The Cloak2 Cipher User's Manual
Serious File Encryption and Key Management
Terry Ritter, P.E.
Ritter Software Engineering
2609 Choctaw Trail
Austin, TX 78745
(512) 892-0494
Copyright 1993 - 1995 Ritter Software
Engineering
Protected by U.S. Patent 4,979,832
Introduction
Cloak2 is a serious second-generation stream cipher based on
Dynamic Substitution technology. Cloak2 will encipher any file
of any type into a file of binary ciphertext, and will decipher
that ciphertext into a file which is byte-by-byte the same as
the original. Cloak2 is currently implemented as a DOS program
with an internal command line which works well under Microsoft
Windows.
Cloak2 users normally select a hidden random key from an alias
file of such keys (the alias file might be provided by the local
corporation). A particular key is selected by an associated alias
tag which need not be secret. This allows the hidden keys to
change (e.g., as employees leave), while the user continues to use
the exact same alias. The hidden keys actually encipher only a
random 992-bit session key; the random session key is then used to
encipher the file data.
Cloak2 is a "conventional" or "Secret Key" cipher, and is
ideal for secure local storage or secure communication within a
corporation. Although "Public Key" ciphers are often suggested
as an alternative, for true security, they require that received
keys be certified. When this poorly-understood step can
be ignored by users, supposedly secret information can be exposed
to outsiders. This sort of problem does not occur in a Secret Key
cipher.
Contents
Start Up
Overview
What Is Cloak2?
- Cloak2 is an easy-to-use data security program for MS-DOS which
works well under Microsoft Windows. Cloak2 protects the
information in a file from unauthorized viewing. Protected
files can be saved locally, archived off-site, or communicated
(using conventional binary file-transfer protocols) without
exposing the information in those files to unauthorized
individuals.
What Does Cloak2 Do?
- Cloak2 translates (enciphers) files of any sort (word processing
files, spreadsheets, graphics, compressed archive files, etc.)
into files of random-like values. This "ciphertext" contains
the original information, but keeps it hidden. The original
file is recovered by "deciphering" the ciphertext file with the
correct key.
How Does Cloak2 Do It?
- Cloak2 uses new, patented Dynamic Substitution technology to
implement an especially fast and strong cipher. A user-selected
Key Phrase defines the enciphering transformation, and EXACTLY
THE SAME KEY PHRASE MUST BE USED TO RECOVER THE ORIGINAL FILE.
Cloak2 provides extensive and unique key management facilities
to make this easy.
When deciphering, Cloak2 translates the ciphertext back into
exactly the same data as in the original file -- provided
the deciphering key phrase is exactly correct. A CRC error-check
warns if an incorrect key phrase was used or if the ciphertext
file was damaged or tampered with.
Who Should Use Cloak2?
- Cloak2 is great for those who want practical, easy-to-use file
privacy. Most computers are not under continuous armed guard,
and portable machines can be lost. Unauthorized people may be
able to read or copy the information in unattended machines.
Cloak2 makes surreptitious loss virtually impossible. Cloak2
can be used for local privacy, to protect off-site archives from
inappropriate access, or to protect files which will be
communicated by a binary protocol.
Cloak2's key-management facilities make enciphering quick and
easy for individuals, and allow companies to institute a
corporate-wide key management and control policy. A key policy
is important, because employers need access to business
information which their employees generate.
Everyone who saves enciphered files will appreciate Cloak2's
support for messages enciphered under old keys.
What Do I Need To Use Cloak2?
- Cloak2 runs on any system which runs MS-DOS programs, from old
8088 systems through modern Pentium systems, including lap-tops,
hand-held DOS computers and even emulated DOS on Unix and other
systems. While Cloak2's assembly-language code is optimized for
modern processors, it is also very efficient on older machines.
Unlike many other encryption products, Cloak2 does not require a
numeric co-processor.
The Cloak2 Versions
Currently, there are four different versions of Cloak2:
Advanced (the usual choice), Commercial Demo (for evaluation),
Decipher-Only (for CD-ROM protection), and Corporate (which
limits use to specific keys). Each version has a particular
combination of features, and only the Advanced version has all
Cloak2 features.
Advanced
- The Advanced version of Cloak2 (typically CLO2ADV.EXE) includes
all features.
Commercial Demo
- The Commercial Demo (typically CLO2DEMO.EXE) provides basic
cipher capabilities in a small package. The commercial demo
does not include alias files (/a, /f), batch files (/b, /k),
key-generation (/g), wildcard support, or tree-mode (/t) mass
ciphering. However, the Commercial Demo (and all documentation)
can be sent -- without obligation -- to anyone with whom
you would like to communicate. This means that the other party
need not already have Cloak2 before you can send secure
information.
Individuals can use the demo version until
they decide to license the advanced version. Businesses
normally have a 30-day demo evaluation period, but would be
better off to contact us for an Advanced demo with more of the
features they will need.
Decipher-Only
- The Decipher-Only version (typically CLO2DEC.EXE) has most
features, but does not have routines for enciphering (/e) or
key-generation (/g). The enciphering routines are physically
not present anywhere in the program. This means that -- in
certain cases -- the Cloak2 Decipher-Only version might be
exportable.
Corporate
- The Corporate version (typically CLO2CORP.EXE) has most features,
but is intended to limit ciphering to only approved keys, and has
no key-generation (/g) of its own. This of course means that some
entity must produce and distribute alias files containing the
approved keys. This gives corporations the ability to define the
keys which will be used on corporate data.
Users of the Corporate version can cipher data only using the
keys present in their alias file. These users cannot cipher data
with a key entered from the keyboard, and so must use an
alias option (either /a or /f).
Corporate version users have no automatic way to make a new
alias file. They also normally cannot decipher the alias file, and
cannot encipher a new alias file under the alias key. This provides
improved corporate control over secret keys.
Installation
All Cloak2 versions are DOS programs which include internal
on-line help panels and a command-line editing facility (for use
in Microsoft Windows). Each program is a single file: No
separate DLL's or help files are used.
DOS installation
- The version of Cloak2 you have (or want to use) should be copied
to some directory listed in your command "path." (To see your
current path under DOS, just type "set" -- plus enter -- and look for
"PATH.") This will allow the program to be found, loaded into
memory and executed. The examples generally assume you have
Advanced Cloak2, and have renamed the file as CLOAK2.
Microsoft Windows Installation
- A Microsoft Windows installation requires that the version of
Cloak2 you want to use be copied into a convenient directory,
perhaps one you normally use for e-mail. The CLOAK2.PIF file
should be copied to the same directory.
Use Program Manager to open the Accessories group and use
File, New
to create a new Program Item. Enter the
Description "Cloak2 Cipher" and set
Command Line as the full path to the program
(e.g., "c:\clo\cloak2.exe). Set
Working Directory to where you
want files without full paths to end up (e.g., "c:\clo).
(Eventually, you may put your alias file in the Working
Directory.) Enter "c" for
Shortcut Key (which becomes
Ctrl+Alt+C), and check
Run Minimized. Use
Change Icon and
select the safe icon, if desired.
After setup, Cloak2 can be started by double-clicking on the
selected icon in Accessories, and then activated when desired
with Ctrl-Alt-C, or Ctrl-Esc and Switch To. Or use
File Manager and double-click on the Cloak2 program-file.
Or use Program Manager File, Run.
What to Expect
- When started, Cloak2 immediately displays an identification
screen. Execution without a parameter starts-up the interaction
menu, which can open the help system. If a parameter is found
but the source (FromFile) is not found, Cloak2 will stop with an
error; otherwise Cloak2 will request a key, then display the
FromFile and the destination (ToFile) as ciphering starts. On a
25 MHz 386, a 30K file should finish in a couple of seconds.
Simple Operation and Help
Help
Execution without a parameter:
cloak2
will bring up an interaction menu. One option is "Help":
Almost all the information needed to run Cloak2 is available in
the help system. Another option is "Enter new command line
parameters," which allows Cloak2 to be used interactively.
(Since the program is already running, do not use a "program
name" like "cloak2" on the interactive command line!)
Simple Enciphering
Basically,
cloak2 readme.txt readme.clo /e
^ ^ ^ ^
| | | |
program name input file output file option
enciphers the file README.TXT into a new file README.CLO after
the program asks the operator to enter a User Key twice. The
resulting file is secure. (Not available in the Decipher-Only
version, and the Corporate version will require an alias; see
Using a Key-Alias.)
Simple Deciphering
Similarly,
cloak2 readme.clo readme.res /d
^ ^ ^ ^
| | | |
program name input file output file option
deciphers the enciphered file README.CLO into the file
README.RES. (The Corporate version will require an alias.)
Creating a Key-Alias
Users of Advanced Cloak2 should create a file which holds user
keys under cipher, so the user need remember only the one key
for the cipher-key file. We call this an
alias file, and it can
be created or extended by using the /generate option (Advanced
version only):
cloak2 /g
^
generate
The /generate option starts an interactive system to define an
alias entry (effective date, alias tag and key), encipher it
(the user enters the alias key), and place it at the top of an
alias file. If the user does not enter a specific key for the
alias entry, a random key will be created.
In addition, the same key can be given a different alias tag
(perhaps your own e-mail name) and placed in another file (under
another key) for secure transport. The transport key will be
installed at the far end, and the different alias tag will be
used there to refer to the key used to communicate with you.
Normally, each alias tag will in some way refer to the person or
entity at the other end.
Ideally, the transport file would be copied to a floppy disk,
carried to the far end, and the transport key delivered by
separate channel (for example, by postal mail or phone).
Installing a Transported Key-Alias
When an advanced Cloak2 alias transport file and its key have
arrived, the new alias line can be deciphered with the transport
key and immediately re-enciphered under the local alias-file key:
copy jerrys.clo temp.tmp
cloak2 /d jerrys.clo (enter the transport key)
cloak2 /e jerrys.clo (enter your alias key)
The resulting ciphertext (now enciphered under the local
alias-file key) can simply be placed at the top of the alias
file, using a text editor or the DOS "copy" command's binary
append mode:
copy /b cloak2.mgt clomgt.old
copy /b jerrys.clo+clomgt.old cloak2.mgt
This is intended to save the current alias file, then to collect
the ciphertext from the transport file and the saved alias file
into a new alias file. Note that the new alias is appended to
the alias file
as ciphertext, and
the existing alias file need not be deciphered.
The saved alias file can then be erased, if desired.
A similar operation is available in the Corporate version: The
corporate key-generation facility can provide incremental
upgrades in the alias key (or pass-phrase) for each user. The
new block of alias entries then is simply copied to the top of
the existing alias file: No ciphering is needed to add a key to
the alias file.
Using a Key-Alias
Once a Cloak2 alias file is set up, the /a "tag" (a single word)
selects an alias in that file:
cloak2 file.txt *.clo /a fred /e
^ ^ ^ ^ ^encipher
| | | |
file to be resulting | the alias to select
enciphered file is: |
"FILE.CLO" alias mode
Note that fred's key may be updated occasionally, but it is no
longer necessary to remember any of those keys. Keys may
change, but the alias tag "fred" need not, and also need not be
secret. The user only need remember the one secret key to the
alias file. In fact, an alias file which has keys effective at
future dates provides an automatic and mostly invisible way to
institute periodic key changes.
Alias files greatly simplify cipher use. Note that a new alias
key can be transported on disk and activated (by releasing the
transport key) only after it arrives safely. An alias file can
be kept on a floppy and used by making that floppy the "current
drive." For ultimate security, that floppy could be kept on the
user's person when the cipher is not in use.
OPTIONS, Commands and Features
Command-Line Options
In most cases, a command line will consist of one or two file
names plus various options. Each option is specified with a
forward-slash "/" plus a letter (or a word with the same initial
letter, for better batch-file documentation). Most options
(except /k) can be placed anywhere on the command line, in any
order, although /a, /k and /m require a data field to
immediately follow. The first non-option character-sequence is
taken to be the "source" or FromFile; the second non-option
sequence (if any) is the "destination" or ToFile.
- /Alias <tag> or /a <tag>
Use an alias to select a secret key. (Advanced,
Decipher-Only and Corporate versions.)
Decipher the
closest alias file (in memory only) and scan it for a match to
the specified one-word <tag>. If such an entry is found, use
the associated key-phrase for ciphering. The intent is to
select secret keys using non-secret alias tags. Alias tags are
not case-sensitive, and the <tag> field must immediately follow
the /a option.
If environment variable CLOMGT exists, that text value is taken
to be the full path, file name and type of the local alias file.
Otherwise, the program searches for the file CLOAK2.MGT, first
in the current directory, then in the parent directory, then in
the root directory on the current drive, then in root on drive
C. This allows the automatic use of multiple alias files
depending on the current directory.
/a sets the alias tag, the name to search for in an alias file,
and the tag itself must immediately follow /a. /a can be used
alone or to overrule the tag from /f. Either /a or /f is
required in the Corporate version. (Also see
Alias Files.)
/Batch or /b
Initiate Cloak2 Batch mode: Decipher FromFile in
memory and use each plaintext line as a Cloak2 command line.
(Advanced, Decipher-Only and Corporate versions.)
With minor exceptions, each batch-file line operates just like
it would if typed in at the top level. Option /b is not supported
in batch files (no batch files of batch files), and option /k is
supported ONLY in batch files, and ONLY as the LAST option on
the command line (see /k). Also, options /q and /7 only work in
a top level command-line (to DOS). (Also see
Batch Mode.)
/Decipher or /d
Decipher mode: Decipher Cloak2 ciphertext. (All versions.)
If the ciphertext file was damaged, or the wrong key used, a CRC
error will be reported and ciphering will stop after the current
source or FromFile file completes. In one-filename decipher
mode, the original FromFile data will be in the temporary file
shown on the screen (usually CLO$$$$$.TMP). The temp file will
be overwritten by the next one-filename ciphering, so if the
original data are important, they should be copied back to the
original file immediately. This recovery cannot be automatic,
because if the correct key was used, the deciphered data may be
the best we can do. See
"One-Filename Mode." One of /d, /e, /n
or /g is necessary or the interactive command line is activated.
/Encipher or /e
Encipher mode: Encipher any file containing any type of
data into a file of binary ciphertext. (Advanced, Commercial Demo
and Corporate versions.)
In one-filename mode, the existing source or FromFile will
be overwritten with ciphertext and destroyed. It is thus vital
that the User Key be entered CORRECTLY in one-filename
enciphering, so that the file can later be deciphered. Use an
alias file if at all possible, since a wrong alias will simply
halt the program without changing the FromFile. Also see
"One-Filename Mode." One of /d, /e, /n or
/g is necessary, or the interactive command line is activated.
/File-alias or /f
Use the file name to create an alias to select a key for
ciphering. (Advanced, Decipher-Only and Corporate versions.)
Create an alias tag from
the first contiguous alphabetic characters in the file name.
Create a message date from the operating system date for that
file (decipher) or the current date (encipher). Use that tag
and date to search the alias file for the appropriate User Key.
This process can occur dynamically (potentially selecting a
different User Key for each file) as the result of wildcard
operations. The intent is to support the archive storage of
messages in their original enciphered form in an environment
where User Keys are changed periodically. Options /a and /m can
be used to modify the /f alias tag or date and access other or
past or future User Keys.
/Generate or /g
Start interactive key generation. (Advanced version only.)
Get information from user, generate a new alias entry, place it
at the top of the closest alias file, then place the same key in
another enciphered file for transport. (Also see
Creating A Key-Alias.)
/Key <keycharacters> or /k <keycharacters>
In a Cloak2 batch command ONLY, set a secret key. (Advanced,
Decipher-Only and Corporate versions.)
A batch-command key applies to the alias file, or (absent /f, /a,
or /m) the data file. /k is supported ONLY in Cloak2 batch files,
AND ONLY as the LAST OPTION on the line: After /k, the rest of the
command line is assumed to be the key. (Potentially,
<keycharacters> could include option sequences, such as
"/a/b/g/k" etc.)
/Msgdate <date> or /m <date>
Set the date to be used when scanning for an alias (overrule
the DOS date). (Advanced, Decipher-Only and Corporate versions.)
Can be used with /a to select a past or future User Key. Can be
used with /f to overrule the date from the FromFile.
Only useful with /a, /f or /g. Note that the <date> field must
immediately follow the /m option.
/m 0 means use the DOS date. Otherwise takes either of two date
formats: yy-mm-dd, and mm/dd/yy as selected by the use of "-"
or "/" (the numeric fields may have one to four digits).
/Nocipher or /n
Disable ciphering. Used to display wildcard file scans and
directory-tree scans without affecting any files. (Advanced,
Decipher-Only and Corporate versions.)
Display the From and To filenames as they would occur if ciphering
were enabled. One of /d, /e, /n, or /g is necessary or the
interactive command line is activated.
/Quiet or /q
Disable screen output (unless there are errors). Also disable
the key-input-prompt beep. (All versions.)
For the original top-level command-line (to DOS) only.
/Tree or /t
Scan FromFile directory AND ALL SUB-DIRECTORIES for
FromFile filename matches. (Advanced, Decipher-Only and
Corporate versions.)
Normally used with a FromFile wildcard expression.
BE SURE TO FIRST USE /n WITH /t to display the names of the files
which will be ciphered. (Also see
Directory-Tree Scanning.)
/Zmode or /z
Delete ^Z (Control-Z, hex 1a, display image right-arrow) if
that code exists as the last character in a deciphered block.
(All versions.)
^Z is the way old CP/M and early DOS editors indicated the end
of a text file (EOF). When some editors (and especially the DOS
"type" command) see a ^Z they stop reading the file, even though
much data may remain (and can be displayed with
"copy con /b"
). Zmode is useful when one or
more ciphertext blocks in a file include a ^Z which could hide
subsequent blocks and text.
/7bit or /7
Display panels as 7-bit ASCII; disable color changes and
substitute * for line-draw characters. (All versions.)
Useful when running under emulated DOS on a workstation. For the
original top-level command-line (to DOS) only.
Commands for Common Operations
Encipher File "in place"
cloak2 file1.txt /e
(Advanced and Commercial Demo versions.) One-filename simple
ciphering: Ciphers through a temporary file and places the
result back in FILE1.TXT. This hides the original plaintext,
but also destroys it, so it is no longer available. The user
enters a User Key phrase, twice.
Decipher File "in place"
cloak2 file1.txt /d
(Advanced, Commercial Demo and Decipher-Only versions.)
One-filename simple ciphering: Ciphers through a temporary file
and places the result back in FILE1.TXT. This destroys the
ciphertext, so it is no longer available. The user enters a
User Key phrase, twice.
Generate Alias Key Effective Jan. 1, 2001
cloak2 /g /m 2001-1-1
(Advanced version only.) The user enters the alias-file key
phrase, the far-end alias, the transport filename and key phrase
interactively. The most-future keys should always be at the top
of the alias file; since /g always places a new key at the top
of the file, the user should create new keys in order of
increasing date.
Wildcard Alias-Encipher .TXT Files Into .CLO Files
cloak2 *.txt *.clo /e /a fred
(Advanced and Corporate versions.) Two-filename alias ciphering
with wildcard file search: Each file matching *.TXT is
enciphered into *.CLO. The "closest" alias file is searched for
alias "fred" (and the key in effect as of the current DOS date)
to find the associated User Key. The user enters the alias-file
key phrase, once.
Decipher File Using Alias "fred"
cloak2 file1.clo *.res /d /a fred
(Advanced, Decipher-Only and Corporate versions.) Two-filename
alias ciphering: FILE1.CLO is deciphered into FILE1.RES. The
"closest" alias file is searched for alias "fred" (and the key
in effect as of the current DOS date) to find the associated
User Key. The user enters the alias-file key phrase, once.
Encipher Using Alias Key Active on Dec. 15, 1993
cloak2 file1.txt /e /a fred /m 93-12-15
(Advanced and Corporate versions.) One-filename alias
ciphering: This overwrites the original plaintext, which is
then unavailable. The "closest" alias file is searched for
alias "fred" (and the key in effect as of 1993-12-15) to find
the associated User Key. The user enters the alias-file key
phrase, once. If the alias-file key is mistyped, the alias will
not be found, and FILE1.TXT will not be damaged.
Decipher Using Alias Key Active on Dec. 15, 1993
cloak2 file1.clo *.res /d /a fred /m 93-12-15
(Advanced, Decipher Only and Corporate versions.) Two-filename
alias ciphering: Normally, the current date is used in alias
searches; /m overrides that with an explicit date.
Encipher a File For File-Alias Deciphering
cloak2 file1.txt fred1.clo /e /a fred
(Advanced and Corporate versions only.) Two-filename file-alias
ciphering: Note that the start of the ToFile name is the
same as the alias; this allows the alias to be recovered from the
name of the ciphertext file. This command enciphers the file under
the key for alias "fred" as of the current date. The resulting
file FRED1.CLO will produce alias "fred" under /f deciphering, and
the file date will hold the enciphering date for the decipher
alias search.
Wildcard File-Alias Deciphering
cloak2 *.clo /f /d
(Advanced, Decipher-Only and Corporate versions.) One-filename
file-alias ciphering with wildcard file search: Find all files
in the current directory with type field ".clo", create an alias
from the first contiguous alphabetic characters in each
filename, create an alias date from the file date for that file,
search the alias file for the correct key and decipher each
file. In each case the resulting plaintext overwrites the
ciphertext file; if one of the files deciphers incorrectly,
ciphering stops and the original ciphertext for that file
remains in the temp file displayed on the screen.
Note that /f assumes that all *.CLO files have names which
convert to valid alias tags, and that each retains the original
enciphering date. Even though many different keys may be
required for the selected files, the user need only remember and
enter the single key for the alias file.
Wildcard File-Alias Deciphering with Alias "fred"
cloak2 *.clo /f /d /a fred
(Advanced, Decipher-Only and Corporate versions.) One-filename
file-alias ciphering with wildcard file search: /a overrides
the automatic generation of the alias and just uses the file
date associated with each file to select the correct User Key
for deciphering (since keys may have changed over time). This
assumes that each file retains the original enciphering date.
Ideal for ciphertext archives where a single subdirectory
contains messages from a single alias.
Change The Alias-File Key
cloak2 cloak2.mgt /d
cloak2 cloak2.mgt /e
(Advanced and Commercial Demo versions only.) One-filename
simple ciphering: Carefully use one-filename mode to decipher
the alias file under its old key, and then carefully re-encipher
the file under the new key. Note that there may be multiple
alias files in various directories, or the alias file may have a
different name if there is a CLOMGT environment variable (see
the section "Alias Files").
Encipher Multiple Files into Ciphertext Archive
cloak2 *.txt arch1.clo /e /a fred
(Advanced and Corporate versions only.) Two-filename append
ciphering with wildcard file search. Each *.TXT filename match
causes the associated file to be enciphered into a ciphertext
block, and all blocks accumulate into ARCH1.CLO.
Encipher Particular Files into Ciphertext Archive
cloak2 file1.txt+file2.txt+file3.txt arch1.clo /e
(Advanced and Commercial Demo versions; the Corporate version
would need an alias.) Two-filename append ciphering (although
FromFile steps through three explicit filenames). Each file is
enciphered into a ciphertext block and all blocks accumulate
into ARCH1.CLO.
Decipher Ciphertext Archive
cloak2 arch1.clo *.res /d
(Advanced and Commercial Demo versions; the Corporate version
would need an alias.) Two-filename append ciphering. Each
ciphertext block in ARCH1.CLO is deciphered and the plaintext
accumulated into ARCH1.RES. Each block is announced with either
a "." (no data error) or a "*" (data errors found).
Cloak2 Features
- New Technology:
Cloak2 is based on original Dynamic Substitution technology
invented by this author, technology which provides an improved
tradeoff between speed and security in a software stream cipher.
Because the technology is patented, a detailed technical
description of the cipher design is available and has been
published and discussed in the Usenet News sci.crypt group.
- Random Message Keys:
Each and every Cloak2 ciphertext block has its own random
992-bit message key. Repeatedly enciphering exactly the same
file will produce different ciphertext each time. This prevents
Cloak2 from having a fixed cipher state which can be exposed.
- Checks for Data Error:
Cloak2 deposits an error-check value in every ciphertext block.
This 32-bit cyclic redundancy check (CRC) is also computed when
each block is deciphered; if the values do not match, an error
is indicated. The error-check supports the enciphering of
programs, which should not be executed if they have been damaged
in storage or transit.
- Indicates Use of Wrong Key When Deciphering:
The error-check CRC also detects the use of the wrong
deciphering key, a common error in a cryptographic system.
- Optionally Overwrites Plaintext:
When Cloak2 is used in "one filename" mode (that is, not
ciphering from one file to a new file), the program overwrites
the plaintext file, thus (providing DOS cooperates) hiding the
original data even from file-recovery programs. No low-level
file-access- table (FAT) operations are needed or used.
- May Support a Secure Delete:
Cloak2 might be used as the basis of a secure file "delete"
operation. Normally, a file "delete" is not secure because the
information in the file remains on the disk (until it is
overwritten by another file). But to the extent that Cloak2
"one filename" enciphering overwrites a file with ciphertext, it
can be used to "pre-treat" files to make the information on the
disk secure so those files can be deleted normally.
- Straightforward Secret-Key Cipher:
Cloak2 is a "conventional" or "secret key" cipher, and so
corresponds to the essence of secrecy: The need for a secret
key reminds us that privacy is not available if the other end
cannot be trusted. A secret-key cipher does not require
"certification authorities" or "trust" with respect to the key.
A secret-key cipher automatically "authenticates" a person who
possesses the key. A secret-key cipher is not subject to
strange "man-in-the-middle" or "spoofing" attacks like some
public-key ciphers.
- Supports Wildcard File-Search:
Most Cloak2 versions support "wildcard" operations, in which
multiple files can be selected with a single FromFile expression
using the DOS wildcard characters "*" and "?". This allows
Cloak2 to encipher or decipher many files with a single
key-entry.
- Supports Directory-Tree File-Search:
Most Cloak2 versions support directory-tree ciphering, in which
the current directory, and all of its sub-directories (and
sub-sub-directories, etc.) are searched for a match to the given
filename or wildcard expression. This mode supports massive
ciphering, such as may be needed when changing keys or ciphers.
(The /t option.)
- Supports Multi-File Archives:
Cloak2 supports "append mode" operation, where multiple "from"
files (selected by a wildcard expression) are ciphered to a
single "to" file. Enciphering will produce an archive of
ciphertext blocks (which will decipher into a single file).
Deciphering will accumulate a plaintext archive from multiple
ciphertext files, each of which may have multiple ciphertext
blocks.
- Supports Explicit File-Append:
Cloak2 supports a form of append-mode operation in which a list
of specific files, separated by "+" (with no spaces around the
+) is presented as the FromFile. This allows explicitly
ordering the multiple blocks of a large file sent on the
Internet.
- Supports Explicit File-Sequence:
Cloak2 supports operation on a list of files separated by ","
and presented as the FromFile. This allows explicit
specification of filenames which are not related and for which
wildcard operations will not help.
- Supports Key-Alias Files:
Most Cloak2 versions supports enciphered alias files, which
greatly simplify key management. A simple public alias can
select a long secret key from the alias file. Alias files
reduce the irritation and the potential for serious error which
can result from typing-in long secret keys (twice).
(The /a option.)
- Supports Key Update:
Cloak2 alias files support "dated" aliases: Each alias has a
"key effective date" to indicate when the associated key was (or
will be) placed in service. This allows the current key for an
alias to be changed to a new key, and periodic key-change is a
normal requirement in serious cryptosystems.
- Supports Access to Old Keys:
Normally, the current date is used to select the appropriate key
automatically, but the user can access past (or future) keys by
specifying a past (or future) date on the command line.
(The /m option.)
- Supports Archiving the Original Ciphertext:
Since old keys can remain accessible, the original ciphertext
can be archived without problem. Since occasional key changes
are inevitable (and required for security), the ability to
support access to ciphertext under old keys is a real advantage.
- Supports Automatic Key-Change:
Because Cloak2 supports "dated" alias entries, many different
keys can be programmed in advance for the same alias, to take
effect at future dates. This can make periodic key-changes
automatic and virtually painless.
- Supports Automatic Access using File Name and File
Date:
The Cloak2 advanced version supports a facility for developing
both the alias tag and the appropriate date from the name and
date of the selected file. (The alias tag is built from the
first contiguous sequence of alphabetic characters in the file
name; the date comes from the file date.) This means that many
different files under many different keys can be accessed
automatically during wildcard ciphering.
(The /f option.)
- Supports Automatic Access to Archived Ciphertext:
By storing ciphertext messages with their alias tag in their
filenames (along with a sequence number), both the alias and the
ciphering date can be recovered automatically. This allows a
user to avoid remembering dates and aliases for ciphertext, and
is especially useful for archiving messages under many aliases.
- Supports Central Key-Management:
Key-management is important to businesses which have a policy
that all business files be enciphered only under business keys.
Such a policy can be enforced by audits which attempt to
decipher business files using the standard business keys.
- Generates New Random Keys
The Cloak2 Advanced version supports a "generate" option, to
create an alias line with a random User Key, and then place that
line at the start of the closest alias file, as well as (under a
different key) in a specified file for transport.
(The /g option.)
- Supports Key Transport:
The "generate" option places both the new key and a "far-end
alias" in a "transport file" which is enciphered under a
"transport key." The key-transport file can be copied to floppy
and carried or mailed to the far end. Once the file arrives
safely, the transport key can be provided by a separate channel.
- Supports Multiple Alias Files:
Most Cloak2 versions support multiple alias files, searched for
in this order: environment variable CLOMGT, the current
directory, the parent directory, root, and root on drive C:
This allows each section of the directory tree to have its own
alias file. The alias file might be kept on a floppy which can
be personally retained.
- Cloak2 Batch Files:
Most Cloak2 versions also support Cloak2 batch files, which are
enciphered files in which each line is a Cloak2 command line.
This allows substantial processing operations to be
pre-programmed for production use.
(The /b option.)
- Non-Infringing
Cloak2 does not infringe any known patents. The Cloak design has
been in use for years without problems.
Detailed Operation
Two-Filename Mode
Two-filename mode ciphers from one file to another and the first
file is not modified. To start ciphering, just enter:
cloak2 FromFile ToFile /e
to encipher, or
cloak2 FromFile ToFile /d
to decipher.
FromFile and ToFile represent your own filenames.
The "from" or
"source" file must already exist; it is the file you wish to
protect. The "to" or "target" file will be the enciphered
version of the "from" file, and will replace any existing file
with the same name in the same directory. Both FromFile and
ToFile may be as simple as just a name (if the file is in the
current directory), or include a drive-letter and/or "path"
specification (to locate the file in some other subdirectory).
In two-filename mode, the original file is not modified at all.
This can be a safety-net to allow recovery in the event of
problems, but can also leave sensitive information on the disk.
As an alternative, Cloak2 has "one-filename mode":
One-Filename Mode
Another way to use the program is to enter:
cloak2 FileName /e
to encipher in the "one filename" mode, in which the result
overwrites the original file. One-filename mode can be more
secure than two-filename mode, because a plaintext copy is not
left behind unhidden. But it can also be more risky, since the
original file will be overwritten and destroyed.
ONE-FILENAME MODE CAN BE DANGEROUS! Because the original file
is normally overwritten, its contents will be destroyed and
cannot be recovered.
BE VERY CAREFUL WHEN USING ONE-FILENAME MODE. If a wrong User
Key is somehow entered in the same wrong way twice (trust me, it
happens), the program cannot know this, and -- unless the error can
be reproduced -- the data will have been lost.
Use an alias file if at all possible. An error in entering an
alias-file key will simply result in the desired alias not being
found, preventing ciphering and also preventing any change to
the FromFile.
CRC Error In One-Filename Deciphering
If the ciphertext file has been damaged, or the wrong key used
when deciphering, Cloak2 will report a CRC error and stop,
leaving the original data in the file described on the screen.
In one-filename mode, the original data will be in a temp file
(usually CLO$$$$$.TMP).
The program has no way to know whether the CRC error resulted
from something small like a data error at the end of the file,
or something large like the use of the wrong key. The user
should examine the deciphered data which is now stored in the
original file.
If the problem was the use of the wrong key (indicated by a
completely-random deciphered result), the user should copy the
ciphertext from the temp file back to the original file, and
decipher under the correct key. It is important to recover the
data in the temp file before it is destroyed by another
one-filename ciphering operation.
Secure Overwrite Depends on DOS
Although one-filename mode does indeed overwrite the actual disk
sectors of the original file in most cases, this depends upon
non-guaranteed characteristics of DOS which could depend on the
particular version of "DOS" actually used. (Presumably,
disk-cache programs could have an effect as well.) A user who
is worried about this should format a new floppy, copy one text
file to the floppy, encipher that file in one-filename mode, and
then use a low-level disk utility to check the disk for sectors
containing the original text. Normally there are no such
sectors. If there are, it may be necessary to use a disk "wipe"
utility to erase all unallocated sectors. Other alternatives
include enciphering on floppy disks (which can be bulk-erased to
remove all hidden plaintext), or restricting all plaintext files
to RAM disk or floppy disk. In some cases it may be necessary
to check hard-drive operations as well.
Put Temp Files on a RAM Disk
One-filename ciphering can operate faster (and be more secure)
if the intermediate file is on "RAM disk," and this can be
arranged (provided you have a RAM disk) by setting an
environment variable in AUTOEXEC.BAT:
set clotmp=[path and filename]
In my system, I use:
set clotmp=h:\clo$$$$$.tmp
because drive H: is a RAM disk on my system.
The User Key
When invoked without an alias command (such as /a or /f), the
program will ask you to enter a User Key, twice (so there is no
mistake), after which ciphering will occur. The User Key should
be long phrase (30 or more characters) which you will remember,
modified to be unlike anything in print.
Cloak2 Key Phrases
A Cloak2 key-phrase could be as long as 250 characters. Each
key-character can be an upper or lower case letter, a number, or
any 8-bit value not used for key-entry which DOS will report to
the program.
Some codes which may be a problem for DOS include:
^C abort
^N output to printer
^P terminal print-echo
^S suspend output
^X cancel
Note that ^C means "control-C."
Codes used by Cloak2 for key-entry include:
^[ Esc erase line / quit
^H BS erase last character
^J LF ignored
^M CR end-of-entry
^U alternate erase line / quit
Leading and trailing spaces are ignored in key phrases, but
internal spaces are significant.
Entering and Editing the User Key
As you enter your User Key it will not appear on the screen so
it cannot be seen and stolen. Instead, a sequence of numbers
will appear which are the last digit of the number of characters
you have entered. While entering your User Key, you may realize
that you made a mistake; if so, you can use the backspace key to
erase incorrect characters, or hit the Esc key once and start
over from the beginning of the line. (Ctrl-U can be used
instead of Esc.) Normally, the display digits will be removed,
but if your User Key is over about 55 characters, it will wrap
to the next line, and display digits will not be erased on a
previous line; backspace and Esc will edit the key properly,
however.
If you have forgotten the User Key and need to think, just hit
the Esc key twice to exit the program.
Some Key Phrase is Always Necessary
When using alias files, the actual User Keys can be random
character sequences (since they need not be typed-in or
remembered). In fact, the Advanced Cloak2 /generate option will
create random user keys. Still, the alias file itself will need
a remembered key, as will any Cloak2 batch file. Thus, there
will always be a need for some keys based on long,
rememberable-but-unlike-anything-in-print key phrases.
Alias Files
The ideal way to operate Cloak2 is to use the alias facility
available in most versions. An alias file is an enciphered file
which contains the keys for your various uses or contacts. For
example, when I want to encipher FileName to "frank" I type:
cloak2 FileName /e /a frank
The program then asks for the alias-file key, which need be
entered only once. (If the wrong key is given, the alias-tag
"frank" will not be found, and the program will stop without
damaging data.) So I need to remember only the one key for the
alias file, instead of Frank's (and Dave's and Bill's) current
secret key (whose actual keys should change routinely anyway).
Creating or Extending an Alias File
The user can create or extend an alias file using the /generate
option (in the Advanced version):
cloak2 /g
^
generate
This normally creates a 40-character random new User Key (unless
a specific new key is assigned by the user). The new key is
collected with a user-supplied alias tag plus a key-effective
date (the current date, unless otherwise specified by the user)
on a single text line. The resulting line is enciphered under
an "alias key" from the user, and placed at the start of the
closest alias file (if none is found, one is created in the
current directory). The same key is also collected with the
same date and a different alias tag (for use at the far end) and
then enciphered into a "transport file" under a "transport key"
from the user.
Dated Aliases
Alias entries include a "key-effective" date to specify when the
associated key was (or will be) placed in service. The various
alias lines in an alias file should be ordered by date, "future
first, past last." Cloak2 searches for the first occurrence of
an alias tag which is active as of the "current" date. The user
can set a particular "current" date from the command line (using
/m), thus having access to past (or even future) keys. Alias
files can be constructed months -- or even years -- in advance, making
key-updates painless and automatic.
The Closest Alias File
Cloak2 seeks an alias file by first checking for an environment
variable "clomgt," which it expects to contain the path to and
name of an alias file. If the environment variable is not
found, Cloak2 searches for a file named CLOAK2.MGT, first in the
current directory, then in the parent directory, then in the
root directory on the current drive, then in root on drive C.
This allows the user to have different alias files for different
areas of the directory tree structure.
We can use the DOS "set" command to establish the environment
variable:
set clomgt=[path and filename]
which will avoid the search, and allow any desired filename.
The user might place this command in AUTOEXEC.BAT, where it will
be executed automatically when DOS is started. In my system I
do not use the environment variable, but instead simply place
the working alias file in the root directory on drive C:, thus
making it available for use from any current directory. I also
have another alias file in my development directory for testing;
Cloak2 uses the testing alias file automatically when I make my
development directory "current" (using the DOS "cd" command).
The Transport File
The transport file (generally created when an alias key was
generated) must be transported to the far end. There, it
normally will be deciphered with the transport key and then
re-enciphered under that user's alias key. Then the far end
user will place the new alias line at the top of their alias
file, typically using the append mode of the DOS "copy" command.
(See the earlier section
"Simple Operation and Help.")
Alias File Format
An alias file is simply an enciphered text file of alias lines.
Each alias-file line should contain an "effective" date, an
alias "tag," and an associated secret key; each field separated
by one or more spaces:
2000-12-15 harry W+dhRbOnz5Ao4Iw07sSjcr5X/dLHm2u24elvx5h
1994-03-24 bob c7YIvxs8+pfTpk5X3Wqo8Rfs9GvTe1zMPZUmTkE
1993-12-15 fred EfLoU84fsrN5EwivDK6/6Fpl5qyKGmWEuoHM7Ll
Dates are in a form which supports easy sorting: yyyy-mm-dd.
Alias tags are single "words" with no internal spaces, do not
start with "/", and are not case-sensitive. The secret key
starts with the first non-space character after the tag, and
includes all characters through the end of the line (except
trailing space characters, which are deleted) just like a key
typed in on the keyboard. The secret key is case-sensitive and
may include internal spaces and any character-codes other than
CR or LF. (However, /g produces only the transportable
ciphertext characters so that any subsequent editing operations
will not have to deal with ASCII control codes or non-ASCII
codes). An alias file line cannot exceed about 250 characters
in length including, date, tag, secret key and spacing.
Editing Alias Files
Because an alias file is simply an enciphered text file, it may
also be edited, either to change alias tags, add new entries
which have a language phrase key, or to delete very old keys.
However, because an alias file contains perhaps the most
sensitive information of any file, effort should be made to
minimize overall exposure. For example, a new user-created
alias line could be enciphered alone, and then added at the top
of the existing alias file as ciphertext (using the DOS "copy"
command's binary append mode). In this way, the information in
the existing alias file need not be exposed at all.
Date Order Required
Alias files scanned for the first tag-match which is valid as of
the "current" date. Thus, alias files should have entries in
date order, "future first, past last." All alias lines should
have "yyyy-mm-dd" dates so that alias files can be sorted
automatically using the DOS "sort" command on the deciphered
alias file. (For security reasons, this sort of processing
should be done on a RAM disk and the alias-file plaintext should
never be displayed on a CRT.)
Cloak2 Batch Mode
Batch Mechanism
For installations which wish to automate operations, Cloak2
includes a batch mode. A Cloak2 batch file is an enciphered
file of Cloak2 command lines. The batch mechanism simply
obtains the next text line from such a file, and feeds that line
to the normal Cloak2 system. As much as possible, Cloak2
processing will look and work exactly the same when processing a
true command line, or a command line from a Cloak2 batch file.
The Differences
There are a couple of differences in batch mode: First, the /batch
option is not recognized in batch files -- it is only used to start
batch operations. Next, the /key option is ONLY valid in a batch
file. A leading colon (:) on a Cloak2 batch line indicates a
comment. Neither blank lines nor comments are executed, nor are
they counted as commands.
Explicit Keys
The /key option (which is only valid at the end of a Cloak2
batch line) allows batch commands to use alias files (which are
enciphered) without separate key entry. Of course, the key for
the batch file which starts everything off will have to be
entered manually, but only that key, and only once.
Errors Stop the Show
When an error occurs during batch processing, the line-in-error
is displayed (with any /key option overwritten) and processing
halts, to limit any possible damage to other files. Cloak2
returns an error-count through the DOS "process return code"
which supports special-case processing in DOS batch files.
Other Cloak2 Features
Append Mode
Because Cloak2 has a ciphertext block structure, it is
reasonable to have multiple ciphertext blocks (each enciphered
under the same key) in one file. One way to build such a file
is to use the Cloak2 "append" mode: A wildcard FromFile
expression, with a non-wildcard single file as the ToFile. This
can encipher multiple files and collect the ciphertext in a
single file; each block will be a stand-alone ciphertext
segment, with its own CRC. (All ciphertext blocks in such a
file will be deciphered into the same plaintext file.)
Similar results can be obtained with an explicit list of files
separated by "the append operator" or "+" in FromFile only (no
spaces are allowed around the +):
cloak2 bob1.txt+john.txt *.clo /e
Alternately, the user might use the binary append mode of the
DOS "copy" command to collect separately enciphered files.
When deciphering, CRC results are announced for each block with
"." for OK, and "*" for BAD, but processing will continue until
the file has been completely processed.
Wildcard File Specification
Most versions of Cloak2 support "wildcard" file specifications,
such as:
cloak2 *.txt /e
This command scans the current directory for all files which
have a file type field of ".TXT" and enciphers each under the
same key in one-filename mode.
Directory-Tree Scanning
Most versions of Cloak2 also supports "directory-tree"
operations which scan the current directory -- and all lower
sub-directories -- for a match, as in:
cloak2 *.txt /e /t
This command scans the current directory -- and all subdirectories
of the current directory -- for files which have a file type of
".TXT" and enciphers each match under the same key in
one-filename mode.
Note that TREE MODE CAN BE DANGEROUS! "Tree mode" can encipher
a lot of files, and could cause a lot of trouble if you make a
mistake with the key, or encipher instead of deciphering.
Normally, it is important to first use "no-operation" mode, like
this:
cloak2 *.txt /t /n
which will do the same scan, and display all file matches, but
change nothing.
Wildcard operations also support append mode, in which there is
a wildcard FromFile specification, but a ToFile without a
wildcard. This accumulates the result of ciphering operations
in a single file, and can be helpful in maintaining enciphered
archives.
Append Operator (+)
Results somewhat similar to wildcard scanning can be obtained by
using "the append operator" or "+". This is used to separate a
list of files in a FromFile specification; no spaces are
allowed, and ToFile must exist and not have a wildcard:
cloak2 bob1.txt+john.txt res.clo /e
Sequence Operator (,)
Cloak2 also has a "sequence operator" or "," to separate a list
of files in a FromFile specification. No spaces are allowed,
and if ToFile exists, it must have a wildcard. This operator
allows filenames which are textually unrelated to be operated on
in fast sequence with a single key-entry.
cloak2 bob1.txt,john.txt *.clo /e
Z-Mode
Some text editors place a control-Z character at the end of a
DOS text file; the DOS "type" utility and some text editors will
interpret this as the end of the file. When such files are
collected into a single ciphertext file, and then deciphered,
the control-Z at the end of the text in the first block could
hide subsequent blocks and text. Consequently, the /z option
was introduced to delete the last character of a deciphered
block, if (and only if) that character is a control-Z, thus
allowing subsequent text to remain visible.
Cipher Technical Overview
Stream Cipher
Cloak2 is a secret-key stream cipher with message keys and
nonlinear Dynamic Substitution data combining. Like most stream
ciphers, Cloak2 consists of a confusion or random number
generator (RNG) subsystem, and a confusion-and-data combining
subsystem. Like most message key ciphers, a message key value
is enciphered separately and placed in the ciphertext. The
deciphered message key then initializes the confusion sequence
RNG and, in Cloak2, the combiner tables.
Message Keys
Each Cloak2 block carries a 992-bit message key in enciphered
form.
Message Key Cipher
Cloak2 converts a User Key phrase of arbitrary length into the
internal state of a 992-bit degree-31 Additive random number
generator (RNG) used to produce a pseudo-random sequence. This
(linear) sequence is made nonlinear by deleting random amounts
of data from the sequence at random times. The resulting
nonlinear sequence is used to fill a degree-127 nonlinear RNG,
which fills a degree-607 nonlinear RNG. This is used to produce
a cipher value used to hide or reveal a random 992-bit message
key by exclusive-OR.
Message Key RNG
Random 992-bit message keys are produced by a separate
degree-607 nonlinear RNG. The state in this RNG is expanded
from a 992-bit "unknowable" value. The unknowable value
includes DOS precision timing values, key-entry values, and
exclusive-ORed RNG tables.
Message Key Becomes Main RNG
The plaintext 992-bit message key is expanded into a degree-9689
nonlinear RNG by a sequence of intermediate RNG's. The
resulting nonlinear sequence is first used to shuffle the
combiner tables, and then combined with data in a patented
Dynamic Substitution combiner.
Multiple-Level Combiner
The first-level combiner is a 256-byte Dynamic Substitution
table. The second-level combiner is a selection from among 16
similar combiners. Attempts to work out the content of the
combiners are complicated by the fact that different combiners
are used at pseudo-random.
Nonlinear Combining
Because the Cloak2 design uses a unique nonlinear data combiner,
the usual "known plaintext" attack (which is devastating on the
normal stream cipher) cannot work.
A detailed design document and security analysis is also
available.
One-Filename Detailed Operation
Ciphering Through a Temp File
Cloak2 supports one-filename ciphering, in which the result
overwrites the original file. This is done by first enciphering
or copying to a "temp" or intermediate file normally named
CLO$$$$$.TMP (or .TMQ).
Temp Ciphering is Strange
For best security, any ciphering file should only contain
ciphertext. Consequently, enciphering occurs from the original
file to the intermediate, which is then copied back to and over
the original. In contrast, deciphering must first copy the
ciphertext to the intermediate file, and then decipher from the
intermediate to and over the original. This operational
difference can cause some confusion, but is necessary to
maintain security.
Ciphertext Can Be Safely Deleted
Barring user error, the temp file is always ciphertext, and is
simply deleted after use. The temp file is almost the only file
which Cloak2 writes other than the indicated output file. (The
Advanced Cloak2 /generate option will write a new transport
file, and will add data to an alias file.) Cloak2 does not
manipulate the file-access table (FAT) or any other low-level
part of the disk system or DOS.
File Overwrites
Note that overwriting a file is not the same as first "deleting"
a file and then creating a new file. The difference is in the
storage allocation: A deleted file releases its allocated store
(which still contains the original data), and a new file
probably would not be assigned that same store. This means that
some or all of the original data would remain on the disk,
unhidden. On the other hand, when a file is overwritten, there
is no need for the operating system to release the current store
or re-allocate new store; it need only overwrite the existing
store, and this appears to be what DOS does. Of course, DOS
does not guarantee to do this, but it does not claim to not do
this, either. The wary user might choose to use low-level disk
programs to investigate what actually happens on his or her
local system, or alternately use a RAM disk or a floppy (which
could and should be bulk-erased) to store any and all plaintext
files.
Scrambling For Secure Deletes
In most cases, one-filename mode will overwrite the actual
storage sectors used for the original file. When enciphered, a
file expands, so all the previous sectors will be used, and
more. Thus, one way to support a secure "delete" function is to
first encipher a file in one-filename mode -- thus "scrambling" the
data -- and then do a normal DOS "delete."
Sample Commands
On the DOS command line, each command is preceded by the name of
the program; in Cloak2 batch files, the command stands alone.
One-Filename Simple Ciphering
test.tmp /e
test.tmp /d
Encipher the plaintext from file TEST.TMP and place the
ciphertext back in TEST.TMP, or Decipher the ciphertext in
TEST.TMP and place the plaintext back in TEST.TMP. Encipher
overwrites the original plaintext with the resulting ciphertext,
but risks losing the file data if a mistaken key is entered,
twice, in the same wrong way.
Two-Filename Simple Ciphering
test.tmp test.clo /encipher
test.clo test.res /decipher
Encipher the plaintext from file TEST.TMP and place the
ciphertext in TEST.CLO, or decipher TEST.CLO and place the
plaintext in TEST.RES. Two-filename ciphering does not
overwrite the original file, and thus does not hide plaintext
when enciphering, but also does not destroy a potentially-useful
file.
One-Filename Alias Ciphering
test.tmp /e /a fred
test.tmp /d /a fred
The closest alias file (typically CLOAK2.MGT) is deciphered in
memory, and each plaintext text line is searched for alias-tag
"fred". When found, the last part of that line becomes the User
Key for data ciphering. Encipher overwrites dangerous
plaintext, the alias file avoids the consequences of entering a
mistaken key, and the alias key need be entered only once.
Two-Filename Alias Ciphering
test.tmp test.clo /encipher /alias fred
test.clo test.res /decipher /alias fred
Using an alias implies a single key entry. Generally avoids the
effects of mistakes. My favorit mode.
One-Filename Alias Wildcard Ciphering
*.tmp /e /a fred
*.tmp /d /a fred
The DOS wildcard "*.tmp" matches (and ciphers) any file of any
name which has a type field of ".TMP" in the current directory.
One-Filename Alias Wildcard Ciphering And Directory-Tree
Scanning
*.tmp /encipher /alias fred /tree
*.tmp /decipher /alias fred /tree
Here, "*.tmp" matches (and then ciphers) any file of any name
which has a type field of ".TMP" in the current directory and
all subdirectories of the current directory. USE WITH CAUTION,
since distant, forgotten files may match the scanning pattern
and be mistakenly enciphered. (See below.)
No ciphering, just a file-match display.
*.tmp /n /t
Show the effect of a directory scan (or just a wildcard scan)
before committing to ciphering.
Two-Filename Alias Wildcard Ciphering And Directory-Tree
Subdirectory Scanning
*.tmp *.clo /e /a fred /t
*.clo *.res /d /a fred /t
The FromFile wildcard is used to scan the directories for
matching files; the ToFile wildcard represents the characters
found in any match. Note that the result files are created in
the ToFile directory (here the current directory), and not in
the FromFile directory (which will change, as the subdirectories
are scanned).
Two-Filename Alias Wildcard Ciphering with Specific ToFile:
"Append Mode"
*.tmp archive.clo /e /a fred
*.clo result.txt /d /a fred
When enciphering, each plaintext FromFile will produce a
separate ciphertext block, and all the blocks will be
accumulated in the single file ARCHIVE.CLO. All cipher blocks
in that file can then be deciphered into a single accumulated
plaintext file in one operation. When deciphering, each
ciphertext FromFile will produce plaintext which is accumulated
in the single file RESULT.TXT.
One-Filename File-Alias Ciphering
fred1.txt /e /f
fred1.txt /d /f
Develops alias tag "fred" from the first contiguous alphabetic
characters of the file name and the current date (when
enciphering) or the file date (when deciphering). A filename
can include the alias tag, the file date can be the enciphering
date, so the user need not remember the alias or think about key
changes which may have occurred since the original ciphering.
One-Filename File-Alias Wildcard Ciphering
fred*.* /encipher /filealias
fred*.* /decipher /filealias
Develops alias tag from the first contiguous alphabetic
characters of each matching filename. The example uses alias
tag "fred" with the current date (when enciphering) or the file
date (when deciphering). Potentially uses a different key for
every file ciphered. Assuming the desired alias is "fred", each
match-file name (files which match FRED????.???) must not have a
letter after the "D".
One-Filename File-Alias Wildcard Ciphering w/ Forced
Alias
fred*.* /e /f /a fred
fred*.* /d /f /a fred
The alias is forced to be "fred" independent of the file names.
Uses the current date (when enciphering) or the match-file date
(when deciphering).
One-Filename File-Alias Wildcard Ciphering w/ Forced Date
fred*.* /e /f /m 93-11-25
fred*.* /d /f /m 11/25/93
Uses the filename from any file match to form the alias search
tag. The alias-search date is forced to be 11/25/93 independent
of the current date or file date. Note that there are two date
formats, signalled by the first separator (- or /). In either
case, the year can be full (1993 or 2001) or abbreviated (93 or
1).
One-Filename File-Alias Wildcard Ciphering w/ Forced
Current Date
fred*.* /encipher /filedate /msgdate 0
fred*.* /decipher /filedate /msgdate 0
The alias date is forced to be the current DOS date, independent
of the file dates. Uses the match-file name to form the alias
tag.
Cloak2 and Business
Ciphers and Keys
The Key-Distribution Problem
Cloak2 is a secret-key cipher, and this is no problem at all
when protecting local files, or creating off-site archives. But
a secret-key cipher can be a problem for communications: Users
at each end must somehow acquire the same secret key with
absolute security. This is "the key-distribution problem" that
many people think public-key technology has solved. But -- much to
their surprise -- public-key ciphers require an ADDITIONAL
cryptographic protocol which secret-key ciphers do not.
Public-key ciphers must "authenticate" (also "certify," or
"validate") each public key a user acquires. Failure to
validate public keys can result in exposure of the ciphered
information WITHOUT any need to break the cipher proper. This
is a complication and weakness which secret-key ciphers just do
not have.
Straightforward Secrecy
Granted, Cloak2 communications users must somehow transfer
secret keys, and then keep those keys secret, but this is an
obvious, straightforward requirement, just like house keys and
car keys. Cloak2 keys can be delivered when users meet, or
transported by mail or express delivery services or with
traveling friends or employees. Once keys are set up, there is
no ambiguity about the Cloak2 cipher being exposed due to
protocol error. Because Cloak2 uses no complex protocols, any
"Opponent" must technically attack and break the cipher itself
(or steal the key) to read the protected data. Normally, a
technical attack on ciphertext is extremely complex, lengthy,
and expensive, and so is perhaps the least likely way for
someone to gain access to hidden information.
Key Management
Cloak2 uses alias files: enciphered files which hold secret
keys. The user only need remember the one secret key phrase for
the alias file itself, and then the keys in that file can be
selected with a non-secret "nickname" or alias tag. Keys which
exist only in enciphered files are very difficult to steal. As
in any cipher system, it is important to use a long, strange key
for the alias file key phrase (pass phrase), and to protect that
key and change it when it may have been compromised.
Keys for Transport
Advanced Cloak2 can generate a random key for any alias. One
copy is placed in the current alias file, and another in a
separate file -- enciphered under a different key -- for transport.
The transport key can be sent by a different channel to improve
transport security. The resulting transported key can be added
to a user's alias file without editing or on-screen exposure.
Corporate users need only register their alias-file keys with
the corporate key-generation facility to be provided with alias
files they can use.
Business Cipher Management
Fear of Loss
One big issue for business cryptography include the possibility
that employees could damage or hide data, or that they may
forget keys or hold them ransom. It is important, though, to
separate the aspects which cryptography really affects.
Employees can damage or hide data without cryptography.
Presumably business managers could feel that they take less risk
by empowering their own people than they would by leaving their
communications open to everyone.
Compartmental Access
Each member of a group working on a particular project can be
given the same "project key." As people leave the project,
members can simply add a new project key to their alias files,
and continue with business as usual, using exactly the same
alias they previously used. This helps to minimize the impact
of security management on innovative people.
Business Keys for Business Data
Many businesses may want to institute a policy that employees
may use only business keys on business data. With Cloak2,
businesses can establish alias files for various departments (or
users), and by using dated aliases, provide automatic,
company-wide, virtually-painless key-updates. Such an alias
file is easily extended and distributed without havoc.
Key Audits
To ensure compliance with a policy of using only corporate keys
for corporate files, key audits of corporate files are possible,
simply by trying the approved keys on enciphered files. The
validity of the key is indicated by the resulting CRC. Finding
enciphered files which fail such an audit would be a warning
sign to any reasonable business.
Corporate Archives
To the extent that employees can create and modify files, they
can damage files in all sorts of ways that do not require
cryptography. (Indeed, the major problem may be accidental
damage.) If this is an issue, a corporate archive may be needed
to maintain fair copies of important files, and the need for
this may well be completely independent of the use of
cryptography. But corporate cryptographic archives could
function simply by retaining a duplicate of every corporate
email transmission, as long as everyone uses corporate keys.
Cloak2 Batch Files
Enciphered Cloak2 batch files can include explicit keys. Thus,
Cloak2 batch files could be used to limit and simplify user
options, or provide special circumstance features for particular
projects or users.
Secure Message Archives
If everyone used the same key, and that key never changed, there
would be no problem archiving ciphertext. But in a secure
environment there will be many different keys, and those keys
will change periodically (or when employees leave), making
access to the archives a serious problem.
One possible approach is to immediately decipher every received
message to plaintext, and simply append that onto an existing
plaintext file. While fairly efficient, this would be less
secure than we would like.
Another approach would be to decipher a received message, then
decipher the archive file, add the received message to the end
of the deciphered archive file, and re-encipher that file under
the archive key. This could be secure, but very inefficient.
Multi-Block Ciphertext Files
Cloak2 directly supports files containing multiple enciphered
blocks. This allows ciphertext from a single user (under a
single key) to be accumulated in an archive simply by appending
each new ciphertext message to the end of the existing archive
file. This approach is efficient and secure, and the appending
could be made automatic. Although it probably implies a new
archive file for each user and key, this might be a good way to
organize the archives anyway.
File-Alias Mode
Cloak2 also supports a /filealias mode which develops an alias
tag and date from the name and date of each selected file.
Thus, another alternative is to institute a policy of naming
incoming ciphertext files with the appropriate alias, plus a
sequence number. Those files could then be accessed
automatically because the alias and date could be developed from
the file name and date, even for many different aliases and many
different keys over long periods of time. This is efficient and
secure, and the appropriate message naming could be made
automatic.
Cloak2 the Product
Limits of Ciphering
No cipher, by itself, can possibly be considered a complete
solution to data security. The simple use of any cipher program
may not seal all information leaks.
Ciphers can only hide information which is otherwise secret
If someone can read, bribe, coerce, break-in and copy, bug,
remotely monitor, or in some other way get the information, no
cipher can help. And when a direct technical attack on a cipher
is more expensive than an alternate way to get the information,
the cipher is probably tough enough. Cloak2 is intended to be a
very strong cipher, but to make full use of this strength, the
user will need extensive physical security and a special
low-emission computer.
Speed vs. Strength
Any software cipher must inherently trade off speed for
strength. Cloak2 is relatively fast with strength far beyond
the usual cipher, because it uses better technology. Even in
extraordinary user environments (that is, with guards, internal
secure areas, and a security staff to handle external coercion),
it should be cheaper to obtain almost any information in some
way other than a direct technical attack on Cloak2 ciphertext.
Use Long Key Phrases
The user who is concerned about strength will have User Key
phrases at least 30 characters long, modified with unusual
spacing, capitalization, and numbers and symbols to be very
unlike anything ever before placed in print. The /generate
option will create random keys which can be transferred on
floppy disk and then used in an alias file; they need not be
remembered. Of course, the key to the alias file itself must
still be remembered. No matter what cipher is used, all
cryptographic security ultimately relies on the hope that one or
more secret keys is still a secret.
Never Write Down a Key
Cloak2 alias files can reduce the number of keys to be
remembered to one. Nevertheless, at least one User Key (the
password to the alias file) must be remembered, for if it is
written down, the surface it is written on must be kept secure.
It is far easier to have one memorable key phrase for the alias
file than to keep some surface secure.
Transporting Secret Keys
Transporting keys is not required unless the enciphered files
are to be sent by electronic communication. In that case, the
best way to deliver a new key is to hand a person a disk. Many
businesses support frequent travel between corporate offices,
and new secret keys could easily be hand-carried on such trips.
Ordinary mail is another possibility, as are express mail or
delivery services. Ideally, key-change mail would be dropped in
a public mailbox and sent to a pre-arranged neighbor of the
intended recipient, thus hopefully avoiding any mail
interception. Anything which constitutes a "separate channel"
will frustrate any Opponent who does not maintain massive
continuous monitoring of that particular channel. And any
Opponent with that level of resources has many other
alternatives.
Add Received Keys Securely
Note that it is possible to add the new key to an alias file
without ever showing the key on the display; see
"Installing a Transported
Key-Alias."
Moreover, Cloak2 supports adding keys to an alias file
without deciphering either the transport file
or the alias file (and thus exposing the keys inside).
This is done by converting the transported entry to the alias
key, and appending the new entry to the start of the alias file.
Caution
Cloak2 is a serious cipher: It is specifically designed to
convert data into a form which is useless without knowledge of
the secret key used in encryption. It uses a large internal
key, and there is no "backdoor." If you forget your secret key,
you will lose the ability to expose the data enciphered with
that key. If you allow this to happen, nobody will be able to
recover the data for you.
Archiving arbitrary enciphered files risks data loss as keys
fade from use and memory. If you are concerned about potential
key loss, name the files for use with the Cloak2 /filealias
option and maintain some alias files with all the old keys.
Alternately, keep backups under a common key, or in plaintext
form in a secure location. Companies should be aware of the
need to keep valid keys to any work files employees may
generate. It may be reasonable to demand that corporate files
only use corporate keys, and audit files periodically to assure
that this is being done. Again, without the correct secret
key, nobody can recover data from the ciphertext.
Licensing
The Cloak2 program is protected both by copyright and patent law.
Evaluation
Cloak2 is available in a Commercial Demo version for evaluation.
Individuals may evaluate the demo until they choose to license
Cloak2. Commercial entities are normally limited to a 30 day
free evaluation, and should evaluate the Advanced version
anyway.
Commercial Program
Cloak2 is a commercial cipher. Everyone who uses Cloak2 must be
either "evaluating" or "licensed." However, the program does
not attempt to enforce licensing, but instead simply states that
a licensing fee is required. Licensed users should be aware
that the announcement is displayed so that, if and when the
program is used by others, or even just observed in operation,
the licensing requirement is made plain.
Licensed Per User
Individual licensing is $149 per user. (A "user" is any
originator and/or recipient of text or data enciphered by the
Cloak2 cipher. It is not acceptable to buy one Cloak2 license
and process messages for an entire group.) Quantity rates are
available, and various sorts of group or site licenses can be
negotiated.
Commercial Demo May be Distributed Freely
Cloak2 users can communicate with anyone they wish, simply by
sending out the demo. They should be sure to include
documentation so the new evaluator will know how to use the
program.
Not for Export
Cloak2 is a serious commercial cipher, and is unlikely to be
approved for export. Currently, anyone who "exports" such a
cipher may be in violation of federal law. To avoid placing
bulletin-board operators in an awkward position, users are asked
to not place any version of Cloak2 on any open BBS. The Cloak2
commercial demo can be given to friends and others in the U.S.,
but they should understand that if they "export" the program
they may violate U.S. law.
International Travel
In the past, international travelers have wondered whether they
should remove commercially-available cipher programs from their
portable computers when they travel. According to a recent
State Department release, that is no longer necessary:
Statement of
Dr. Martha Harris
Deputy Assistant Secretary of State for Political-Military
Affairs
February 4, 1994
Encryption -- Export Control Reform
[...]
* Personal use exemption: We will no longer require that U.S.
citizens obtain an export license prior to taking encryption
products out of the U.S. temporarily for their own personal use.
In the past, this requirement caused delays and inconvenience
for business travellers.
[...]
The contact point for further information on these reforms is
Rose Biancaniello, Office of Defense Trade Controls, Bureau of
Political-Military Affairs, Department of State, (703) 875-6644.
Disclaimer
RSE takes pride in cryptographic innovation and the design and
implementation of this program. We will repair any problems in
the program which we find to be our error for the first year
after licensing.
It is up to each licensee or user to check this product in their
own particular environment and not rely upon the product until
fully satisfied that it is suitable for use.
License for use of this program is conditional upon agreement
that neither RSE nor the author are liable for consequential
damage, and that our ultimate liability will in no case exceed
the license fees actually paid by the licensee involved.
Author, Company, Publications
Author's Background
The author is a registered Professional Engineer, in another
life one of the architects of the MC6809 processor, and has been
researching, publishing, inventing and applying cryptography
full-time for over half a decade. He has been writing computer
programs for almost thirty years and working in the 80x86 DOS
assembly-language environment for the past decade.
Ritter Software Engineering
One of the reasons for producing Cloak2 is to demonstrate and
advertise our role as a provider of new, innovative
cryptographic technology. Ritter Software Engineering -- a
government-registered manufacturer of cryptographic
armaments -- has developed a number of innovative software
cipher-engines which cover a range of speed, strength, and
special-use situations. These cipher engines are designed for
"drop-in" inclusion in user software like editors and
spreadsheets. The especially high-speed designs would be
appropriate for system software such as disk-controllers and LAN
servers.
References
[1] Ritter, T. 1990. Substitution Cipher with Pseudo-Random
Shuffling: The Dynamic Substitution Combiner. Cryptologia.
14(4): 289-303.
[2] Ritter, T. 1990. Dynamic Substitution Combiner and
Extractor. U.S. Patent 4,979,832.
[3] Ritter, T. 1991. The Efficient Generation of Cryptographic
Confusion Sequences. Cryptologia. 15(2): 81-139. 213 refs.
Terry Ritter, his
current address, and his
top page.
Last updated: 1995-12-14