-File exts F3-Menu F10-Save Edit Configuration Utility - VX.XXX (C) Copyright Bennett Scott, 1991 As you can see in this example, the configuration file will encrypt the files having the specified extensions with an encryption level of 2. File extensions .WK1 and .WKS will both be encrypted since the wildcard (?) was used. 18 Pressing F3 displays the Edit Menu screen. This screen allows the you to generate a customized menu that appears on the screen when SECURE is executed. You can also use the extended character set by typing where xyz is the decimal equivalent of the character to be displayed (to do this, hold down the ALT key and type the numbers on the keypad). You can use this feature to draw boxes and lines on the menu screen. An example of a menu is shown below. Edit Menu ------------------------------------------------------------ -------------------- SECURE MENU Select one of the following commands DATA - Spreadsheet Program WORD - Word Processor COMM - Communication Program FILE - Database Program EXIT - Return to DOS ------------------------------------------------------------ -------------------- F1-File exts F2-Function keys F3-Menu F4-Passwords F5- Program F10-Save Edit Configuration Utility - VX.XXX (C) Copyright Bennett Scott, 1991 Pressing F10 saves the configuration file. You can return to any of the other screens by pressing the respective function key. Pressing the ESC key aborts the configuration program without saving the file. 19 USING ENCRYPT.EXE Now that you have setup the configuration file, you may still need to encrypt already existing data files in order to begin using the File Encryption System. The File Encryption System utility program, ENCRYPT.EXE will encrypt a file given a file pathname, password, encryption level and algorithm modification. The program is started by entering "ENCRYPT" at the DOS prompt. The following screen will be displayed, prompting you for the required information. Enter data and press F1 to start encryption Current Directory = Pathspec = > < Password = > < Encryption Level = >2< Modification = >0< File Encryption Utility - VX.XXX (C) Copyright Bennett Scott, 1991 Enter the filename you want to encrypt. You may give both a disk and directory name in addition to the filename. The question mark (?) and asterisk (*) may be used as wildcard characters in the filename. If the file cannot be found, you will get an error message. Enter a password, up to 16 characters and an encryption level (1 - 2); level 2 is the default. If necessary to modify the encryption algorithm, change Modification from 0 to 1. The password you select will be required when you run SECURE. Any password may be used here, regardless of whether or not passwords have been preassigned in a configuration file. 20 The encryption level that you select must be the same as entered in the configuration file. Pressing F1 starts the encryption process. The file is then read, encrypted, and written back to disk. The encrypted file is written directly over the original file, so no trace of the unencrypted original is left. After the encryption is done, the program terminates. If wildcards are used, the encryption procedure is repeated until all files are encrypted. When encrypting files, you must be careful and not encrypt an already encrypted file. The encryption utility does not know or care if a file is already encrypted; it will encrypt the file twice. The file can still be restored, it is just a matter of using the decrypt utility (twice, in the reverse order that the encrypt utility was used). You should also be careful to not interrupt the encrypt utility while it is running. As a fail-safe feature, ENCRYPT first writes encrypted data to a temporary file and then writes the encrypted file over your original file. If the program is interrupted while it is running, the original unencrypted file will still be present, as well as the temporary file which is encrypted. Pressing the ESC key before pressing the F1 key will abort the Encryption program. 21 USING DECRYPT The File Encryption System utility program, DECRYPT.EXE will decrypt a file given a file pathname, password, and an encryption level. The program operates similarly to the encrypt utility, except that the file(s) are decrypted instead of encrypted. The program is started by entering "DECRYPT" at the DOS prompt. You can use DECRYPT to change the password or encryption level of a file by first running DECRYPT using the old information and then running ENCRYPT with new information. You can use the ESC key to abort the decryption utility. The following screen will be displayed, prompting you for the required information. Enter data and press F1 to start decryption Current Directory = Pathspec = > < Password = > < Encryption Level = >2< Modification = >0< File Encryption Utility - VX.XXX (C) Copyright Bennett Scott, 1991 22 USING THE SECURE PROGRAM Now that you have created a configuration file and encrypted the necessary data files, you are ready to start the The File Encryption System main program (SECURE.EXE). At the DOS prompt enter the command "SECURE", followed by the configuration filename. If you do not enter any arguments, SECURE will search for the default configuration file, SECURE.CFG, in the current directory, then in all directories specified by the PATH. An error message will appear on the screen if the configuration file can not be found. What you see on the screen depends on how you set up your configuration file. Enter at the DOS prompt: > SECURE , or > SECURE 23 RUNNING SECURE When you execute the SECURE program, you will see the menu that you defined in your configuration file. Shown below is the menu screen that would appear if the configuration file used in a previous example was used. SECURE MENU Select one of the following commands DATA - Spreadsheet Program WORD - Word Processor COMM - Communication Program FILE - Database Program EXIT - Return to DOS Directory = > Command > Password > < Lines 4 through 20 on the display is the menu defined in the configuration file. This file is read once when the program starts to execute, then the file is not needed again. As discussed in the previous section, you may put anything you like in this file to make your application easy to use. This file needs to be in the default directory or in the PATH when SECURE.EXE begins to execute. You will receive an error message if SECURE can not find the configuration file. Line 22, (Directory =) displays the current (or default) disk and directory. 24 Lines 23 and 24 contain the prompts for the command, and the password. The command can be any DOS command you normally use. The program will take the command and will try to execute it in one of two ways. It will first look for a .COM or .EXE file which corresponds to your command. You can also give a disk and directory name as part of your command (such as B:\UTILITY\CHKDSK), however you must realize that a large number of programs require supplementary files which all must be in the default directory or path. (This is the same restriction on PC/MSDOS itself, so you should be familiar with this.) If the file cannot be found as a .COM or a .EXE file, then a copy of COMMAND.COM is loaded to execute your command. COMMAND.COM is the MSDOS command interpreter. This must also be done to execute internal commands (such CHKDSK and TYPE) and batch files. If another copy of COMMAND.COM needs to be loaded, you will have reduced the amount of memory available to your program by the size of COMMAND.COM. If you give the command COMMAND, a copy of COMMAND.COM will be loaded and control will be transferred to it. This is similar to loading any other program file. If the file COMMAND.COM is not in the default directory or path on the default disk, you may give both a disk and directory in front of the command (such as C:\SYSTEM\COMMAND). You can leave the command interpreter and return to the SECURE program with the command "EXIT". The password can be any printable character (any character on the keyboard) up to 16 characters long. Keep in mind that all characters in a password are part of that password. For example the password "PASSWORD" is not the same as the password "PASS WORD", which has an embedded space. It is also not the same as "password"; upper and lower case characters are different. If you do not enter anything (by simply pressing the RETURN key), the encryption system will not be turned on. This allows you to perform the internal and external DOS commands or execute any program which does not require encryption. If your configuration file was created with passwords assigned, you must enter the correct password at this prompt (or no password). An invalid password will give you an error message. After your command finishes processing, control will be returned to the SECURE.EXE program. You will get the message: Command terminated - Press any key to continue At this point, press any key to return to the menu. 25 The encryption system is automatically turned off when you return to the SECURE.EXE program. You may be wondering what will happen if you do not turn on the encryption driver (by not entering a password), or turn it on with the wrong password. When the program tries to read data from an encrypted file, it will read meaningless data. Many programs, especially spreadsheet programs and some word processors, can recognize that the data does not make sense and will give you an appropriate message. Other programs, like a text editor, won't care - one character is as good as another to them. In this case you may see gibberish on the screen. Other programs, like some older word processors, may not be able to detect meaningless data, but will try to use it and "crash" the system. In this case you may have to reboot your system. It will not harm the files themselves. While SECURE is active and expecting you to enter a program and password, the UP and DOWN arrow keys allow you to recall previously executed commands (up to 16). If you decide not to perform a particular command after having entered it at the command prompt you can use the HOME key to wipe out the entry. Pressing the ESC key or typing EXIT at the command prompt will terminate SECURE, returning you to whatever application was executing prior to running SECURE. 26 LIMITATIONS OF THE FILE ENCRYPTION SYSTEM Although the File Encryption System was designed to be transparent to most programs, some programs may not work with the security system. This section details those areas that may cause problems. The encryption algorithms used by the security system require that data be written in blocks of 8 bytes. A program can write any number of bytes it wants, and the security system will handle the task of converting the data to 8 byte blocks. Most programs will not care that the file size of their file is 800 bytes instead of the 797 bytes that they actually wrote. However, there may be some programs that do not like it, and will not work properly. If the File Encryption System is off, 797 bytes written will yield a 797 byte file. It is only when the data is being encrypted (a password is specified) that the data will be written in 8 byte blocks. To allow the File Encryption System to work with these programs, during the set up of the configuration file, you can modify the encryption algorithm by selecting one (1). If there are less than 8 bytes remaining to be encrypted, those bytes will not be encrypted. A list of known programs that must use this modification are listed in Appendix C. If a program opens a file for write access only, this is intercepted by the security system and changes to read/write access. This is necessary if the program wants to write 1 byte in the middle of the file. The security system must read an 8 byte block, decrypt it, write the data, and encrypt the block before putting it back in the file. This should cause no problems. There is a limit of 40 files with exclusion extensions that can be open at any one time with the handle method of file I/O. This should be more that enough for most applications. If this upper limit is reached, the application task may return an error saying that too many files are open. Note that the default number of files that can be open under MSDOS with the handle method is only 8, so unless there is a FILES= command in the CONFIG.SYS file that specifies more than 40 files, there is no chance of this even being a problem. The security system works by intercepting the MSDOS function call interrupt (INT 21H). If a program changes this 27 vector without putting it back to its original value, the security system may be disabled. 28 USING THE LOGIO UTILITY PROGRAM It is not always a straight forward task to determine what files an application program may be using. Program file extensions (for encryption by exclusion) can usually be determined by merely looking at the directory containing the application program and noting all the extensions. Note however, that even by doing this, you may have many files extensions that you may want to exclude. But, it is not always an easy job to determine what data files (for encryption by inclusion) that an application program may be using. For example, it may be readily apparent that your word processing program appears to be using the extension ".DOC" as a default for all your text files, and you plan to use only that extension. But the word processor may really be writing to a file with a ".TMP" extension (for "temporary"). After this file is written to disk, it is renamed to ".DOC" after your original file has been renamed to ".BAK" (for "backup"). If you configure SECURE to only encrypt ".DOC" files, your file will end up unencrypted. This is because the file is unencrypted when writing to the ".TMP" file, since you did not specify the extension ".TMP". Renaming the file from "FILE.TMP" to "FILE.DOC" will not affect the encryption, since renaming the file only changes the name; the file has already been written under its old name. The LOGIO utility allows you to look at what files any application may be using by logging all file access input and output (reads and writes) to a file. By having this information, you can tell what files are being used by your program, so that you can correctly configure SECURE to properly encrypt your data files. You should always run LOGIO as one of the first steps in setting up your configuration. Remember, even if you think you know what files are being used by your application, if your data files are not being encrypted after running your application program from the SECURE program, it may be caused by the application program using temporary files for data storage. If this is the case, running LOGIO will give you the information you need to correctly configure SECURE. 29 In order to use LOGIO, enter LOGIO at the DOS prompt. The following screen will be displayed. Current Directory = > File I/O Logging Program - VX.XXX (C) Copyright Bennett Scott, 1985-1991 This screen looks very much like the SECURE screen, and in fact works much the same way. But instead of intercepting all data being read and written to the data files, the information that these data files are being used will be logged to a log file. The current directory will be shown after the equal (=) sign. If you need to change to another directory in order to run your application program, you can use the DOS change directory (CD) command entered at the > prompt. The current directory should now displayed after the = sign. You can now enter the command to run your application program. Upon running your application program, the LOGIO program will store the names of the files that are being used by your application. From this log file you will be able to determine what files are being used by your application program. You will see messages that indicate when files are opened, created, renamed, and moved. All files must be "opened" before an application program may use it. Every file that the application program uses must be opened, and as such, the file's name will be printed. A file must be opened whether it exists or not; 30 files that are opened may be either program files or data files. A file that does not exist cannot be opened; it must be "created". Usually an application program may try to open a file, find that it is not there, and will then create the file. The create operation not only creates the file, but it also opens the file so that it can be used. When you see an application program trying to open a file, then creating it, you may have caught your application program using a temporary file. An application program, when through with a temporary file, will usually "rename" (or "move" the file). Both these operations are essentially the same: the name of the file is changed. This is usually done when a temporary file must be renamed to your data file. All the messages logged by the LOGIO program are stored in the file "$$$LOGIO.LOG". This file will be put in the default directory selected when LOGIO is started. You may use any normal way you have to look at this file (type, print, edit, etc). You may also send the output directly to your printer while the program is running by running LOGIO with a "/P" parameter, ie, when starting the LOGIO program, enter "LOGIO /P" at the DOS prompt. The messages printed by LOGIO are as follows: Opening file handle : Filename = EXAMPLE.TXT Hex values of extension = [54][58][54] This is a typical "opening file" message. The file "EXAMPLE.TXT" is being opened by the application program. The term "file handle" refers to the way that the application program is controlling the file. A similar message will say "Opening file FCB". This is an alternate way of controlling files in MSDOS. As far as configuring SECURE, both messages give you the same information. In addition to the name on the first line of this message, the second line repeats the extension in hexadecimal notation. Some application programs may use "nonstandard" characters in the extension name (such as the smiling face or mathematical symbols). These are characters that are supported by PCs, but are outside the normal ASCII printable character set range. These will be properly displayed on the first line of this message in the $$$LOGIO.LOG file, but if your printer does not support the full PC character set, and you print the log file, your printer may not print these special characters. The hexadecimal notation is also useful if you need to enter the extension in the SECURE configuration file. To do so, first 31 convert each character of the extension in hexadecimal notation to decimal notation by referring to appendix D. You can then enter the nonstandard character on the appropriate screen of the EDITCFG program by holding down the ALT key and pressing the three keypad digits that represent the character in decimal notation. Creating file handle : Filename = EXAMPLE.TXT Hex values of extension = [54][58][54] This is a typical "creating file" message. The file "EXAMPLE.TXT" is being created, and then opened by the application program. The term "file handle" refers to the way that the application program is controlling the file. A similar message will say "Creating file FCB". This is an alternate way of controlling files in MSDOS. As far as configuring SECURE, both messages give you the same information. This message also gives you the alternate hexadecimal notation for the extension. Moving file : EXAMPLE.TXT => EXAMPLE.BAK Hex values of extension = [54][58][54] => [42][41][4B] Renaming file : EXAMPLE.TXT => EXAMPLE.BAK Hex values of extension = [54][58][54] => [42][41][4B] These two messages show a file being renamed. Both these messages show a file named "EXAMPLE.TXT" being renamed to "EXAMPLE.BAK". All these messages can now be put together into a sample LOGIO session. In this case, we will edit a file "EXAMPLE.TXT" using our text editor "EDIT". We have started the session by entering: EDIT EXAMPLE.TXT at the LOGIO command prompt. The logging session may look like follows: Opening file handle : Filename = EDIT.CFG Hex values of extension = [43][46][47] Opening file handle : Filename = EXAMPLE.TXT Hex values of extension = [54][58][54] Opening file handle : Filename = EXAMPLE.TMP Hex values of extension = [54][4D][50] Creating file handle : Filename = EXAMPLE.TMP Hex values of extension = [54][4D][50] Moving file : EXAMPLE.TXT => EXAMPLE.BAK 32 Hex values of extension = [54][58][54] => [42][41][4B] Moving file : EXAMPLE.TMP => EXAMPLE.TXT Hex values of extension = [54][4D][50] => [54][58][54] In this example, the first open is a file named "EDIT.CFG". This is a configuration file that the editor uses, and is part of the application program. The next file that is opened is "EXAMPLE.TXT". This is our data file that we want to edit. The next two logged messages show that a file named "EXAMPLE.TMP" was opened, then created. Our editor is using a temporary file with the ".TMP" extension. Since the temporary file is not there, it cannot be opened, and must be created. The last two messages show the files being renamed to complete the edit operation. Our original file was renamed "EXAMPLE.BAK"; it is now a backup file. The temporary file was renamed "EXAMPLE.TXT", which is our newly edited file. If we want to configure SECURE for encryption by exclusion, we would have to specify the ".CFG" extension; our editor uses a file with this extension. If we want to configure SECURE for encryption by inclusion, we would specify the extensions ".TMP", ".BAK", and ".TXT". The editor is going to use the ".TMP" and ".BAK" extensions for a temporary file and a backup file. We want the temporary file to be encrypted so that the temporary file cannot be "undeleted" from the disk. We want the backup file to be encrypted so that we can edit it later. Note that the backup file will be encrypted, since it is really only being renamed; but we want to be able to edit the backup file. We specify the ".TXT" extension since that is going to be the extension on all our encrypted data files; we could specify as many extensions that we want for data files. 33 APPENDIX A MESSAGES in ENCRYPT/DECRYPT Encrypting file The named file is currently being encrypted. Decrypting file The named file is currently being decrypted. *** No Files Found *** No files matching the pathname specification could be found for encryption or decryption. *** Error opening file *** An error was encountered when trying to access the named file. This error should not occur unless there is a file subsystem (disk) problem. *** Error opening working file *** An error was encountered when trying to access the named file. This could be caused by the disk being write protected or the disk (or directory) being full. *** Error writing working file *** An error was encountered when trying to write to the named file. This could be caused by the disk being write protected or the disk being full. *** Error reading file *** An error was encountered when trying to access the named file. This error should not occur unless there is a file subsystem (disk) problem. 34 *** Error reopening file *** An error was encountered when trying to access the named file. This error should not occur unless there is a file subsystem (disk) problem. *** Error reopening working file *** An error was encountered when trying to access the named file. This error should not occur unless there is a file subsystem (disk) problem. *** Error reading working file *** An error was encountered when trying to access the named file. This error should not occur unless there is a file subsystem (disk) problem. *** Error writing encrypted file *** An error was encountered when trying to write to the named file. This could be caused by the disk being write protected, your original file being write protected, or the disk being full. *** Error writing decrypted file *** An error was encountered when trying to write to the named file. This could be caused by the disk being write protected, your original file being write protected, or the disk being full. 35 MESSAGES IN SECURE *** Configuration file not found *** The specified configuration file could not be found in either the current directory, or in any of the directories specified by the PATH. If no configuration file was specified, SECURE.CFG could not be found. Command terminated - Press any key to continue. SECURE has successfully completed execution of the command given on the SECURE menu screen. Press any key to return to the SECURE menu screen. Command not able to execute - Press any key to continue. SECURE was not able to find the specified program file to execute, so it tried to load a copy of the MSDOS command interpreter. SECURE could not find the command interpreter. *** Too many extensions in configuration file *** This error indicates a corrupted configuration file. The configuration file must be regenerated (from scratch). *** Too many characters in menu text *** This error indicates a corrupted configuration file. The configuration file must be regenerated (from scratch). 36 MESSAGES IN EDITCFG *** Configuration file not found *** EDITCFG cannot find the configuration file named in either the default directory or in any directories specified in the PATH. EDITCFG will ask if you want to create this file. *** Saving Configuration File The new parameters are being saved to the configuration file. *** Too many extensions in configuration file *** This error indicates a corrupted configuration file. The configuration file must be regenerated (from scratch). *** Too many characters in menu text *** This error indicates a corrupted configuration file. The configuration file must be regenerated (from scratch). 37 MESSAGES IN LOGIO Command terminated - Press any key to continue. LOGIO has successfully completed execution of the command given on the LOGIO menu screen. Press any key to return to the LOGIO menu screen. Command not able to execute - Press any key to continue. LOGIO was not able to find the specified program file to execute, so it tried to load a copy of the MSDOS command interpreter. LOGIO could not find the command interpreter. Opening file handle : Filename = The named file is being opened for access using the MSDOS file handle access method. Opening file FCB : Filename = The named file is being opened for access using the MSDOS file control block access method. Creating file handle : Filename = The named file is being created and opened for access using the MSDOS file handle access method. Creating file FCB : Filename = The named file is being created and opened for access using the MSDOS file control block access method. Moving file : => The named file is being renamed to the new name using the MSDOS file handle access method. (Note: the file is really not being "moved" on disk. That is only the MSDOS terminology. But it may be "moved" to a new directory on the same disk.) Renaming file : => The named file is being renamed to the new name using the MSDOS file control block access method. 38 APPENDIX B The following information may be used to set up the file extensions in the configuration file. The following information list filename extensions used by many popular software packages. Both data files as well as program files are included to allow you to configure your system for either the inclusion or exclusion method of encryption. To use the inclusion method of encryption, select the plus (+) and in the extension fields enter the extensions shown for your particular package (the data files). If you want to use the exclusion method of encryption, select the minus (-) and in the extension fields enter the extensions shown for your particular package (the program files). If you have selected to use the inclusion method, and are running more than one application program from a single configuration file, all extensions for each program must be from the inclusion list. The opposite is true if you are using the exclusion method. You cannot mix extensions from the inclusion list with the exclusion list. SECURE.EXE automatically excludes the commonly used file extensions, .BAT, .COM, .EXE, .HLP, and .SYS. It is not necessary to enter these extensions when configuring your system. Many programs (especially text editors and word processors) let you use any extension you desire. This will affect encryption by inclusion, since you must specify all extensions of your data files. This will be indicated in the following tables with the entry ".xxx". This entry indicates that you must specify all extensions that you intend to use with your application. 39 SPREADSHEETS LOTUS 123 (Release 1 and 2) INCLUSION - .WK?, .PRN EXCLUSION - .CMP, .CNF, .DLB, .DRV, .DVC, .DYN, .FNT, .FON, .LBR, .SET, .SCR, .XLT MICROSOFT MULTIPLAN (Version 1 and 2) INCLUSION - .xxx EXCLUSION - .LOD, .COD, .DAT, .INI WORD PROCESSORS MICROSOFT WORD INCLUSION - .DOC, .xxx EXCLUSION - .GLY, .INI, .LEX, .PRD, .STY, .SYN, .VID WORDPERFECT INCLUSION - .DOC, .xxx EXCLUSION - .SET, .FRS, .LRS, .PRS, .WPK, .STY, .MRS .DRS, .FIL, .LEX, .THS, .CRS DATABASE MANAGEMENT dBASE III INCLUSION - .BAK, .DBF, .DBT, .NDX, .TBK EXCLUSION - .DB, .CAT, .FRM, .FMT, .MSG, .LBL, .MEM, .OVL, .PRG, .QRY, .SCR, .TXT, .VUE 40 APPENDIX C The following programs must be used with algorithm modification 1: Wordperfect 41 APPENDIX D HEXADECIMAL TO DECIMAL CONVERSION HEX DEC HEX DEC HEX DEC HEX DEC HEX DEC HEX DEC 00 000 2D 045 5A 090 87 135 B4 180 E1 225 01 001 2E 046 5B 091 88 136 B5 181 E2 226 02 002 2F 047 5C 092 89 137 B6 182 E3 227 03 003 30 048 5D 093 8A 138 B7 183 E4 228 04 004 31 049 5E 094 8B 139 B8 184 E5 229 05 005 32 050 5F 095 8C 140 B9 185 E6 230 06 006 33 051 60 096 8D 141 BA 186 E7 231 07 007 34 052 61 097 8E 142 BB 187 E8 232 08 008 35 053 62 098 8F 143 BC 188 E9 233 09 009 36 054 63 099 90 144 BD 189 EA 234 0A 010 37 055 64 100 91 145 BE 190 EB 235 0B 011 38 056 65 101 92 146 BF 191 EC 236 0C 012 39 057 66 102 93 147 C0 192 ED 237 0D 013 3A 058 67 103 94 148 C1 193 EE 238 0E 014 3B 059 68 104 95 149 C2 194 EF 239 0F 015 3C 060 69 105 96 150 C3 195 F0 240 10 016 3D 061 6A 106 97 151 C4 196 F1 241 11 017 3E 062 6B 107 98 152 C5 197 F2 242 12 018 3F 063 6C 108 99 153 C6 198 F3 243 13 019 40 064 6D 109 9A 154 C7 199 F4 244 14 020 41 065 6E 110 9B 155 C8 200 F5 245 15 021 42 066 6F 111 9C 156 C9 201 F6 246 16 022 43 067 70 112 9D 157 CA 202 F7 247 17 023 44 068 71 113 9E 158 CB 203 F8 248 18 024 45 069 72 114 9F 159 CC 204 F9 249 19 025 46 070 73 115 A0 160 CD 205 FA 250 1A 026 47 071 74 116 A1 161 CE 206 FB 251 1B 027 48 072 75 117 A2 162 CF 207 FC 252 1C 028 49 073 76 118 A3 163 D0 208 FD 253 1D 029 4A 074 77 119 A4 164 D1 209 FE 254 1E 030 4B 075 78 120 A5 165 D2 210 FF 255 1F 031 4C 076 79 121 A6 166 D3 211 20 032 4D 077 7A 122 A7 167 D4 212 21 033 4E 078 7B 123 A8 168 D5 213 22 034 4F 079 7C 124 A9 169 D6 214 23 035 50 080 7D 125 AA 170 D7 215 24 036 51 081 7E 126 AB 171 D8 216 25 037 52 082 7F 127 AC 172 D9 217 26 038 53 083 80 128 AD 173 DA 218 27 039 54 084 81 129 AE 174 DB 219 28 040 55 085 82 130 AF 175 DC 220 29 041 56 086 83 131 B0 176 DD 221 2A 042 57 087 84 132 B1 177 DE 222 2B 043 58 088 85 133 B2 178 DF 223 2C 044 59 089 86 134 B3 179 E0 224 42