Copyright (c) Nick Payne 1996-1998

Cryptext v3.2
OVERVIEW
Cryptext is a freeware Windows 95 / NT4 shell extension that performs strong fil
e encryption. It uses a combination of SHA-1 and RC4 to encrypt files using a 16
0-bit key. The current versions of Cryptext can always be found on my home page
at http://www.pcug.org.au/~njpayne, and are mirrored to the ftp site ftp.funet.f
i/pub/crypt/utilities/file.
This version of Cryptext is available in English, French, German, and Spanish la
nguage versions. The ZIP file for the English version is CRYPTEXT.ZIP, for the F
rench version CRYPTFRA.ZIP, for the German version CRYPTDEU.ZIP, and for the Spa
nish version CRYPTESP.ZIP. Only the Cryptext program itself is language specific
. The readme file and help file are still English language for all versions.
Cryptext may be used in any way, for any purpose, at no cost. It may be distribu
ted by any means, provided that the original files as supplied by the author rem
ain intact and that no charge is made other than for reasonable distribution cos
ts. Note that Cryptext contains strong cryptographic routines upon which some co
untries place distribution and/or use restrictions. Verify that you are allowed
to use or distribute Cryptext before doing so.
DISCLAIMER OF WARRANTY
THIS SOFTWARE AND DOCUMENTATION ARE PROVIDED "AS IS" AND WITHOUT WARRANTIES AS T
O PERFORMANCE OF MERCHANTABILITY OR ANY OTHER WARRANTIES WHETHER EXPRESSED OR IM
PLIED. BECAUSE OF THE VARIOUS HARDWARE AND SOFTWARE ENVIRONMENTS INTO WHICH THIS
PROGRAM MAY BE PUT, NO WARRANTY OF FITNESS FOR PARTICULAR PURPOSE IS OFFERED. G
OOD DATA PROCESSING PROCEDURE DICTATES THAT ANY PROGRAM BE THOROUGHLY TESTED WIT
H NON-CRITICAL DATA BEFORE RELYING ON IT. THE USER MUST ASSUME THE ENTIRE RISK O
F USING THE PROGRAM.
Any product or brand names mentioned in this document are trademarks or register
ed trademarks of their respective owners.
**IMPORTANT** This version of Cryptext implements a checksum to prevent accident
al decryption of a file with the wrong password, and is *not* compatible with an
y version of Cryptext prior to v2.30. If you have files you have encrypted with
a version of Cryptext older than v2.30, you must decrypt them before installing
this new version. If you do not, you will not be able to decrypt these files wit
hout un-installing the new version and re-installing the previous version.
Alternatively, you can use the console application DECRYPT.EXE, which is include
d in the ZIP file, to decrypt any file encrypted with Cryptext version 2.0 or la
ter. However, DECRYPT.EXE can only decrypt a single file at a time, and makes no
check that you are using the same password for decryption as you used when encr
ypting the file.
If you are presently using Cryptext v1.x, you *must* decrypt all encrypted files
before installing the new version of Cryptext, or you will have no way of decry
pting previously encrypted files.
WHAT'S NEW IN THIS VERSION
Cosmetic change only. The Cryptext "Encrypt" and "Decrypt" context menu items no
w display the Cryptext icon.
ACKNOWLEDGEMENTS
Thanks to Juergen Schultze and Juergen Wulf for the German translations.
Thanks to Gary Mulhern for information on the registry entries needed to get a m
eaningful icon and file type to display for encrypted files in Explorer.
TO INSTALL CRYPTEXT
1. If you have a previous version of Cryptext older than v2.30 installed, decryp
t any encrypted files.
2. Unzip the installation executable CRYPT320.EXE from the ZIP file and run it.
To install Cryptext on Windows NT you must be logged in as Administrator or a us
er who is a member of the Administrators group. This is because only an Administ
rator has update rights to the part of the registry where shell extensions are r
egistered.
TO UNINSTALL CRYPTEXT
1. From the Start menu, select Settings, then Control Panel, then Add/Remove Pro
grams.
2. Select the "Cryptext (Remove only)" entry.
3. Click on the Add/Remove button.
HOW DOES CRYPTEXT WORK?
1. When you install Cryptext it adds "Encrypt" and "Decrypt" items to the contex
t menu you get when right-clicking on files or directories in Explorer.
2. When you encrypt a file, Cryptext takes your passphrase and uses the SHA-1 on
e-way hash function to generate a 160-bit key.
3. For each file selected, it then concatenates the key from step 2 with a salt
value generated from (a) the number of 100-nanosecond intervals since January 1,
1601, and (b) a 32-bit random number, and hashes this concatenation with SHA-1
to produce the key which is used for the encryption. This step is taken to ensur
e that no two files are encrypted with the same keystream.
4. The file is then encrypted in 16Kb blocks. Each block is read, encrypted, and
then written back to disk, so that when the encryption of the file is complete,
the original file has been completely overwritten by the encrypted version. Not
e, however, that an attacker with sophisticated equipment for scanning the hard
disk can recover the data that was previously written to the disk, even after it
has been overwritten. See http://www.cs.auckland.ac.nz/~pgut001/secure_del.html
for a discussion of the techniques used.
5. The salt values from step 3 are stored in plaintext with the encrypted file,
so that the file can be successfully decrypted when the correct passphrase is su
pplied. There is no requirement that these values be kept secret, only that they
be unique for each file.
6. In order to verify your passphrase on second and subsequent executions, Crypt
ext takes the key generated in step 2, adds it to the end of your passphrase, an
d applies the SHA-1 function to the concatenation of the passphrase and key. The
resultant hash is stored in the registry so that subsequent passphrases can be
checked for validity by being put through the same two-step hash and compared wi
th the stored value.
For decryption, Cryptext first reads the values saved in step 5 from the encrypt
ed file and concatenates them with your hashed passphrase to obtain the decrypti
on key.
VERIFICATION
With encryption software, it is important to be able to verify both that the enc
ryption program has not been tampered with and that the encryption algorithm and
implementation are as claimed. Most commercial packages fail on both these poin
ts.
The file CRYPTEXT.DLL.SIG contains the PGP signature of CRYPTEXT.DLL. If you hav
e a copy of PGP version 5.x, you can use this together with my public key to ver
ify that CRYPTEXT.DLL has not been altered before it reached you. My public key
is available either from a PGP keyserver or from my web page at http://www.pcug.
org.au/~njpayne/verify.html. After you have installed Cryptext, you will find CR
YPTEXT.DLL in the WINDOWS\SYSTEM\SHELLEXT directory (on Windows 95/98) or WINNT\
SYSTEM32\SHELLEXT (on Windows NT).
To verify that Cryptext actually does what I claim, CRYTPEXT.ZIP contains a seco
nd zip file, DECRYPT.ZIP. This contains the source code and a Visual C++ make fi
le to build a Win32 console application that uses SHA-1 and RC4 to decrypt files
which have been encrypted with Cryptext. To verify Cryptext:
1. Extract the contents of DECRYPT.ZIP into a directory
2. Check the source code
3. Use the make file to build DECRYPT.EXE
4. Encrypt a file with Cryptext
5. Run DECRYPT.EXE in a DOS window to decrypt the file. You need to supply two c
ommand line parameters. The first is the passphrase; the second is the filename.
e.g.
DECRYPT "my pass phrase" c:\temp\test.txt.$#!
Don't forget that a file encrypted with Cryptext will have the added extension "
$#!" which is not shown in Explorer.
NOTES
1. If you are running on Windows NT 4 then you have the option to retain the enc
ryption password in memory for the duration of your NT session. If you are runni
ng on Windows 95 you must enter the password for each encryption or decryption.
2. After the initial execution of Cryptext, you cannot change your encryption pa
ssword unless you know the existing password. If you forget the password, you ha
ve to uninstall and reinstall Cryptext in order to be able to use a new password
. If you have files you have encrypted, and you have forgotten the password, the
n those files are not recoverable.
3. Cryptext assumes that the file system on which it is running supports long fi
lenames. When it encrypts a file it adds the extension ".$#!" to the filename. T
his name change will fail if the existing filename already exceeds 252 character
s or if the file system does not support long filenames (such as a NetWare serve
r volume which does not have long namespace support loaded). The resulting file
is still encrypted but it does not have the extension which Cryptext recognises,
and you will not be able to decrypt it until you change the file extension to "
.$#!".
4. Password selection. Cryptext allows a password to be up to 255 characters lon
g. As a file encryption password is generally in use for much longer than a logi
n password, you should use more care selecting it. For more information on good
password selection, use one of the www search engines to search for web document
s containing "password", "selection", and "good".
If you are interested in finding out more about encryption and cryptography:
a) RSA's web site at www.rsa.com has a good cryptography FAQ available both onli
ne and as a downloadable PDF file
b) There is a short introduction to cryptographic concepts and algorithms at htt
p://www.mach5.com/crypto
c) There is a lot of cryptographic source code at the ftp site idea.sec.dsi.unim
i.it/pub/security/crypt/code
d) Bruce Schneier's book "Applied Cryptography" has a comprehensive coverage of
both protocols and algorithms
e) You can find an encryption library which provides a consistent interface to m
any encryption algorithms, as both source code and 16- and 32-bit DLLs, at http:
//www.cs.auckland.ac.nz/~pgut001/cryptlib/index.html.
Nick Payne
njpayne@pcug.org.au
August 1998