User Guide
Chapters
Table of Contents
Quick Start
 

Introduction

QTCrypt is a set of three programs,

  1. QTEncode
  2. QTDecode
  3. QTKey

These three programs are used to encrypt files so that only the person encrypting them, or persons selected by that person, may decrypt and read or utilize the files.

QTEncode is used to encrypt files. QTEncode uses special files created by QTKey, called Encryption Key files, to process a file and encrypt it.

QTDecode is used to decrypt files which have been encrypted with QTEncode. QTDecode uses the same or duplicates of the Encryption Key files used by QTEncode to encrypt a file, to decrypt the file. QTDecode first decrypts the file, computing multiple message digests as the file is decrypted. It then decrypts the message digests computed and encrypted by QTEncode and compares the all message digests. Since the probability of two files having the same multiple message digests is very small, if the encrypted message has been changed in any way, the message digests computed by QTDecode will probably differ from the message digests computed by QTEncode. If the message digests are equal, then the decrypted file is probably be the same as the file encrypted by QTEncode, and thus the file decrypted by QTDecode has been "verified". Alternatively, if the the encrypted file has been signed when encrypted using all of the encrypting message digests, the signature for each message digest of the encrypted file is decrypted instead of the message digests. Using the Public Key corresponding to the Private Key used to sign the encrypted file, QTDecode uses the Digital Signature Standard described in Federal Information Processing Standards Publication, 186, 1994 May 19 to authenticate the decrypted file. If QTDecode cannot authenticate the decrypted file using the Digital Signature Standard, the decrypted file is wiped and the user informed.

File Information

QTCrypt includes the following information in the signature or message digest of each encrypted file:

  1. Flag signaling whether file is signed,
  2. Flag indicating a forced hashing function,
  3. File size in bytes (included twice, once scrambled),
  4. filename length,
  5. filename,
  6. Last write date/time of file encrypted,
  7. encryption date/time,
  8. Group Key ID string length if signed,
  9. Group Key ID if signed,
  10. Public Key ID string length if signed,
  11. Public Key ID if signed,
  12. File contents

Thus, if QTCrypt verifies a decrypted file, the receiver knows not only the contents of the file, but also when the file was last modified before encryption and when the file was encrypted.

Secure Digital Signature

QTCrypt also allows the use of Secure Digital Signatures. A Secure Digital Signature allows the person encrypting a file to apply a signature to the encrypted file which is unique to the person, the encrypted file and the date and time of encryption and which cannot be duplicated by anybody else. QTCrypt uses the Digital Signature Algorithm described and defined in the Digital Signature Standard, Federal Information Processing Standards Publication, 186, 1994 May 19. The Secure Digital Signature defined by the Digital Signature Algorithm defines both private keys and public keys for each person. The private key and public key are created by QTCrypt for anybody desiring to sign an encrypted file. The private key is kept private and secret by the person for whom it was created. The corresponding public key is disseminated widely to anybody who would want to decrypt and verify the contents of a file encrypted by that person and authenticate the Secure Digital Signature. QTEncode uses the message digest computed for an encrypted file and the private key of the person encrypting the file to compute a Secure Digital Signature. The Secure Digital Signature is then encrypted and appended to the encrypted file. When the encrypted file is decrypted by QTDecode, the message digest is again computed and used with the group key and public key corresponding to the Group Key ID and Public Key ID included in the encrypted file to recompute the Secure Digital Signature of the received file. If the recomputed Secure Digital Signature equals the decrypted Secure Digital Signature, then QTCrypt verifies the decrypted file contents, the date and time of the encrypted file, the encryption date and time and authenticates the Secure Digital Signature of the person encrypting the file.

As noted above, QTEncode transforms the input file so that it appears to be a stream of random bytes. Indeed, attempting to compress a file encrypted with QTEncode will fail. File compression programs use redundancy or repeated byte sequences in a file for compression. It replaces the redundant or repeated byte sequences with shorter codes, thus compressing the file. Files which has been encrypted with QTEncode will appear not to have any such redundancy or repeated byte sequences and thus cannot be compressed. The encrypted file output by QTEncode will be longer that the input file.

Overhead

QTEncode uses one of 5 methods or a combination of the five methods to encrypt a file. In addition, QTEncode outputs overhead to identify certain knowledge about the file encrypted. The overhead contains the information specified in Encryption File Overhead.

Depending on the encryption method used, the encrypted text can be exactly equal in length to the input file or up to 3 times longer. Thus, the encrypted file will vary from approximately equal in size to the input file to approximately 3 times as big. Since the encrypted file cannot be compressed, any compression must be done prior to encryption. If compressed prior to encryption by any of the popular compression programs, usually more than one file may be compressed and included in the output of the compressor. In addition, QTCrypt will optionally compress the input file prior to encryption. The decrypted file is automatically decompressed if QTCrypt compressed the input file.

Encryption Options

QTEncode includes several options for:

  1. specifying the encryption method to be used,
  2. specifying the Secure Hash Algorithms to be used,
  3. specify that the input file should be compressed prior to encryption,
  4. specifying the Master Key Ring to be used,
  5. specifying that the encrypted file should be output in a special form for transmission as an e-mail message, i.e, armored.
  6. specifying that the encrypted file should include a Secure Digital Signature,
  7. specifying that the decrypted output should be displayed on the console and not written to a file,
  8. specifying that the decrypted output should be output only to a file with the same name as the input file to QTEncode,
  9. specifying that the input file should be overwitten in such a manner as to attempt to wipe it from the storage medium,

The following lines illustrate the display screen output for encrypting and decrypting a sample text file. The screens illustrate the output when the verbose mode has been enabled.

QTCrypt File Encrypter, OS/2 Version 3.1. Jul 30 1999
(C) Copyright 1995 - 1999 Terry D. Boldt. All Rights Reserved.
Input Pass Phrase for Reading Master Key Ring.
1 to 75 Characters.
**********************************************************************.....
Choose Group Signature Key to Use from Following List
1: Default Signature Key
120: Sat Jul 31 17:46:32 1999
2: Quik Trim Group (Bits==960, bytes==120)
120: Mon Jan 01 00:00:00 1996
Enter Desired Number and Press [ENTER]: 2
Using Private Signature Key:
Terry D. Boldt
Initializing Encryptor.
Initialization Complete.
Compressing Input File: conleys.hdr
Compressed Input File : 10694 to 4604 bytes
Compression Ratio : 43.1%
Disk Space Savings : 56.9%
Encyphering
Input File: conleys.hdr
Output File: \tmp\conleys.enc.a01
Percent Encyphered: 100
Signed By:
Quik Trim Group (Bits==960, bytes==120)
Mon Jan 01 00:00:00 1996
Terry D. Boldt
Sat Jul 31 17:47:58 1999

Time to Encrypt: 2.96 seconds.
Encryption Rate: 1555.41 Characters/second
Randomizer Bytes Used For Encryption: 233156


QTCrypt File Decrypter, OS/2 Version 3.1. Jul 31 1999
(C) Copyright 1995 - 1999 Terry D. Boldt. All Rights Reserved.
Input Pass Phrase for Reading Master Key Ring.
1 to 75 Characters.
**********************************************.............................
Initializing Decryptor.
Initialization Complete.
Decyphering
Input File: \tmp\conleys.enc.a01
Orig. Dated: Sat Jul 01 23:54:34 1995
Encyphered On: Thu Aug 05 00:01:39 1999
Encyphered By: Quik Trim Group (Bits==960, bytes==120)
Mon Jan 01 00:00:00 1996
Terry D. Boldt
Sat Jul 31 17:47:58 1999
Output File: \tmp\conleys.dec
Percent Deciphered: 100
Decompressing Output File: \tmp\conleys.dec
Decompressed Output File : 4604 to 10694 bytes
Compression Ratio : 43.1%
Disk Space Savings : 56.9%
Message Verified & Signature Authenticated

Time to Decrypt: 3.313 seconds.
Decryption Rate: 1389.68 Characters/second
Randomizer Bytes Used For Encryption: 233156

User Guide
Chapters
Table of Contents
Quick Start