User Guide
Table of Contents
Key Maintenance

Quick Start

To get started quickly using QTCrypt, follow these steps:

  1. Install QTCrypt. Be sure that the directory where the three QTCrypt executables are installed is included in your "PATH" variable or make that the current directory.
  2. Decide on a file to be encrypted. This can be any file. For purposes of illustrating encrypting a file, we shall assume the name of the file is the QTCrypt documentation file "encrypt_key.html" and that it resides in the directory "docs". We shall encrypt the file to another file, "encrypt_key.enc", in the "tmp" directory of the 'home' directory.
  3. Decide on a "pass phrase" to be used to encode the file. The pass phrase should be at least 50 characters and not more than 75. Choose a pass phrase you will be able to remember.
  4. Execute "qtencode" as:

    qtencode -Eacv docs/encrypt_key.html ~/tmp/encrypt_key.enc

    this command will:

    1. Invoke the QTEncode program and display the following program information:

      QTCrypt File Encrypter, Linux Version 3.2. Oct 24 2004
      (C) Copyright 1995 - 2004 Terry D. Boldt. All Rights Reserved.

    2. Since the 'E' option was specified for pass phrase encryption, you are asked to input the pass phrase to be used for encrypting the file:
      Input Pass Phrase for Decrypting Input File.

      Notice that the pass phrase is not displayed, but '*' are displayed as you type. 1, 2 or 3 '*' will be displayed for each character typed. This is top prevent an observer from determining the length of the pass phrase.

    3. Since the 'c' option was specified and the 'v' option for verbose output, QTCrypt compresses the input file, "docs/encrypt_key.html", to a temporary file, displaying the following information:

      Compressing Input File: docs/encrypt_key.html
      Compressed Input File : 24322 to 6221 bytes
      Compression Ratio : 25.6%
      Disk Space Savings : 74.4%

    4. encrypt the temporary compressed file using the pass phrase. Prior to starting encryption, the input/output file information is displayed:

      Input File: docs/encrypt_key.html
      Output File: /home/terry/tmp/encrypt_key.enc

    5. The percentage of the file encrypted is displayed as encryption progresses:

      Percent Encyphered: xx

    6. Upon encryption completion, the temporary compressed file is deleted and the following information displayed:

      Time to Encrypt:  0.08 seconds.
      Encryption Rate: 77762.5 Characters/second
      Randomizer Bytes Used For Encryption: 0

You have just encrypted your first file. The encryption just performed uses a form of encryption termed "Pass Phrase" encryption. This form of encryption is perhaps the weakest form used by QTCrypt. This form of encryption is used to encrypt all key files.

In order to decrypt the file just encrypted, the pass phrase must be re-entered EXACTLY as entered for encryption. Mistyping a single character produces output which QTCrypt detects as a corrupted file which it is unable to decrypt and the following message is displayed:

Error No: (2002)
Corrupted File. Unable to Decrypt.

If the proper pass phrase is entered upon decryption, invoking QTDecode will produce the following output. Invoke QTDecode as:

qtdecode -v ~/tmp/encrypt_key.enc ~/tmp/encrypt_key.dec

  1. QTDecode displays the following program information:

    QTCrypt File Decrypter, Linux Version 3.2. Oct 24 2004
    (C) Copyright 1995 - 2004 Terry D. Boldt. All Rights Reserved.

  2. Next QTDecode reads the header information in the encrypted file and determines that Pass Phrase encryption was used and prompts for the correct pass phrase:

    Input Pass Phrase for Decrypting Input File.

    Again '*' are displayed instead of the character you type. The asteric characters,'*, displayed will not be exactly the same number as displayed when the file was encrypted since, again, 1, 2 or 3 '*' characters are displayed for each character typed.

  3. Since the 'v' option was specified for verbose output, QTDecode displays all file information,
    1. encrypted input file name.
    2. date/time of the original unencrypted file.
    3. the name of the person who performed the encryption if the encrypted file was signed. If the file was not signed, then "Anonymous" is displayed as the name.
    4. output file name.
    Input File: /home/terry/tmp/encrypt_key.enc
    Orig. Dated: Wed Jan 22 00:41:10 2003
    Encyphered On: Thu Oct 28 00:14:13 2004
    Encyphered By: Anonymous
    Output File: /home/terry/tmp/encrypt_key.dec
  4. QTDecode then decrypts the input displaying the percentage decrypted as the decryption progresses:
    Percent Decyphered: xx
  5. Since the original unencrypted input file was compressed, QTDecode detects this from the file header information and the decrypted contents were written to a temporary file. QTDecode then uncompresses the decrypted temporary file to the final output file and deletes the temporary file.
    Decompressing Output File: /home/terry/tmp/encrypt_key.dec
    Decompressed Output File : 6221 to 24322 bytes
    Compression Ratio : 25.6%
    Disk Space Savings : 74.4%
  6. Finally, decryption statistics are displayed:
    Time to Decrypt:  0.02 seconds.
    Decryption Rate: 311050 Characters/second
    Randomizer Bytes Used For Encryption: 0

You have just decrypted your first file. This form of encryption uses no key information beyond the pass phrase entered prior to encryption and decryption.

The more secure forms of encryption used by QTCrypt require Encryption Keys. Also, if files are to be Signed so that the person decrypting the file can be assured of its origin, the Signature Keys must be created.

Typing 'qtencode' with no parameters will display the following information:

Usage: qtencode [options] (input_file|-) [output_file|-]
Options: (+/-) following an option indicates that the option
        may be FORCED on, +, or off, -. If +/- not specified
         the value set in the configuration file is "toggled",
        i.e., on->off, off->on
-A -- Force Alternating Encoding
-B -- Force Byte Shift Encoding
-C -- Force Byte Mix Encoding
-M -- Force Bit Mix Encoding
-P -- Force Permutation Change Encoding
-R -- Force Relative Offset Encoding
-E -- Force Pass Phrase Encoding
-a(+/-) -- Armor File for E-Mail
-c(+/-) -- Compress File before Encrypting.
-f -- Force Secure hashes. Specify as comma separated list:
The comma separated list may optionally be enclosed in parenthesis '()'
If enclosed in parenthesis, surround with quotes (double or single)
Example: '-h(3,5,7,8)' or -h 3,5,7,8 or -h '(3,5,7,8)'
hashes specified as:
1 - Force SHA 160 bit hash - deprecated
2 - Force SHA 224 bit hash
3 - Force SHA 256 bit hash
4 - Force SHA 384 bit hash
5 - Force SHA 512 bit hash
6 - Force RMD 160 bit hash - deprecated
7 - Force Whirlpool 512 bit hash
8 - Force Tiger 192 bit hash
-h -- Display this help and exit.
-i(+/-) -- Force Decrypted Output to Input File Name.
-k Master_Key -- Use 'Master_Key' for Master Key File.
-o(+/-) -- Force Deciphered Output to Standard Output.
-r(+/-) -- Use Randomizer Key Certificate
-s(+/-) -- Sign File for Authentication
-v(+/-) -- Verbose Mode
-w(+/-) -- Wipe Input File
Information Options - Use Following options for information:
*****Encoding Information:
-?A Alternating -?B Byte Shift
-?C Byte Mix -?E Pass Phrase
-?M Bit Mix -?P Permutation Change
-?R Relative Offset
*****Other Options Information:
-?a Armoring Output -?b Configuration File
-?c Compresswing input file -?f Forced Secure Hashes
-?i output to input Filename -?k Master Key
-?o output to stdout -?s Signing
-?w Wipe Input File
*****Ecryption Information:
-?D Digital Signatures -?L License
-?S Randomizer Streams -?V Key Certificates
-?W I/O Streams -?X File Formats
-?Y Methodology -?Z Base Change Function

This displays the options which are available.

Creating and Using Encryption Keys is discussed in the sections, Encryption Key Generation and Encrypting a File.

Quick Start
User Guide
Table of Contents
Key Maintenance