The Cloak2 Cipher User's Manual

Serious File Encryption and Key Management

Terry Ritter, P.E.

Ritter Software Engineering
2609 Choctaw Trail
Austin, TX 78745
(512) 892-0494

Copyright 1993 - 1995 Ritter Software Engineering
Protected by U.S. Patent 4,979,832

Introduction

Cloak2 is a serious second-generation stream cipher based on Dynamic Substitution technology. Cloak2 will encipher any file of any type into a file of binary ciphertext, and will decipher that ciphertext into a file which is byte-by-byte the same as the original. Cloak2 is currently implemented as a DOS program with an internal command line which works well under Microsoft Windows.

Cloak2 users normally select a hidden random key from an alias file of such keys (the alias file might be provided by the local corporation). A particular key is selected by an associated alias tag which need not be secret. This allows the hidden keys to change (e.g., as employees leave), while the user continues to use the exact same alias. The hidden keys actually encipher only a random 992-bit session key; the random session key is then used to encipher the file data.

Cloak2 is a "conventional" or "Secret Key" cipher, and is ideal for secure local storage or secure communication within a corporation. Although "Public Key" ciphers are often suggested as an alternative, for true security, they require that received keys be certified. When this poorly-understood step can be ignored by users, supposedly secret information can be exposed to outsiders. This sort of problem does not occur in a Secret Key cipher.

Contents

Start Up

Overview

What Is Cloak2?

Cloak2 is an easy-to-use data security program for MS-DOS which works well under Microsoft Windows. Cloak2 protects the information in a file from unauthorized viewing. Protected files can be saved locally, archived off-site, or communicated (using conventional binary file-transfer protocols) without exposing the information in those files to unauthorized individuals.

What Does Cloak2 Do?

Cloak2 translates (enciphers) files of any sort (word processing files, spreadsheets, graphics, compressed archive files, etc.) into files of random-like values. This "ciphertext" contains the original information, but keeps it hidden. The original file is recovered by "deciphering" the ciphertext file with the correct key.

How Does Cloak2 Do It?

Cloak2 uses new, patented Dynamic Substitution technology to implement an especially fast and strong cipher. A user-selected Key Phrase defines the enciphering transformation, and EXACTLY THE SAME KEY PHRASE MUST BE USED TO RECOVER THE ORIGINAL FILE. Cloak2 provides extensive and unique key management facilities to make this easy.

When deciphering, Cloak2 translates the ciphertext back into exactly the same data as in the original file -- provided the deciphering key phrase is exactly correct. A CRC error-check warns if an incorrect key phrase was used or if the ciphertext file was damaged or tampered with.

Who Should Use Cloak2?

Cloak2 is great for those who want practical, easy-to-use file privacy. Most computers are not under continuous armed guard, and portable machines can be lost. Unauthorized people may be able to read or copy the information in unattended machines. Cloak2 makes surreptitious loss virtually impossible. Cloak2 can be used for local privacy, to protect off-site archives from inappropriate access, or to protect files which will be communicated by a binary protocol.

Cloak2's key-management facilities make enciphering quick and easy for individuals, and allow companies to institute a corporate-wide key management and control policy. A key policy is important, because employers need access to business information which their employees generate.

Everyone who saves enciphered files will appreciate Cloak2's support for messages enciphered under old keys.

What Do I Need To Use Cloak2?

Cloak2 runs on any system which runs MS-DOS programs, from old 8088 systems through modern Pentium systems, including lap-tops, hand-held DOS computers and even emulated DOS on Unix and other systems. While Cloak2's assembly-language code is optimized for modern processors, it is also very efficient on older machines. Unlike many other encryption products, Cloak2 does not require a numeric co-processor.

The Cloak2 Versions

Currently, there are four different versions of Cloak2: Advanced (the usual choice), Commercial Demo (for evaluation), Decipher-Only (for CD-ROM protection), and Corporate (which limits use to specific keys). Each version has a particular combination of features, and only the Advanced version has all Cloak2 features.

Advanced

The Advanced version of Cloak2 (typically CLO2ADV.EXE) includes all features.

Commercial Demo

The Commercial Demo (typically CLO2DEMO.EXE) provides basic cipher capabilities in a small package. The commercial demo does not include alias files (/a, /f), batch files (/b, /k), key-generation (/g), wildcard support, or tree-mode (/t) mass ciphering. However, the Commercial Demo (and all documentation) can be sent -- without obligation -- to anyone with whom you would like to communicate. This means that the other party need not already have Cloak2 before you can send secure information.

Individuals can use the demo version until they decide to license the advanced version. Businesses normally have a 30-day demo evaluation period, but would be better off to contact us for an Advanced demo with more of the features they will need.

Decipher-Only

The Decipher-Only version (typically CLO2DEC.EXE) has most features, but does not have routines for enciphering (/e) or key-generation (/g). The enciphering routines are physically not present anywhere in the program. This means that -- in certain cases -- the Cloak2 Decipher-Only version might be exportable.

Corporate

The Corporate version (typically CLO2CORP.EXE) has most features, but is intended to limit ciphering to only approved keys, and has no key-generation (/g) of its own. This of course means that some entity must produce and distribute alias files containing the approved keys. This gives corporations the ability to define the keys which will be used on corporate data.

Users of the Corporate version can cipher data only using the keys present in their alias file. These users cannot cipher data with a key entered from the keyboard, and so must use an alias option (either /a or /f).

Corporate version users have no automatic way to make a new alias file. They also normally cannot decipher the alias file, and cannot encipher a new alias file under the alias key. This provides improved corporate control over secret keys.

Installation

All Cloak2 versions are DOS programs which include internal on-line help panels and a command-line editing facility (for use in Microsoft Windows). Each program is a single file: No separate DLL's or help files are used.

DOS installation

The version of Cloak2 you have (or want to use) should be copied to some directory listed in your command "path." (To see your current path under DOS, just type "set" -- plus enter -- and look for "PATH.") This will allow the program to be found, loaded into memory and executed. The examples generally assume you have Advanced Cloak2, and have renamed the file as CLOAK2.

Microsoft Windows Installation

A Microsoft Windows installation requires that the version of Cloak2 you want to use be copied into a convenient directory, perhaps one you normally use for e-mail. The CLOAK2.PIF file should be copied to the same directory.

Use Program Manager to open the Accessories group and use File, New to create a new Program Item. Enter the Description "Cloak2 Cipher" and set Command Line as the full path to the program (e.g., "c:\clo\cloak2.exe). Set Working Directory to where you want files without full paths to end up (e.g., "c:\clo). (Eventually, you may put your alias file in the Working Directory.) Enter "c" for Shortcut Key (which becomes Ctrl+Alt+C), and check Run Minimized. Use Change Icon and select the safe icon, if desired.

After setup, Cloak2 can be started by double-clicking on the selected icon in Accessories, and then activated when desired with Ctrl-Alt-C, or Ctrl-Esc and Switch To. Or use File Manager and double-click on the Cloak2 program-file. Or use Program Manager File, Run.

What to Expect

When started, Cloak2 immediately displays an identification screen. Execution without a parameter starts-up the interaction menu, which can open the help system. If a parameter is found but the source (FromFile) is not found, Cloak2 will stop with an error; otherwise Cloak2 will request a key, then display the FromFile and the destination (ToFile) as ciphering starts. On a 25 MHz 386, a 30K file should finish in a couple of seconds.

Simple Operation and Help

Help

Execution without a parameter: 
     cloak2
will bring up an interaction menu. One option is "Help": Almost all the information needed to run Cloak2 is available in the help system. Another option is "Enter new command line parameters," which allows Cloak2 to be used interactively. (Since the program is already running, do not use a "program name" like "cloak2" on the interactive command line!)

Simple Enciphering

Basically, 
              cloak2  readme.txt  readme.clo  /e
               ^           ^           ^       ^
               |           |           |       |
     program name   input file   output file   option
enciphers the file README.TXT into a new file README.CLO after the program asks the operator to enter a User Key twice. The resulting file is secure. (Not available in the Decipher-Only version, and the Corporate version will require an alias; see Using a Key-Alias.)

Simple Deciphering

Similarly, 
              cloak2  readme.clo  readme.res  /d
               ^           ^           ^       ^
               |           |           |       |
     program name   input file   output file   option
deciphers the enciphered file README.CLO into the file README.RES. (The Corporate version will require an alias.)

Creating a Key-Alias

Users of Advanced Cloak2 should create a file which holds user keys under cipher, so the user need remember only the one key for the cipher-key file. We call this an alias file, and it can be created or extended by using the /generate option (Advanced version only): 
      cloak2  /g
               ^
               generate
The /generate option starts an interactive system to define an alias entry (effective date, alias tag and key), encipher it (the user enters the alias key), and place it at the top of an alias file. If the user does not enter a specific key for the alias entry, a random key will be created.

In addition, the same key can be given a different alias tag (perhaps your own e-mail name) and placed in another file (under another key) for secure transport. The transport key will be installed at the far end, and the different alias tag will be used there to refer to the key used to communicate with you. Normally, each alias tag will in some way refer to the person or entity at the other end.

Ideally, the transport file would be copied to a floppy disk, carried to the far end, and the transport key delivered by separate channel (for example, by postal mail or phone).

Installing a Transported Key-Alias

When an advanced Cloak2 alias transport file and its key have arrived, the new alias line can be deciphered with the transport key and immediately re-enciphered under the local alias-file key: 
     copy  jerrys.clo  temp.tmp
     cloak2  /d  jerrys.clo			(enter the transport key)
     cloak2  /e  jerrys.clo			(enter your alias key)
The resulting ciphertext (now enciphered under the local alias-file key) can simply be placed at the top of the alias file, using a text editor or the DOS "copy" command's binary append mode: 
     copy  /b  cloak2.mgt  clomgt.old
     copy  /b  jerrys.clo+clomgt.old  cloak2.mgt
This is intended to save the current alias file, then to collect the ciphertext from the transport file and the saved alias file into a new alias file. Note that the new alias is appended to the alias file as ciphertext, and the existing alias file need not be deciphered. The saved alias file can then be erased, if desired.

A similar operation is available in the Corporate version: The corporate key-generation facility can provide incremental upgrades in the alias key (or pass-phrase) for each user. The new block of alias entries then is simply copied to the top of the existing alias file: No ciphering is needed to add a key to the alias file.

Using a Key-Alias

Once a Cloak2 alias file is set up, the /a "tag" (a single word) selects an alias in that file: 
      cloak2  file.txt  *.clo  /a fred  /e
              ^           ^     ^    ^   ^encipher
              |           |     |    |
     file to be   resulting     |    the alias to select
     enciphered   file is:      |
                 "FILE.CLO"     alias mode
Note that fred's key may be updated occasionally, but it is no longer necessary to remember any of those keys. Keys may change, but the alias tag "fred" need not, and also need not be secret. The user only need remember the one secret key to the alias file. In fact, an alias file which has keys effective at future dates provides an automatic and mostly invisible way to institute periodic key changes.

Alias files greatly simplify cipher use. Note that a new alias key can be transported on disk and activated (by releasing the transport key) only after it arrives safely. An alias file can be kept on a floppy and used by making that floppy the "current drive." For ultimate security, that floppy could be kept on the user's person when the cipher is not in use.

OPTIONS, Commands and Features

Command-Line Options

In most cases, a command line will consist of one or two file names plus various options. Each option is specified with a forward-slash "/" plus a letter (or a word with the same initial letter, for better batch-file documentation). Most options (except /k) can be placed anywhere on the command line, in any order, although /a, /k and /m require a data field to immediately follow. The first non-option character-sequence is taken to be the "source" or FromFile; the second non-option sequence (if any) is the "destination" or ToFile.
/Alias <tag> or /a <tag>

Use an alias to select a secret key. (Advanced, Decipher-Only and Corporate versions.)

Decipher the closest alias file (in memory only) and scan it for a match to the specified one-word <tag>. If such an entry is found, use the associated key-phrase for ciphering. The intent is to select secret keys using non-secret alias tags. Alias tags are not case-sensitive, and the <tag> field must immediately follow the /a option.

If environment variable CLOMGT exists, that text value is taken to be the full path, file name and type of the local alias file. Otherwise, the program searches for the file CLOAK2.MGT, first in the current directory, then in the parent directory, then in the root directory on the current drive, then in root on drive C. This allows the automatic use of multiple alias files depending on the current directory.

/a sets the alias tag, the name to search for in an alias file, and the tag itself must immediately follow /a. /a can be used alone or to overrule the tag from /f. Either /a or /f is required in the Corporate version. (Also see Alias Files.)

/Batch or /b

Initiate Cloak2 Batch mode: Decipher FromFile in memory and use each plaintext line as a Cloak2 command line. (Advanced, Decipher-Only and Corporate versions.)

With minor exceptions, each batch-file line operates just like it would if typed in at the top level. Option /b is not supported in batch files (no batch files of batch files), and option /k is supported ONLY in batch files, and ONLY as the LAST option on the command line (see /k). Also, options /q and /7 only work in a top level command-line (to DOS). (Also see Batch Mode.)

/Decipher or /d

Decipher mode: Decipher Cloak2 ciphertext. (All versions.)

If the ciphertext file was damaged, or the wrong key used, a CRC error will be reported and ciphering will stop after the current source or FromFile file completes. In one-filename decipher mode, the original FromFile data will be in the temporary file shown on the screen (usually CLO$$$$$.TMP). The temp file will be overwritten by the next one-filename ciphering, so if the original data are important, they should be copied back to the original file immediately. This recovery cannot be automatic, because if the correct key was used, the deciphered data may be the best we can do. See "One-Filename Mode." One of /d, /e, /n or /g is necessary or the interactive command line is activated.

/Encipher or /e

Encipher mode: Encipher any file containing any type of data into a file of binary ciphertext. (Advanced, Commercial Demo and Corporate versions.)

In one-filename mode, the existing source or FromFile will be overwritten with ciphertext and destroyed. It is thus vital that the User Key be entered CORRECTLY in one-filename enciphering, so that the file can later be deciphered. Use an alias file if at all possible, since a wrong alias will simply halt the program without changing the FromFile. Also see "One-Filename Mode." One of /d, /e, /n or /g is necessary, or the interactive command line is activated.

/File-alias or /f

Use the file name to create an alias to select a key for ciphering. (Advanced, Decipher-Only and Corporate versions.)

Create an alias tag from the first contiguous alphabetic characters in the file name. Create a message date from the operating system date for that file (decipher) or the current date (encipher). Use that tag and date to search the alias file for the appropriate User Key.

This process can occur dynamically (potentially selecting a different User Key for each file) as the result of wildcard operations. The intent is to support the archive storage of messages in their original enciphered form in an environment where User Keys are changed periodically. Options /a and /m can be used to modify the /f alias tag or date and access other or past or future User Keys.

/Generate or /g

Start interactive key generation. (Advanced version only.)

Get information from user, generate a new alias entry, place it at the top of the closest alias file, then place the same key in another enciphered file for transport. (Also see Creating A Key-Alias.)

/Key <keycharacters> or /k <keycharacters>

In a Cloak2 batch command ONLY, set a secret key. (Advanced, Decipher-Only and Corporate versions.)

A batch-command key applies to the alias file, or (absent /f, /a, or /m) the data file. /k is supported ONLY in Cloak2 batch files, AND ONLY as the LAST OPTION on the line: After /k, the rest of the command line is assumed to be the key. (Potentially, <keycharacters> could include option sequences, such as "/a/b/g/k" etc.)

/Msgdate <date> or /m <date>

Set the date to be used when scanning for an alias (overrule the DOS date). (Advanced, Decipher-Only and Corporate versions.)

Can be used with /a to select a past or future User Key. Can be used with /f to overrule the date from the FromFile. Only useful with /a, /f or /g. Note that the <date> field must immediately follow the /m option.

/m 0 means use the DOS date. Otherwise takes either of two date formats: yy-mm-dd, and mm/dd/yy as selected by the use of "-" or "/" (the numeric fields may have one to four digits).

/Nocipher or /n

Disable ciphering. Used to display wildcard file scans and directory-tree scans without affecting any files. (Advanced, Decipher-Only and Corporate versions.)

Display the From and To filenames as they would occur if ciphering were enabled. One of /d, /e, /n, or /g is necessary or the interactive command line is activated.

/Quiet or /q

Disable screen output (unless there are errors). Also disable the key-input-prompt beep. (All versions.)

For the original top-level command-line (to DOS) only.

/Tree or /t

Scan FromFile directory AND ALL SUB-DIRECTORIES for FromFile filename matches. (Advanced, Decipher-Only and Corporate versions.)

Normally used with a FromFile wildcard expression. BE SURE TO FIRST USE /n WITH /t to display the names of the files which will be ciphered. (Also see Directory-Tree Scanning.)

/Zmode or /z

Delete ^Z (Control-Z, hex 1a, display image right-arrow) if that code exists as the last character in a deciphered block. (All versions.)

^Z is the way old CP/M and early DOS editors indicated the end of a text file (EOF). When some editors (and especially the DOS "type" command) see a ^Z they stop reading the file, even though much data may remain (and can be displayed with "copy con /b"). Zmode is useful when one or more ciphertext blocks in a file include a ^Z which could hide subsequent blocks and text.

/7bit or /7

Display panels as 7-bit ASCII; disable color changes and substitute * for line-draw characters. (All versions.)

Useful when running under emulated DOS on a workstation. For the original top-level command-line (to DOS) only.

Commands for Common Operations

Encipher File "in place" 

     cloak2 file1.txt /e
(Advanced and Commercial Demo versions.) One-filename simple ciphering: Ciphers through a temporary file and places the result back in FILE1.TXT. This hides the original plaintext, but also destroys it, so it is no longer available. The user enters a User Key phrase, twice.

Decipher File "in place" 

     cloak2 file1.txt /d
(Advanced, Commercial Demo and Decipher-Only versions.) One-filename simple ciphering: Ciphers through a temporary file and places the result back in FILE1.TXT. This destroys the ciphertext, so it is no longer available. The user enters a User Key phrase, twice.

Generate Alias Key Effective Jan. 1, 2001 

     cloak2  /g  /m 2001-1-1
(Advanced version only.) The user enters the alias-file key phrase, the far-end alias, the transport filename and key phrase interactively. The most-future keys should always be at the top of the alias file; since /g always places a new key at the top of the file, the user should create new keys in order of increasing date.

Wildcard Alias-Encipher .TXT Files Into .CLO Files 

     cloak2  *.txt  *.clo  /e  /a fred
(Advanced and Corporate versions.) Two-filename alias ciphering with wildcard file search: Each file matching *.TXT is enciphered into *.CLO. The "closest" alias file is searched for alias "fred" (and the key in effect as of the current DOS date) to find the associated User Key. The user enters the alias-file key phrase, once.

Decipher File Using Alias "fred" 

     cloak2  file1.clo  *.res  /d  /a fred
(Advanced, Decipher-Only and Corporate versions.) Two-filename alias ciphering: FILE1.CLO is deciphered into FILE1.RES. The "closest" alias file is searched for alias "fred" (and the key in effect as of the current DOS date) to find the associated User Key. The user enters the alias-file key phrase, once.

Encipher Using Alias Key Active on Dec. 15, 1993 

     cloak2  file1.txt  /e  /a fred  /m 93-12-15
(Advanced and Corporate versions.) One-filename alias ciphering: This overwrites the original plaintext, which is then unavailable. The "closest" alias file is searched for alias "fred" (and the key in effect as of 1993-12-15) to find the associated User Key. The user enters the alias-file key phrase, once. If the alias-file key is mistyped, the alias will not be found, and FILE1.TXT will not be damaged.

Decipher Using Alias Key Active on Dec. 15, 1993 

     cloak2  file1.clo  *.res  /d  /a fred  /m 93-12-15
(Advanced, Decipher Only and Corporate versions.) Two-filename alias ciphering: Normally, the current date is used in alias searches; /m overrides that with an explicit date.

Encipher a File For File-Alias Deciphering 

     cloak2  file1.txt  fred1.clo  /e  /a fred
(Advanced and Corporate versions only.) Two-filename file-alias ciphering: Note that the start of the ToFile name is the same as the alias; this allows the alias to be recovered from the name of the ciphertext file. This command enciphers the file under the key for alias "fred" as of the current date. The resulting file FRED1.CLO will produce alias "fred" under /f deciphering, and the file date will hold the enciphering date for the decipher alias search.

Wildcard File-Alias Deciphering 

     cloak2  *.clo  /f  /d
(Advanced, Decipher-Only and Corporate versions.) One-filename file-alias ciphering with wildcard file search: Find all files in the current directory with type field ".clo", create an alias from the first contiguous alphabetic characters in each filename, create an alias date from the file date for that file, search the alias file for the correct key and decipher each file. In each case the resulting plaintext overwrites the ciphertext file; if one of the files deciphers incorrectly, ciphering stops and the original ciphertext for that file remains in the temp file displayed on the screen.

Note that /f assumes that all *.CLO files have names which convert to valid alias tags, and that each retains the original enciphering date. Even though many different keys may be required for the selected files, the user need only remember and enter the single key for the alias file.

Wildcard File-Alias Deciphering with Alias "fred" 

     cloak2  *.clo  /f  /d  /a fred
(Advanced, Decipher-Only and Corporate versions.) One-filename file-alias ciphering with wildcard file search: /a overrides the automatic generation of the alias and just uses the file date associated with each file to select the correct User Key for deciphering (since keys may have changed over time). This assumes that each file retains the original enciphering date. Ideal for ciphertext archives where a single subdirectory contains messages from a single alias.

Change The Alias-File Key 

     cloak2  cloak2.mgt  /d
     cloak2  cloak2.mgt  /e
(Advanced and Commercial Demo versions only.) One-filename simple ciphering: Carefully use one-filename mode to decipher the alias file under its old key, and then carefully re-encipher the file under the new key. Note that there may be multiple alias files in various directories, or the alias file may have a different name if there is a CLOMGT environment variable (see the section "Alias Files").

Encipher Multiple Files into Ciphertext Archive 

     cloak2  *.txt  arch1.clo  /e  /a fred
(Advanced and Corporate versions only.) Two-filename append ciphering with wildcard file search. Each *.TXT filename match causes the associated file to be enciphered into a ciphertext block, and all blocks accumulate into ARCH1.CLO.

Encipher Particular Files into Ciphertext Archive 

     cloak2  file1.txt+file2.txt+file3.txt  arch1.clo  /e
(Advanced and Commercial Demo versions; the Corporate version would need an alias.) Two-filename append ciphering (although FromFile steps through three explicit filenames). Each file is enciphered into a ciphertext block and all blocks accumulate into ARCH1.CLO.

Decipher Ciphertext Archive 

     cloak2  arch1.clo  *.res  /d
(Advanced and Commercial Demo versions; the Corporate version would need an alias.) Two-filename append ciphering. Each ciphertext block in ARCH1.CLO is deciphered and the plaintext accumulated into ARCH1.RES. Each block is announced with either a "." (no data error) or a "*" (data errors found).

Cloak2 Features

Detailed Operation

Two-Filename Mode

Two-filename mode ciphers from one file to another and the first file is not modified. To start ciphering, just enter: 
     cloak2 FromFile ToFile /e
to encipher, or 
     cloak2 FromFile ToFile /d
to decipher.

FromFile and ToFile represent your own filenames. The "from" or "source" file must already exist; it is the file you wish to protect. The "to" or "target" file will be the enciphered version of the "from" file, and will replace any existing file with the same name in the same directory. Both FromFile and ToFile may be as simple as just a name (if the file is in the current directory), or include a drive-letter and/or "path" specification (to locate the file in some other subdirectory). In two-filename mode, the original file is not modified at all. This can be a safety-net to allow recovery in the event of problems, but can also leave sensitive information on the disk. As an alternative, Cloak2 has "one-filename mode":

One-Filename Mode

Another way to use the program is to enter: 
     cloak2 FileName /e
to encipher in the "one filename" mode, in which the result overwrites the original file. One-filename mode can be more secure than two-filename mode, because a plaintext copy is not left behind unhidden. But it can also be more risky, since the original file will be overwritten and destroyed.

ONE-FILENAME MODE CAN BE DANGEROUS! Because the original file is normally overwritten, its contents will be destroyed and cannot be recovered.

BE VERY CAREFUL WHEN USING ONE-FILENAME MODE. If a wrong User Key is somehow entered in the same wrong way twice (trust me, it happens), the program cannot know this, and -- unless the error can be reproduced -- the data will have been lost.

Use an alias file if at all possible. An error in entering an alias-file key will simply result in the desired alias not being found, preventing ciphering and also preventing any change to the FromFile.

CRC Error In One-Filename Deciphering

If the ciphertext file has been damaged, or the wrong key used when deciphering, Cloak2 will report a CRC error and stop, leaving the original data in the file described on the screen. In one-filename mode, the original data will be in a temp file (usually CLO$$$$$.TMP).

The program has no way to know whether the CRC error resulted from something small like a data error at the end of the file, or something large like the use of the wrong key. The user should examine the deciphered data which is now stored in the original file.

If the problem was the use of the wrong key (indicated by a completely-random deciphered result), the user should copy the ciphertext from the temp file back to the original file, and decipher under the correct key. It is important to recover the data in the temp file before it is destroyed by another one-filename ciphering operation.

Secure Overwrite Depends on DOS

Although one-filename mode does indeed overwrite the actual disk sectors of the original file in most cases, this depends upon non-guaranteed characteristics of DOS which could depend on the particular version of "DOS" actually used. (Presumably, disk-cache programs could have an effect as well.) A user who is worried about this should format a new floppy, copy one text file to the floppy, encipher that file in one-filename mode, and then use a low-level disk utility to check the disk for sectors containing the original text. Normally there are no such sectors. If there are, it may be necessary to use a disk "wipe" utility to erase all unallocated sectors. Other alternatives include enciphering on floppy disks (which can be bulk-erased to remove all hidden plaintext), or restricting all plaintext files to RAM disk or floppy disk. In some cases it may be necessary to check hard-drive operations as well.

Put Temp Files on a RAM Disk

One-filename ciphering can operate faster (and be more secure) if the intermediate file is on "RAM disk," and this can be arranged (provided you have a RAM disk) by setting an environment variable in AUTOEXEC.BAT: 
     set clotmp=[path and filename]
In my system, I use: 
     set clotmp=h:\clo$$$$$.tmp
because drive H: is a RAM disk on my system.

The User Key

When invoked without an alias command (such as /a or /f), the program will ask you to enter a User Key, twice (so there is no mistake), after which ciphering will occur. The User Key should be long phrase (30 or more characters) which you will remember, modified to be unlike anything in print.

Cloak2 Key Phrases

A Cloak2 key-phrase could be as long as 250 characters. Each key-character can be an upper or lower case letter, a number, or any 8-bit value not used for key-entry which DOS will report to the program.

Some codes which may be a problem for DOS include: 

	^C	abort
	^N	output to printer
	^P	terminal print-echo
	^S	suspend output
	^X	cancel
Note that ^C means "control-C."

Codes used by Cloak2 for key-entry include: 

	^[	Esc	erase line / quit
	^H	BS	erase last character
	^J	LF	ignored
	^M	CR 	end-of-entry
	^U		alternate erase line / quit
Leading and trailing spaces are ignored in key phrases, but internal spaces are significant.

Entering and Editing the User Key

As you enter your User Key it will not appear on the screen so it cannot be seen and stolen. Instead, a sequence of numbers will appear which are the last digit of the number of characters you have entered. While entering your User Key, you may realize that you made a mistake; if so, you can use the backspace key to erase incorrect characters, or hit the Esc key once and start over from the beginning of the line. (Ctrl-U can be used instead of Esc.) Normally, the display digits will be removed, but if your User Key is over about 55 characters, it will wrap to the next line, and display digits will not be erased on a previous line; backspace and Esc will edit the key properly, however.

If you have forgotten the User Key and need to think, just hit the Esc key twice to exit the program.

Some Key Phrase is Always Necessary

When using alias files, the actual User Keys can be random character sequences (since they need not be typed-in or remembered). In fact, the Advanced Cloak2 /generate option will create random user keys. Still, the alias file itself will need a remembered key, as will any Cloak2 batch file. Thus, there will always be a need for some keys based on long, rememberable-but-unlike-anything-in-print key phrases.

Alias Files

The ideal way to operate Cloak2 is to use the alias facility available in most versions. An alias file is an enciphered file which contains the keys for your various uses or contacts. For example, when I want to encipher FileName to "frank" I type: 
     cloak2  FileName  /e  /a frank
The program then asks for the alias-file key, which need be entered only once. (If the wrong key is given, the alias-tag "frank" will not be found, and the program will stop without damaging data.) So I need to remember only the one key for the alias file, instead of Frank's (and Dave's and Bill's) current secret key (whose actual keys should change routinely anyway).

Creating or Extending an Alias File

The user can create or extend an alias file using the /generate option (in the Advanced version): 
     cloak2  /g
              ^
              generate
This normally creates a 40-character random new User Key (unless a specific new key is assigned by the user). The new key is collected with a user-supplied alias tag plus a key-effective date (the current date, unless otherwise specified by the user) on a single text line. The resulting line is enciphered under an "alias key" from the user, and placed at the start of the closest alias file (if none is found, one is created in the current directory). The same key is also collected with the same date and a different alias tag (for use at the far end) and then enciphered into a "transport file" under a "transport key" from the user.

Dated Aliases

Alias entries include a "key-effective" date to specify when the associated key was (or will be) placed in service. The various alias lines in an alias file should be ordered by date, "future first, past last." Cloak2 searches for the first occurrence of an alias tag which is active as of the "current" date. The user can set a particular "current" date from the command line (using /m), thus having access to past (or even future) keys. Alias files can be constructed months -- or even years -- in advance, making key-updates painless and automatic.

The Closest Alias File

Cloak2 seeks an alias file by first checking for an environment variable "clomgt," which it expects to contain the path to and name of an alias file. If the environment variable is not found, Cloak2 searches for a file named CLOAK2.MGT, first in the current directory, then in the parent directory, then in the root directory on the current drive, then in root on drive C. This allows the user to have different alias files for different areas of the directory tree structure. We can use the DOS "set" command to establish the environment variable: 
     set clomgt=[path and filename]
which will avoid the search, and allow any desired filename. The user might place this command in AUTOEXEC.BAT, where it will be executed automatically when DOS is started. In my system I do not use the environment variable, but instead simply place the working alias file in the root directory on drive C:, thus making it available for use from any current directory. I also have another alias file in my development directory for testing; Cloak2 uses the testing alias file automatically when I make my development directory "current" (using the DOS "cd" command).

The Transport File

The transport file (generally created when an alias key was generated) must be transported to the far end. There, it normally will be deciphered with the transport key and then re-enciphered under that user's alias key. Then the far end user will place the new alias line at the top of their alias file, typically using the append mode of the DOS "copy" command. (See the earlier section "Simple Operation and Help.")

Alias File Format

An alias file is simply an enciphered text file of alias lines. Each alias-file line should contain an "effective" date, an alias "tag," and an associated secret key; each field separated by one or more spaces: 
2000-12-15 harry          W+dhRbOnz5Ao4Iw07sSjcr5X/dLHm2u24elvx5h
1994-03-24 bob            c7YIvxs8+pfTpk5X3Wqo8Rfs9GvTe1zMPZUmTkE
1993-12-15 fred           EfLoU84fsrN5EwivDK6/6Fpl5qyKGmWEuoHM7Ll
Dates are in a form which supports easy sorting: yyyy-mm-dd. Alias tags are single "words" with no internal spaces, do not start with "/", and are not case-sensitive. The secret key starts with the first non-space character after the tag, and includes all characters through the end of the line (except trailing space characters, which are deleted) just like a key typed in on the keyboard. The secret key is case-sensitive and may include internal spaces and any character-codes other than CR or LF. (However, /g produces only the transportable ciphertext characters so that any subsequent editing operations will not have to deal with ASCII control codes or non-ASCII codes). An alias file line cannot exceed about 250 characters in length including, date, tag, secret key and spacing.

Editing Alias Files

Because an alias file is simply an enciphered text file, it may also be edited, either to change alias tags, add new entries which have a language phrase key, or to delete very old keys. However, because an alias file contains perhaps the most sensitive information of any file, effort should be made to minimize overall exposure. For example, a new user-created alias line could be enciphered alone, and then added at the top of the existing alias file as ciphertext (using the DOS "copy" command's binary append mode). In this way, the information in the existing alias file need not be exposed at all.

Date Order Required

Alias files scanned for the first tag-match which is valid as of the "current" date. Thus, alias files should have entries in date order, "future first, past last." All alias lines should have "yyyy-mm-dd" dates so that alias files can be sorted automatically using the DOS "sort" command on the deciphered alias file. (For security reasons, this sort of processing should be done on a RAM disk and the alias-file plaintext should never be displayed on a CRT.)

Cloak2 Batch Mode

Batch Mechanism

For installations which wish to automate operations, Cloak2 includes a batch mode. A Cloak2 batch file is an enciphered file of Cloak2 command lines. The batch mechanism simply obtains the next text line from such a file, and feeds that line to the normal Cloak2 system. As much as possible, Cloak2 processing will look and work exactly the same when processing a true command line, or a command line from a Cloak2 batch file.

The Differences

There are a couple of differences in batch mode: First, the /batch option is not recognized in batch files -- it is only used to start batch operations. Next, the /key option is ONLY valid in a batch file. A leading colon (:) on a Cloak2 batch line indicates a comment. Neither blank lines nor comments are executed, nor are they counted as commands.

Explicit Keys

The /key option (which is only valid at the end of a Cloak2 batch line) allows batch commands to use alias files (which are enciphered) without separate key entry. Of course, the key for the batch file which starts everything off will have to be entered manually, but only that key, and only once.

Errors Stop the Show

When an error occurs during batch processing, the line-in-error is displayed (with any /key option overwritten) and processing halts, to limit any possible damage to other files. Cloak2 returns an error-count through the DOS "process return code" which supports special-case processing in DOS batch files.

Other Cloak2 Features

Append Mode

Because Cloak2 has a ciphertext block structure, it is reasonable to have multiple ciphertext blocks (each enciphered under the same key) in one file. One way to build such a file is to use the Cloak2 "append" mode: A wildcard FromFile expression, with a non-wildcard single file as the ToFile. This can encipher multiple files and collect the ciphertext in a single file; each block will be a stand-alone ciphertext segment, with its own CRC. (All ciphertext blocks in such a file will be deciphered into the same plaintext file.)

Similar results can be obtained with an explicit list of files separated by "the append operator" or "+" in FromFile only (no spaces are allowed around the +): 

     cloak2 bob1.txt+john.txt *.clo /e
Alternately, the user might use the binary append mode of the DOS "copy" command to collect separately enciphered files.

When deciphering, CRC results are announced for each block with "." for OK, and "*" for BAD, but processing will continue until the file has been completely processed.

Wildcard File Specification

Most versions of Cloak2 support "wildcard" file specifications, such as: 
     cloak2 *.txt /e
This command scans the current directory for all files which have a file type field of ".TXT" and enciphers each under the same key in one-filename mode.

Directory-Tree Scanning

Most versions of Cloak2 also supports "directory-tree" operations which scan the current directory -- and all lower sub-directories -- for a match, as in: 
     cloak2 *.txt /e /t
This command scans the current directory -- and all subdirectories of the current directory -- for files which have a file type of ".TXT" and enciphers each match under the same key in one-filename mode.

Note that TREE MODE CAN BE DANGEROUS! "Tree mode" can encipher a lot of files, and could cause a lot of trouble if you make a mistake with the key, or encipher instead of deciphering. Normally, it is important to first use "no-operation" mode, like this: 

     cloak2 *.txt /t /n
which will do the same scan, and display all file matches, but change nothing.

Wildcard operations also support append mode, in which there is a wildcard FromFile specification, but a ToFile without a wildcard. This accumulates the result of ciphering operations in a single file, and can be helpful in maintaining enciphered archives.

Append Operator (+)

Results somewhat similar to wildcard scanning can be obtained by using "the append operator" or "+". This is used to separate a list of files in a FromFile specification; no spaces are allowed, and ToFile must exist and not have a wildcard: 
     cloak2  bob1.txt+john.txt  res.clo  /e

Sequence Operator (,)

Cloak2 also has a "sequence operator" or "," to separate a list of files in a FromFile specification. No spaces are allowed, and if ToFile exists, it must have a wildcard. This operator allows filenames which are textually unrelated to be operated on in fast sequence with a single key-entry. 
     cloak2  bob1.txt,john.txt  *.clo  /e

Z-Mode

Some text editors place a control-Z character at the end of a DOS text file; the DOS "type" utility and some text editors will interpret this as the end of the file. When such files are collected into a single ciphertext file, and then deciphered, the control-Z at the end of the text in the first block could hide subsequent blocks and text. Consequently, the /z option was introduced to delete the last character of a deciphered block, if (and only if) that character is a control-Z, thus allowing subsequent text to remain visible.

Cipher Technical Overview

Stream Cipher

Cloak2 is a secret-key stream cipher with message keys and nonlinear Dynamic Substitution data combining. Like most stream ciphers, Cloak2 consists of a confusion or random number generator (RNG) subsystem, and a confusion-and-data combining subsystem. Like most message key ciphers, a message key value is enciphered separately and placed in the ciphertext. The deciphered message key then initializes the confusion sequence RNG and, in Cloak2, the combiner tables.

Message Keys

Each Cloak2 block carries a 992-bit message key in enciphered form.

Message Key Cipher

Cloak2 converts a User Key phrase of arbitrary length into the internal state of a 992-bit degree-31 Additive random number generator (RNG) used to produce a pseudo-random sequence. This (linear) sequence is made nonlinear by deleting random amounts of data from the sequence at random times. The resulting nonlinear sequence is used to fill a degree-127 nonlinear RNG, which fills a degree-607 nonlinear RNG. This is used to produce a cipher value used to hide or reveal a random 992-bit message key by exclusive-OR.

Message Key RNG

Random 992-bit message keys are produced by a separate degree-607 nonlinear RNG. The state in this RNG is expanded from a 992-bit "unknowable" value. The unknowable value includes DOS precision timing values, key-entry values, and exclusive-ORed RNG tables.

Message Key Becomes Main RNG

The plaintext 992-bit message key is expanded into a degree-9689 nonlinear RNG by a sequence of intermediate RNG's. The resulting nonlinear sequence is first used to shuffle the combiner tables, and then combined with data in a patented Dynamic Substitution combiner.

Multiple-Level Combiner

The first-level combiner is a 256-byte Dynamic Substitution table. The second-level combiner is a selection from among 16 similar combiners. Attempts to work out the content of the combiners are complicated by the fact that different combiners are used at pseudo-random.

Nonlinear Combining

Because the Cloak2 design uses a unique nonlinear data combiner, the usual "known plaintext" attack (which is devastating on the normal stream cipher) cannot work.

A detailed design document and security analysis is also available.

One-Filename Detailed Operation

Ciphering Through a Temp File

Cloak2 supports one-filename ciphering, in which the result overwrites the original file. This is done by first enciphering or copying to a "temp" or intermediate file normally named CLO$$$$$.TMP (or .TMQ).

Temp Ciphering is Strange

For best security, any ciphering file should only contain ciphertext. Consequently, enciphering occurs from the original file to the intermediate, which is then copied back to and over the original. In contrast, deciphering must first copy the ciphertext to the intermediate file, and then decipher from the intermediate to and over the original. This operational difference can cause some confusion, but is necessary to maintain security.

Ciphertext Can Be Safely Deleted

Barring user error, the temp file is always ciphertext, and is simply deleted after use. The temp file is almost the only file which Cloak2 writes other than the indicated output file. (The Advanced Cloak2 /generate option will write a new transport file, and will add data to an alias file.) Cloak2 does not manipulate the file-access table (FAT) or any other low-level part of the disk system or DOS.

File Overwrites

Note that overwriting a file is not the same as first "deleting" a file and then creating a new file. The difference is in the storage allocation: A deleted file releases its allocated store (which still contains the original data), and a new file probably would not be assigned that same store. This means that some or all of the original data would remain on the disk, unhidden. On the other hand, when a file is overwritten, there is no need for the operating system to release the current store or re-allocate new store; it need only overwrite the existing store, and this appears to be what DOS does. Of course, DOS does not guarantee to do this, but it does not claim to not do this, either. The wary user might choose to use low-level disk programs to investigate what actually happens on his or her local system, or alternately use a RAM disk or a floppy (which could and should be bulk-erased) to store any and all plaintext files.

Scrambling For Secure Deletes

In most cases, one-filename mode will overwrite the actual storage sectors used for the original file. When enciphered, a file expands, so all the previous sectors will be used, and more. Thus, one way to support a secure "delete" function is to first encipher a file in one-filename mode -- thus "scrambling" the data -- and then do a normal DOS "delete."

Sample Commands

On the DOS command line, each command is preceded by the name of the program; in Cloak2 batch files, the command stands alone.

One-Filename Simple Ciphering

     test.tmp /e
     test.tmp /d
Encipher the plaintext from file TEST.TMP and place the ciphertext back in TEST.TMP, or Decipher the ciphertext in TEST.TMP and place the plaintext back in TEST.TMP. Encipher overwrites the original plaintext with the resulting ciphertext, but risks losing the file data if a mistaken key is entered, twice, in the same wrong way.

Two-Filename Simple Ciphering

     test.tmp test.clo /encipher
     test.clo test.res /decipher
Encipher the plaintext from file TEST.TMP and place the ciphertext in TEST.CLO, or decipher TEST.CLO and place the plaintext in TEST.RES. Two-filename ciphering does not overwrite the original file, and thus does not hide plaintext when enciphering, but also does not destroy a potentially-useful file.

One-Filename Alias Ciphering

     test.tmp /e /a fred
     test.tmp /d /a fred
The closest alias file (typically CLOAK2.MGT) is deciphered in memory, and each plaintext text line is searched for alias-tag "fred". When found, the last part of that line becomes the User Key for data ciphering. Encipher overwrites dangerous plaintext, the alias file avoids the consequences of entering a mistaken key, and the alias key need be entered only once.

Two-Filename Alias Ciphering

     test.tmp test.clo /encipher /alias fred
     test.clo test.res /decipher /alias fred
Using an alias implies a single key entry. Generally avoids the effects of mistakes. My favorit mode.

One-Filename Alias Wildcard Ciphering

     *.tmp /e /a fred
     *.tmp /d /a fred
The DOS wildcard "*.tmp" matches (and ciphers) any file of any name which has a type field of ".TMP" in the current directory.

One-Filename Alias Wildcard Ciphering And Directory-Tree Scanning

     *.tmp /encipher /alias fred /tree
     *.tmp /decipher /alias fred /tree
Here, "*.tmp" matches (and then ciphers) any file of any name which has a type field of ".TMP" in the current directory and all subdirectories of the current directory. USE WITH CAUTION, since distant, forgotten files may match the scanning pattern and be mistakenly enciphered. (See below.)

No ciphering, just a file-match display.

     *.tmp /n /t
Show the effect of a directory scan (or just a wildcard scan) before committing to ciphering.

Two-Filename Alias Wildcard Ciphering And Directory-Tree Subdirectory Scanning

     *.tmp *.clo /e /a fred /t
     *.clo *.res /d /a fred /t
The FromFile wildcard is used to scan the directories for matching files; the ToFile wildcard represents the characters found in any match. Note that the result files are created in the ToFile directory (here the current directory), and not in the FromFile directory (which will change, as the subdirectories are scanned).

Two-Filename Alias Wildcard Ciphering with Specific ToFile: "Append Mode"

     *.tmp archive.clo /e /a fred
     *.clo result.txt /d /a fred
When enciphering, each plaintext FromFile will produce a separate ciphertext block, and all the blocks will be accumulated in the single file ARCHIVE.CLO. All cipher blocks in that file can then be deciphered into a single accumulated plaintext file in one operation. When deciphering, each ciphertext FromFile will produce plaintext which is accumulated in the single file RESULT.TXT.

One-Filename File-Alias Ciphering

     fred1.txt /e /f
     fred1.txt /d /f
Develops alias tag "fred" from the first contiguous alphabetic characters of the file name and the current date (when enciphering) or the file date (when deciphering). A filename can include the alias tag, the file date can be the enciphering date, so the user need not remember the alias or think about key changes which may have occurred since the original ciphering.

One-Filename File-Alias Wildcard Ciphering

     fred*.* /encipher /filealias
     fred*.* /decipher /filealias
Develops alias tag from the first contiguous alphabetic characters of each matching filename. The example uses alias tag "fred" with the current date (when enciphering) or the file date (when deciphering). Potentially uses a different key for every file ciphered. Assuming the desired alias is "fred", each match-file name (files which match FRED????.???) must not have a letter after the "D".

One-Filename File-Alias Wildcard Ciphering w/ Forced Alias

     fred*.* /e /f /a fred
     fred*.* /d /f /a fred
The alias is forced to be "fred" independent of the file names. Uses the current date (when enciphering) or the match-file date (when deciphering).

One-Filename File-Alias Wildcard Ciphering w/ Forced Date

     fred*.* /e /f /m 93-11-25
     fred*.* /d /f /m 11/25/93
Uses the filename from any file match to form the alias search tag. The alias-search date is forced to be 11/25/93 independent of the current date or file date. Note that there are two date formats, signalled by the first separator (- or /). In either case, the year can be full (1993 or 2001) or abbreviated (93 or 1).

One-Filename File-Alias Wildcard Ciphering w/ Forced Current Date

     fred*.* /encipher /filedate /msgdate 0
     fred*.* /decipher /filedate /msgdate 0
The alias date is forced to be the current DOS date, independent of the file dates. Uses the match-file name to form the alias tag.

Cloak2 and Business

Ciphers and Keys

The Key-Distribution Problem

Cloak2 is a secret-key cipher, and this is no problem at all when protecting local files, or creating off-site archives. But a secret-key cipher can be a problem for communications: Users at each end must somehow acquire the same secret key with absolute security. This is "the key-distribution problem" that many people think public-key technology has solved. But -- much to their surprise -- public-key ciphers require an ADDITIONAL cryptographic protocol which secret-key ciphers do not. Public-key ciphers must "authenticate" (also "certify," or "validate") each public key a user acquires. Failure to validate public keys can result in exposure of the ciphered information WITHOUT any need to break the cipher proper. This is a complication and weakness which secret-key ciphers just do not have.

Straightforward Secrecy

Granted, Cloak2 communications users must somehow transfer secret keys, and then keep those keys secret, but this is an obvious, straightforward requirement, just like house keys and car keys. Cloak2 keys can be delivered when users meet, or transported by mail or express delivery services or with traveling friends or employees. Once keys are set up, there is no ambiguity about the Cloak2 cipher being exposed due to protocol error. Because Cloak2 uses no complex protocols, any "Opponent" must technically attack and break the cipher itself (or steal the key) to read the protected data. Normally, a technical attack on ciphertext is extremely complex, lengthy, and expensive, and so is perhaps the least likely way for someone to gain access to hidden information.

Key Management

Cloak2 uses alias files: enciphered files which hold secret keys. The user only need remember the one secret key phrase for the alias file itself, and then the keys in that file can be selected with a non-secret "nickname" or alias tag. Keys which exist only in enciphered files are very difficult to steal. As in any cipher system, it is important to use a long, strange key for the alias file key phrase (pass phrase), and to protect that key and change it when it may have been compromised.

Keys for Transport

Advanced Cloak2 can generate a random key for any alias. One copy is placed in the current alias file, and another in a separate file -- enciphered under a different key -- for transport. The transport key can be sent by a different channel to improve transport security. The resulting transported key can be added to a user's alias file without editing or on-screen exposure. Corporate users need only register their alias-file keys with the corporate key-generation facility to be provided with alias files they can use.

Business Cipher Management

Fear of Loss

One big issue for business cryptography include the possibility that employees could damage or hide data, or that they may forget keys or hold them ransom. It is important, though, to separate the aspects which cryptography really affects. Employees can damage or hide data without cryptography. Presumably business managers could feel that they take less risk by empowering their own people than they would by leaving their communications open to everyone.

Compartmental Access

Each member of a group working on a particular project can be given the same "project key." As people leave the project, members can simply add a new project key to their alias files, and continue with business as usual, using exactly the same alias they previously used. This helps to minimize the impact of security management on innovative people.

Business Keys for Business Data

Many businesses may want to institute a policy that employees may use only business keys on business data. With Cloak2, businesses can establish alias files for various departments (or users), and by using dated aliases, provide automatic, company-wide, virtually-painless key-updates. Such an alias file is easily extended and distributed without havoc.

Key Audits

To ensure compliance with a policy of using only corporate keys for corporate files, key audits of corporate files are possible, simply by trying the approved keys on enciphered files. The validity of the key is indicated by the resulting CRC. Finding enciphered files which fail such an audit would be a warning sign to any reasonable business.

Corporate Archives

To the extent that employees can create and modify files, they can damage files in all sorts of ways that do not require cryptography. (Indeed, the major problem may be accidental damage.) If this is an issue, a corporate archive may be needed to maintain fair copies of important files, and the need for this may well be completely independent of the use of cryptography. But corporate cryptographic archives could function simply by retaining a duplicate of every corporate email transmission, as long as everyone uses corporate keys.

Cloak2 Batch Files

Enciphered Cloak2 batch files can include explicit keys. Thus, Cloak2 batch files could be used to limit and simplify user options, or provide special circumstance features for particular projects or users.

Secure Message Archives

If everyone used the same key, and that key never changed, there would be no problem archiving ciphertext. But in a secure environment there will be many different keys, and those keys will change periodically (or when employees leave), making access to the archives a serious problem.

One possible approach is to immediately decipher every received message to plaintext, and simply append that onto an existing plaintext file. While fairly efficient, this would be less secure than we would like.

Another approach would be to decipher a received message, then decipher the archive file, add the received message to the end of the deciphered archive file, and re-encipher that file under the archive key. This could be secure, but very inefficient.

Multi-Block Ciphertext Files

Cloak2 directly supports files containing multiple enciphered blocks. This allows ciphertext from a single user (under a single key) to be accumulated in an archive simply by appending each new ciphertext message to the end of the existing archive file. This approach is efficient and secure, and the appending could be made automatic. Although it probably implies a new archive file for each user and key, this might be a good way to organize the archives anyway.

File-Alias Mode

Cloak2 also supports a /filealias mode which develops an alias tag and date from the name and date of each selected file. Thus, another alternative is to institute a policy of naming incoming ciphertext files with the appropriate alias, plus a sequence number. Those files could then be accessed automatically because the alias and date could be developed from the file name and date, even for many different aliases and many different keys over long periods of time. This is efficient and secure, and the appropriate message naming could be made automatic.

Cloak2 the Product

Limits of Ciphering

No cipher, by itself, can possibly be considered a complete solution to data security. The simple use of any cipher program may not seal all information leaks.

Ciphers can only hide information which is otherwise secret

If someone can read, bribe, coerce, break-in and copy, bug, remotely monitor, or in some other way get the information, no cipher can help. And when a direct technical attack on a cipher is more expensive than an alternate way to get the information, the cipher is probably tough enough. Cloak2 is intended to be a very strong cipher, but to make full use of this strength, the user will need extensive physical security and a special low-emission computer.

Speed vs. Strength

Any software cipher must inherently trade off speed for strength. Cloak2 is relatively fast with strength far beyond the usual cipher, because it uses better technology. Even in extraordinary user environments (that is, with guards, internal secure areas, and a security staff to handle external coercion), it should be cheaper to obtain almost any information in some way other than a direct technical attack on Cloak2 ciphertext.

Use Long Key Phrases

The user who is concerned about strength will have User Key phrases at least 30 characters long, modified with unusual spacing, capitalization, and numbers and symbols to be very unlike anything ever before placed in print. The /generate option will create random keys which can be transferred on floppy disk and then used in an alias file; they need not be remembered. Of course, the key to the alias file itself must still be remembered. No matter what cipher is used, all cryptographic security ultimately relies on the hope that one or more secret keys is still a secret.

Never Write Down a Key

Cloak2 alias files can reduce the number of keys to be remembered to one. Nevertheless, at least one User Key (the password to the alias file) must be remembered, for if it is written down, the surface it is written on must be kept secure. It is far easier to have one memorable key phrase for the alias file than to keep some surface secure.

Transporting Secret Keys

Transporting keys is not required unless the enciphered files are to be sent by electronic communication. In that case, the best way to deliver a new key is to hand a person a disk. Many businesses support frequent travel between corporate offices, and new secret keys could easily be hand-carried on such trips. Ordinary mail is another possibility, as are express mail or delivery services. Ideally, key-change mail would be dropped in a public mailbox and sent to a pre-arranged neighbor of the intended recipient, thus hopefully avoiding any mail interception. Anything which constitutes a "separate channel" will frustrate any Opponent who does not maintain massive continuous monitoring of that particular channel. And any Opponent with that level of resources has many other alternatives.

Add Received Keys Securely

Note that it is possible to add the new key to an alias file without ever showing the key on the display; see "Installing a Transported Key-Alias." Moreover, Cloak2 supports adding keys to an alias file without deciphering either the transport file or the alias file (and thus exposing the keys inside). This is done by converting the transported entry to the alias key, and appending the new entry to the start of the alias file.

Caution

Cloak2 is a serious cipher: It is specifically designed to convert data into a form which is useless without knowledge of the secret key used in encryption. It uses a large internal key, and there is no "backdoor." If you forget your secret key, you will lose the ability to expose the data enciphered with that key. If you allow this to happen, nobody will be able to recover the data for you.

Archiving arbitrary enciphered files risks data loss as keys fade from use and memory. If you are concerned about potential key loss, name the files for use with the Cloak2 /filealias option and maintain some alias files with all the old keys. Alternately, keep backups under a common key, or in plaintext form in a secure location. Companies should be aware of the need to keep valid keys to any work files employees may generate. It may be reasonable to demand that corporate files only use corporate keys, and audit files periodically to assure that this is being done. Again, without the correct secret key, nobody can recover data from the ciphertext.

Licensing

The Cloak2 program is protected both by copyright and patent law.

Evaluation

Cloak2 is available in a Commercial Demo version for evaluation. Individuals may evaluate the demo until they choose to license Cloak2. Commercial entities are normally limited to a 30 day free evaluation, and should evaluate the Advanced version anyway.

Commercial Program

Cloak2 is a commercial cipher. Everyone who uses Cloak2 must be either "evaluating" or "licensed." However, the program does not attempt to enforce licensing, but instead simply states that a licensing fee is required. Licensed users should be aware that the announcement is displayed so that, if and when the program is used by others, or even just observed in operation, the licensing requirement is made plain.

Licensed Per User

Individual licensing is $149 per user. (A "user" is any originator and/or recipient of text or data enciphered by the Cloak2 cipher. It is not acceptable to buy one Cloak2 license and process messages for an entire group.) Quantity rates are available, and various sorts of group or site licenses can be negotiated.

Commercial Demo May be Distributed Freely

Cloak2 users can communicate with anyone they wish, simply by sending out the demo. They should be sure to include documentation so the new evaluator will know how to use the program.

Not for Export

Cloak2 is a serious commercial cipher, and is unlikely to be approved for export. Currently, anyone who "exports" such a cipher may be in violation of federal law. To avoid placing bulletin-board operators in an awkward position, users are asked to not place any version of Cloak2 on any open BBS. The Cloak2 commercial demo can be given to friends and others in the U.S., but they should understand that if they "export" the program they may violate U.S. law.

International Travel

In the past, international travelers have wondered whether they should remove commercially-available cipher programs from their portable computers when they travel. According to a recent State Department release, that is no longer necessary: 
Statement of

Dr. Martha Harris

Deputy Assistant Secretary of State for Political-Military
Affairs

February 4, 1994

	Encryption -- Export Control Reform

	[...]

* Personal use exemption: We will no longer require that U.S.
citizens obtain an export license prior to taking encryption
products out of the U.S. temporarily for their own personal use.
In the past, this requirement caused delays and inconvenience
for business travellers.

	[...]

The contact point for further information on these reforms is
Rose Biancaniello, Office of Defense Trade Controls, Bureau of
Political-Military Affairs, Department of State, (703) 875-6644.

Disclaimer

RSE takes pride in cryptographic innovation and the design and implementation of this program. We will repair any problems in the program which we find to be our error for the first year after licensing.

It is up to each licensee or user to check this product in their own particular environment and not rely upon the product until fully satisfied that it is suitable for use.

License for use of this program is conditional upon agreement that neither RSE nor the author are liable for consequential damage, and that our ultimate liability will in no case exceed the license fees actually paid by the licensee involved.

Author, Company, Publications

Author's Background

The author is a registered Professional Engineer, in another life one of the architects of the MC6809 processor, and has been researching, publishing, inventing and applying cryptography full-time for over half a decade. He has been writing computer programs for almost thirty years and working in the 80x86 DOS assembly-language environment for the past decade.

Ritter Software Engineering

One of the reasons for producing Cloak2 is to demonstrate and advertise our role as a provider of new, innovative cryptographic technology. Ritter Software Engineering -- a government-registered manufacturer of cryptographic armaments -- has developed a number of innovative software cipher-engines which cover a range of speed, strength, and special-use situations. These cipher engines are designed for "drop-in" inclusion in user software like editors and spreadsheets. The especially high-speed designs would be appropriate for system software such as disk-controllers and LAN servers.

References

[1] Ritter, T. 1990. Substitution Cipher with Pseudo-Random Shuffling: The Dynamic Substitution Combiner. Cryptologia. 14(4): 289-303.

[2] Ritter, T. 1990. Dynamic Substitution Combiner and Extractor. U.S. Patent 4,979,832.

[3] Ritter, T. 1991. The Efficient Generation of Cryptographic Confusion Sequences. Cryptologia. 15(2): 81-139. 213 refs.

Terry Ritter, his current address, and his top page.

Last updated: 1995-12-14