QTCrypt


Executables (GMP version only - 566.4 KB) are now available for qtkey (key creation/maintenance, Document signing), qtencode (document/file encryption), qtdecode (document/file dencryption) and qtcalc_file_hash (compute/check file hashes). Source (690 KB) is available under the GPL. NOTE: the source includes both the GMP and the MIRACL versions.

The signature files for both the executables and the source are available.


QTCrypt is a program for encryption.

Please see note concerning 160 bit hashes in Linux Version 5.0.

QTCrypt utilizes a sophisticated adaptation of one-time pad encryption and is, to the best of my knowledge, unbreakable. Even upcoming Quantum computing probably will not be capable of breaking QTCrypt.

However, QTCrypt is a symmetric encryption program and not public key. Symmetric encryption places more of a burden on the users, since both the encryption party and the decryption party must have access to the secret key.

However, if you merely wish to encrypt/decrypt your private files such that nobody else may view sensitive information, then distributing the secret keys for encryption/decryption is not a problem simply because it is not done. For such a use QTCrypt is ideal.

BUT be very careful in storing or memorizing the secret pass phrases because without those pass phrases, the files are lost forever.

With public mass storage on the internet becoming more realizable every day, there may be a day in the near future when you may be storing or backing-up all of your sensitive files/data on such storage. More ISPs (Internet Service Providers) are providing more and more such mass storage. With broadband lines becoming more readily available, transferring such data to rented on-line storage for back-up purposes is probably realizable today. Or maybe you are already doing so.

If you are storing, for back-up purposes, sensitive files/data (financial files, tax files, legal documents/files, personal letters, etc.) on readily available on-line mass storage, have you ever wondered just how secure such data is from others who would really like to view such data?

Well by encrypting such data/documents/files with QTCrypt before transmitting to on-line mass storage you can prevent such un-authorized use.

Also, QTCrypt attempts to make distribution of the secret key needed for encryption/decryption somewhat easier. There are three elements used in making a secret key. The first is a CD-ROM (or DVD) of the originator's choice. The second is a pass phrase, also of the originator's choice. Using the first two elements, the CD-ROM and pass phrase, the originator creates a Key Certificate. The Key Certificate is encrypted using the pass phrase and the CD-ROM chosen. All three elements:
  1. CD-ROM,
  2. Pass Phrase, and
  3. Key Certificate
are then used to create the secret key. The secret key is used with the CD-ROM for encryption/decryption. Thus, the three elements must be communicated to anybody else privledged to encrypt/decrypt files/documents with the secret key. All three elements must be possesed by anybody desiring to create the secret key. With only one or two of the elements, the secret key cannot be created and, thus, any files/documents encrypted with the secret key cannot be decrypted.

Thus, three independent channels may be used to communicate/transport the three elements to other parties. The three separate channels need not be secure if they are indeed independent. By "independent", I mean that anybody reading or having other access to one channel has no knowledge of or access to the other channels.

In this fashion, QTCrypt has reduced the need for truely "secure" channels of information or transport. But the need to insure channel independence is still of great concern. However, channel independence is much easier to ensure thn truely "secure" communication channels.

The secret key, once created in this manner can be used to encrypt/decrypt thousands (or possibly more) files/documents/messages.

The program was originally developed under OS/2 and was not working under Linux. It is has currently been fixed (Jan. 03, 2005) and working again under Linux.

As originally developed under OS/2, QTCrypt utilized the FIPS 160 bit Secure Hash Algorithm. Under Linux, it has been updated to the latest FIPS version, 180-2, 2002 August 1, with 160, 224, 256, 384 and 512 bit hashes. The 160, 224 and 256 bit hashes are designed by NIST to work with files/documents less than 2^64 bits (2^61 bytes) and create a message digest (one-way hash) of the file/document. The 384 and 512 bit hashes are designed by NIST to work with files/documents less than 2^128 bits (2^125 bytes) and create a message digest (one-way hash) of the file/document.

Also, the Digital Signature has been updated to the latest FIPS 186-2 Change notice 1, 2000 Janurary 27. For  QTCrypt, I have extended FIPS 186-2 Change notice 1 to work with secure hashes from 160 bits to 512 bits. FIPS 182 Change notice 1 uses a prime modulus group key parameter, p, of 1024 bits. NIST is currently working on FIPS 186-2 to change p from 1024 bits to 3072 bits to work with the 224 and 256 bits hashes. I have designed QTCrypt to work with group key parameters, p, of 3027 bits for the 160, 224 and 256 bits hashes and 4096 bits for the 384 and 512 bit hashes.

The Linux version utilizes either the the GNU Multiple Precision Arthimetic Library, GMP,  or the MIRACL (Multi-precision Integer and Rational Arithmetic C/C++ Library) Package.

The GNU GMP is distributed under the GPL and so the GMP version of QTCrypt is also distributed under the GPL.

MIRACL is not distributed under the GPL, but is available for download from Shamus Software. (The MIRACL library can be used freely for Academic, non-profit making or non-commercial use. Commercial Users must register.)

Thus, two files of the MIRACL version are not under the GPL. The two files are the C header file "miracl.h" which is totally copyrighted by Shamus software and the file is distributed here with their permission. The C source file "dss-miracl.c" is partially copyrighted by Shamus Software and that portion is distributed here with their permission.

For the GMP version of QTCrypt, the GNU GMP is avaible on many platforms and OSs including Linux. The GMP is distributed with most, if not all, Linux distributions. Thus, under Linux the user only needs to deal with the QTCrypt source files and need not be concerned with the mechanics of securing, and compiling the GMP library, since it will most liekly already be available on their systems.

For the MIRACL version of QTCrypt, the user must download the MIRACL package from Shamus software, compile the appropriate pieces of software and then create a software library for use by the program linker the user is using. The instructions for doing this are included in the QTCrypt file "dss-miracl.c". The comments in the source file detail how I accomplished these tasks and could be repeated by the user.

For those desiring to use only GPL'd software, the GMP version of QTCrypt would probably be the version of choice. I could measure no difference in the performance speed of either the GMP or MIRACL version of the Digital Signature portion of QTCrypt. The GMP version is slightly smaller in size. Thus, I know of no advantage to using either version from a performance standpoint.


The QTcrypt manual

The full tarred and bzipped  source (size: 690 KB) is available. The QTcrypt source signature file is also available.


Terry D. Boldt 2005
All Rights Reserved
Last Updated: Nov 10, 2005