The Penknife Cipher User's Manual
File Encryption and Key Management
for Electronic Mail
Terry Ritter, P.E.
Ritter Software Engineering
2609 Choctaw Trail
Austin, TX 78745
(512) 892-0494
Copyright 1993 - 1995 Ritter Software
Engineering
Protected by U.S. Patent 4,979,832
Introduction
Penknife is a serious stream cipher for e-mail based on Dynamic
Substitution technology. Penknife will encipher any file of any
type into a file of text lines, and will decipher that ciphertext
into a file which is byte-by-byte the same as the original.
Penknife is currently implemented as a DOS program with an
internal command line which works well under Microsoft Windows.
Penknife users normally select a hidden random key from an alias
file of such keys (the alias file might be provided by the local
corporation). A particular key is selected by an associated alias
tag which need not be secret. This allows the hidden keys to
change (e.g., as employees leave), while the user continues to use
the exact same alias.
Penknife is a "conventional" or "Secret Key" cipher, and is
ideal for secure local storage or secure communication within a
corporation. Although "Public Key" ciphers are often suggested
as an alternative, for true security, they require that received
keys be certified. When this poorly-understood step can
be ignored by users, supposedly secret information can be exposed
to outsiders. This sort of problem does not occur in a Secret Key
cipher.
Contents
Start Up
Overview
What Is Penknife?
- Penknife is an easy-to-use data security program for MS-DOS
which works well under Microsoft Windows. Penknife protects the
information in a file from unauthorized viewing. Protected
files can be sent by electronic mail, archived off-site, or just
saved locally, hiding the information in those files from
irresponsible individuals.
What Does Penknife Do?
- Penknife translates (enciphers) files of any sort (word
processing files, spreadsheets, programs, graphics, compressed
archive files, etc.) into lines of confused-looking text
characters. This "ciphertext" contains all of the original
information, but keeps it hidden. Unlike many other encryption
products, Penknife's ciphertext is real text, and can be handled
like ordinary text: Penknife ciphertext can be sent as
electronic mail, included in a document, viewed, or even edited.
The original file is recovered by "deciphering" the ciphertext
file under the correct key.
How Does Penknife Do It?
- Penknife uses new, patented Dynamic Substitution technology to
implement an especially fast and strong cipher. A user-selected
Key Phrase defines the enciphering transformation, and EXACTLY
THE SAME KEY PHRASE MUST BE USED TO RECOVER THE ORIGINAL FILE.
Penknife has unique key-management facilities to make this easy.
When deciphering, Penknife translates the ciphertext back into
exactly the same data as in the original file -- provided the
deciphering key phrase is exactly correct. A CRC error-check
warns if an incorrect key phrase was used or if the ciphertext
file was damaged or tampered with.
Who Should Use Penknife?
- Penknife is great for those who want practical privacy for their
electronic mail. Most electronic mail has no protection at all,
and any number of people can read or even modify it in transit.
Penknife makes surreptitious viewing or alteration virtually
impossible. Penknife can also be used to protect off-site
archives from inappropriate access, provide local privacy, or
just to send large files through the Internet with strong
error-checking.
Penknife's key-management facilities make enciphering quick
and easy for individuals, and allow companies to institute a
corporate-wide key management and control policy. A key policy
is important, because employers need access to business
information which their employees generate.
Everyone who saves enciphered messages and files will appreciate
Penknife's support for archived messages enciphered under old
keys.
What Do I Need To Use Penknife?
- Penknife runs on any system which runs MS-DOS programs, from old
8088 systems through modern Pentium systems, including lap-tops,
hand-held DOS computers and even emulated DOS on Unix and other
systems. While Penknife's assembly- language code is optimized
for modern processors, it is also very efficient on older
machines. Unlike many other encryption products, Penknife does
not require a numeric co-processor.
The Penknife Versions
Currently, there are four different versions of Penknife:
Advanced (the usual choice), Commercial Demo (for evaluation),
Decipher-Only (for CD-ROM protection), and Corporate (which
limits use to specific keys). Each version has a particular
combination of features; only the Advanced version has all
Penknife features.
Advanced
- The Advanced version of Penknife (typically PENADV.EXE) includes
all features.
Commercial Demo
- The Commercial Demo (typically PENDEMO.EXE) provides basic
cipher capabilities in a small package. The commercial demo
does not include alias files (/a, /f), batch files (/b, /k),
key-generation (/g), wildcard support, or tree-mode (/t) mass
ciphering. However, the Commercial Demo (and all documentation)
can be sent -- without obligation -- to anyone with whom
you would like to communicate.
Individuals can use the demo version until they decide to
license the Advanced version. Businesses normally have a 30-day
demo evaluation period, but would be better off to contact us for
an Advanced demo with more of the features they will need.
Decipher-Only
- The Decipher-Only version (typically PENDEC.EXE) has most
features, but does not have routines for enciphering (/e) or
key-generation (/g). The enciphering routines are physically
not present anywhere in the program. This means that -- in
certain cases -- the Penknife Decipher-Only version might be
exportable.
Corporate
- The Corporate version (typically PENCORP.EXE) has most features,
but is intended to limit ciphering to only approved keys, and has
no key-generation (/g) of its own. This of course means that some
entity must produce and distribute alias files containing the
approved keys. This gives corporations the ability to define the
keys which will be used on corporate data.
Users of the Corporate version can cipher data only using the
keys present in their alias file. These users cannot cipher data
with a key entered from the keyboard, and so must use an
alias option (/a or /f).
Corporate version users have no automatic way to make a new
alias file. They also normally cannot decipher the alias file, and
cannot encipher a new alias file under the alias key. This provides
improved corporate control over secret keys.
Installation
All Penknife versions are DOS programs which include internal
on-line help panels and a command-line editing facility (for use
in Microsoft Windows). Each program is a single file: No
separate DLL's or help files are used.
DOS installation
- The version of Penknife you have (or want to use) should be
copied to some directory listed in your command "path." (To see
your current path under DOS, just type "set" -- plus enter -- and
look for "PATH.") This will allow the program to be found, loaded
into memory and executed. The examples generally assume you
have Advanced Penknife, and have renamed the file as PENKNIFE.
Microsoft Windows Installation
- A Microsoft Windows installation requires that the version of
Penknife you want to use be copied into a convenient directory,
perhaps one you normally use for e-mail. The PENKNIFE.PIF file
should be copied to the same directory.
Use Program Manager to open the Accessories group and use
File, New
to create a new Program Item. Enter the
Description "Penknife Cipher" and set
Command Line as the full path to the program
(e.g., "c:\pen\penknife.exe). Set
Working Directory to where you want files without
full paths to end up (e.g., "c:\pen). (Eventually, you may
put your alias file in the Working Directory.) Enter "p" for
Shortcut Key (which becomes Ctrl+Alt+P), and check
Run Minimized. Use Change Icon and select the
pocketknife icon, if desired.
After setup, Penknife can be started by double-clicking on the
selected icon in Accessories, and then activated when desired
with Ctrl-Alt-P, or Ctrl-Esc and Switch To. Or use
File Manager and double-click on the Penknife program-file.
Or use Program Manager File, Run.
What to Expect
- When started, Penknife immediately displays an identification
screen. Execution without a parameter starts-up the interaction
menu, which can open the help system. If a parameter is found
but the source (FromFile) is not found, Penknife will stop
with an error; otherwise Penknife will request a key, then display
the FromFile and the destination (ToFile) as ciphering
starts. On a 25 MHz 386, a 30K file should finish in a couple of
seconds.
Simple Operation and Help
Help
Execution without a parameter:
penknife
will bring up an interaction menu. One option is "Help," and
almost all the information needed to run Penknife is available
in the help system. Another option is "Enter new command line
parameters," which allows Penknife to be used interactively.
(Since the program is already running, do not use a "program
name" like "penknife" on the interactive command line!)
Simple Enciphering
Basically,
penknife readme.txt readme.pen /e
^ ^ ^ ^
| | | |
program name input file output file option
enciphers the file README.TXT into a new file README.PEN after
the program asks the operator to enter a User Key twice. The
resulting file can then be sent as a secure e-mail message.
(Not available in the Decipher-Only version, and the Corporate
version will require an alias; see
Using a Key-Alias.)
Simple Deciphering
Similarly,
penknife readme.pen readme.res /d
^ ^ ^ ^
| | | |
program name input file output file option
deciphers the enciphered file README.PEN into the file
README.RES. It is normally unnecessary to "clean up" received
messages; almost any e-mail header or signature or other text in
the enciphered file is skipped automatically in the decipher
process. (The Corporate version will require an alias.)
Sending Large Files by E-mail
For transmission on the Internet, a large file can be broken
into a sequence of smaller ciphertext files automatically using
the /L option:
penknife big.txt enc.001 /l /e
^ ^ ^ ^ encipher
| | |
large file to | limit output file size
encipher |
first ciphertext file
This will generate a sequence of enciphered files named ENC.001,
ENC.002, ENC.003, etc. until done. The user should send each of
the resulting files as a separate message, and include the
sequence number of the file in the subject line. (For the
Advanced version, and the Corporate version will require an
alias.)
Recovering Large Files from E-mail
If you receive a multi-message file, it is easy to accumulate
and decipher the messages to get the original file using the
append operator:
penknife enc.001+enc.002+enc.003 big.txt /d
^ ^ ^ ^ ^ decipher
| | | ... |
first msg append second msg result
The headers and signatures in each of the messages generally DO
NOT have to be removed. There can be no spaces around the "+"
append operator. (The Corporate version will require a proper
alias.)
Alternately, the messages may be appended as ciphertext (using
a text editor or the DOS "copy" command's append mode), and then
deciphered as a single large file. Or the individual messages
could be deciphered separately and then appended as plaintext.
Creating a Key-Alias
Users of Advanced Penknife should create a file which holds user
keys under cipher, so the user need remember only the one key
(or pass-phrase) for the key file. We call this an
alias file, and it can
be created or extended by using the /generate option (Advanced
version only):
penknife /g
^
generate
The /generate option starts an interactive system to define an
alias entry (effective date, alias tag and key), encipher it
(the user enters the alias key), and place it at the top of an
alias file. If the user does not enter a specific key for the
alias entry, a random key will be created.
In addition, the same key can be given a different alias tag
(perhaps your own e-mail name) and placed in another file (under
another key) for secure transport. The transport key will be
installed at the far end, and the different alias tag will be
used there to refer to the key used to communicate with you.
Normally, each alias tag will in some way refer to the person or
entity at the other end.
Ideally, the transport file would be copied to a floppy disk,
carried to the far end, and the transport key delivered by
separate channel (for example, by postal mail or phone).
Installing a Transported Key-Alias
When an Advanced Penknife alias transport file and its key have
arrived, the new alias line can be deciphered with the transport
key and immediately re-enciphered under the local alias-file key:
copy jerrys.pen temp.tmp
penknife /d jerrys.pen (enter the transport key)
penknife /e jerrys.pen (enter your alias key)
The resulting ciphertext (now enciphered under the local
alias-file key) can simply be placed at the top of the alias
file, using a text editor or the DOS "copy" command's append
mode:
copy penknife.mgt penmgt.old
copy jerrys.pen+penmgt.old penknife.mgt
This is intended to save the current alias file, then to collect
the ciphertext from the transport file and the saved alias file
into a new alias file. Note that the new alias is appended to
the alias file
as ciphertext, and
the existing alias file need not be deciphered.
The saved alias file can then be erased, if desired.
A similar operation is available in the Corporate version:
The corporate key-generation facility can provide incremental
upgrades in the alias key (or pass-phrase) for each user. The
new block of alias entries then is just copied to the top of the
existing alias file: No ciphering is needed to add a key to the
alias file.
Using a Key-Alias
Once a Penknife alias file is set up, the /a "tag" (a single
word) selects an alias in that file:
penknife file.txt *.pen /a fred /e
^ ^ ^ ^ ^encipher
| | | |
file to be resulting | the alias to select
enciphered file is: |
"FILE.PEN" alias mode
Note that fred's key may be updated occasionally, but it is no
longer necessary to remember any of those keys. Keys may
change, but the alias tag "fred" need not, and also need not be
secret. The user only need remember the one secret key to the
alias file. In fact, an alias file which has keys effective at
future dates provides an automatic and mostly invisible way to
institute periodic key changes.
Alias files greatly simplify cipher use. Note that a new alias
key can be transported on disk and activated (by releasing the
transport key) only after it arrives safely. An alias file
could be kept on a floppy and used by making that floppy the
"current drive." For ultimate security, that floppy could be
kept on the user's person when the cipher is not in use.
OPTIONS, Commands and Features
Command-Line Options
In most cases, a command line will consist of one or two file
names plus various options. Each option is specified with a
forward-slash "/" plus a letter (or a word with the same initial
letter, for better batch-file documentation). Most options
(except /k) can be placed anywhere on the command line, in any
order, although /a, /k and /m require a data field to
immediately follow. The first non-option character-sequence is
taken to be the "source" or FromFile; the second non-option
sequence (if any) the "destination" or ToFile.
- /Alias <tag> or /a <tag>
Use an alias to select a secret key. (Advanced,
Decipher-Only and Corporate versions.)
Decipher the
closest alias file (in memory only) and scan it for a match to
the specified one-word . If such an entry is found, use
the associated key-phrase for ciphering. The intent is to
select secret keys using non-secret alias tags. Alias tags are
not case-sensitive, and the field must immediately follow
the /a option.
If environment variable PENMGT exists, that text value is taken
to be the full path, file name and type of the local alias file.
Otherwise, the program searches for the file PENKNIFE.MGT,
first in the current directory, then in the parent directory,
then in the root directory on the current drive, then in root on
drive C. This allows the automatic use of multiple alias files
depending on the current directory.
/a sets the alias tag, the name to search for in an alias file,
and the tag itself must immediately follow /a. /a can be used
alone or to overrule the tag from /f. Either /a or /f is
required in the Corporate version. (Also see
Alias Files.)
/Batch or /b
Initiate Penknife Batch mode: Decipher FromFile in
memory and use each plaintext line as a Penknife command line.
(Advanced, Decipher-Only and Corporate versions.)
With minor exceptions, each line operates just like it would if
typed in at the top level. Option /b is not supported in batch
files (no batch files of batch files), and option /k is
supported ONLY in batch files, and ONLY as the LAST option on
the command line (see /k). Also, options /q and /7 only work in
a top level command-line (to DOS). (Also see
Batch Mode.)
/Decipher or /d
Decipher mode: Decipher Penknife ciphertext. (All versions.)
Normally, e-mail
ciphertext need not be "pre-processed" or "cleaned up" before
deciphering; headers, signatures and plaintext are usually
skipped automatically (see /p).
If the ciphertext file was damaged, or the wrong key used, a CRC
error will be reported and ciphering will stop after the current
source or FromFile file completes. In one-filename decipher
mode, the original FromFile data will be in the temporary file
shown on the screen (usually PEN$$$$$.TMP). The temp file will
be overwritten by the next one-filename ciphering, so if the
original data are important, they should be copied back to the
original file immediately. This recovery cannot be automatic,
because if the correct key was used, the deciphered data may be
the best we can do. See
"One-Filename Mode." One of /d, /e, /n or
/g is necessary for operation.
/Encipher or /e
Encipher mode: Encipher any file containing any type of
data into a file of binary ciphertext. (Advanced, Commercial Demo
and Corporate versions.) This text can then be transported as the
body of an e-mail message.
In one-filename mode, the existing source or FromFile will be
overwritten with ciphertext and destroyed. It is thus vital
that the User Key be entered CORRECTLY in one-filename
enciphering, so that the file can later be deciphered. Use an
alias file if at all possible, since a wrong alias will simply
halt the program without changing the FromFile. Also see
"One-Filename Mode." One of /d, /e, /n or
/g is necessary for operation.
/File-alias or /f
Use the file name to create an alias to select a key for
ciphering. (Advanced, Decipher-Only and Corporate versions.)
Create an alias tag from
the first contiguous alphabetic characters in the file name.
Create a message date from the operating system date for that
file (decipher) or the current date (encipher). Use that tag
and date to search the alias file for the appropriate User Key.
This process can occur dynamically (potentially selecting a
different User Key for each file) as the result of wildcard
operations. The intent is to support the archive storage of
messages in their original enciphered form in an environment
where User Keys are changed periodically. Options /a and /m can
be used to modify the /f alias tag or date and access other or
past or future User Keys.
/Generate or /g
Start interactive key generation. (Advanced version only.)
Get information from user, generate a new alias entry, place it
at the top of the closest alias file, then place the same key in
another enciphered file for transport. (Also see
Creating A Key-Alias.)
/Key <keycharacters> or /k <keycharacters>
In a Penknife batch command ONLY, set a secret key.
(Advanced, Decipher-Only and Corporate versions.)
A batch-command key applies to the
alias file, or (absent /f, /a, or /m) the data file. /k is
supported ONLY in Penknife batch files, AND ONLY as the LAST
OPTION on the line: After /k, the rest of the command line is
assumed to be the key. (Potentially, <keycharacters> could
include option sequences, such as "/a/b/g/k" etc.)
/Limit or /l
When enciphering, limit
ciphertext blocks to under 50,000 bytes, a size easily
transported on the Internet. This is done by closing the
current file, incrementing the filename, and opening a new
file. (Advanced and Corporate versions.)
The resulting files should be sent as separate messages; these
can be collected at the far end in the correct order by using
the Penknife append operator, a text editor, or the append mode
of the DOS copy command. Has no effect when deciphering.
(Also see Sending Large Files by
E-mail and Internet Size Limits.)
/Msgdate <date> or /m <date>
Set the date to be used when scanning for an alias (overrule
the DOS date). (Advanced, Decipher-Only and Corporate versions.)
Can be used with /a to select a past or future User Key. Can be
used with /f to overrule the date from the FromFile. Note that the
<date> field must immediately follow the /m option.
/m 0 means use the DOS date. Otherwise uses either of two date
formats: yy-mm-dd, and mm/dd/yy as selected by the use of "-"
or "/" (the numeric fields may have one to four digits).
/Nocipher or /n
Disable ciphering. Used to display wildcard file scans and
directory-tree scans without affecting any files. (Advanced,
Decipher-Only and Corporate versions.)
Display the From and To filenames as they would occur if ciphering
were enabled. One of /d, /e, /n, or /g is necessary or the
interactive command line is activated.
/Passthrough or /p
When deciphering, pass any plaintext found in the ciphertext
through to the output file. (All versions.)
Typically used to
automatically collect e-mail headers and .sigs (signatures)
together with the deciphered message. Has no effect when
enciphering.
/Quiet or /q
Disable screen output (unless there are errors). Also disable
the key-input-prompt beep. (All versions.)
For the original top-level command-line (to DOS) only.
/Tree or /t
Scan FromFile directory AND ALL SUB-DIRECTORIES for
FromFile filename matches. (Advanced, Decipher-Only and
Corporate versions.)
Normally used with a FromFile wildcard expression.
BE SURE TO FIRST USE /n WITH /t to display the names of the files
which will be ciphered. (Also see
Directory-Tree Scanning.)
/Zmode or /z
Delete ^Z (Control-Z, hex 1a, display image right-arrow) if
that code exists as the last character in a deciphered block.
(All versions.)
^Z is the way old CP/M and early DOS editors indicated the end
of a text file (EOF). When some editors (and especially the DOS
"type" command) see a ^Z they stop reading the file, even though
much data may remain (and can be displayed with
"copy con /b"
). Zmode is useful when one or
more ciphertext blocks in a file include a ^Z which could hide
subsequent blocks and text.
/7bit or /7
Display panels as 7-bit ASCII; disable color changes and
substitute * for line-draw characters. (All versions.)
Useful when running under emulated DOS on a workstation. For the
original top-level command-line (to DOS) only.
Commands for Common Operations
Encipher File "in place"
penknife file1.txt /e
(Advanced and Commercial Demo versions.) One-filename simple
ciphering: Ciphers through a temporary file and places the
result back in FILE1.TXT. This hides the original plaintext,
but also destroys it, so it is no longer available. The user
enters a User Key phrase, twice.
Decipher File "in place"
penknife file1.txt /d
(Advanced, Commercial Demo and Decipher-Only versions.)
One-filename simple ciphering: Ciphers through a temporary file
and places the result back in FILE1.TXT. This destroys the
ciphertext, so it is no longer available. The user enters a
User Key phrase, twice.
Generate Alias Key Effective Jan. 1, 2001
penknife /g /m 2001-1-1
(Advanced version only.) The user enters the alias-file key
phrase, the local alias, the far-end alias, the transport
filename and key phrase interactively. The most-future keys
should always be at the top of the alias file; since /g always
places a new key at the top of the file, the user should create
new keys in order of increasing date.
Wildcard Alias-Encipher .TXT Files Into .CLO Files
penknife *.txt *.pen /e /a fred
(Advanced and Corporate versions.) Two-filename alias ciphering
with wildcard file search: Each file matching *.TXT is
enciphered into *.PEN. The "closest" alias file is searched for
alias "fred" (and the key in effect as of the current DOS date)
to find the associated User Key. The user enters the alias-file
key phrase, once.
Decipher File Using Alias "fred"
penknife file1.pen *.res /d /a fred
(Advanced, Decipher-Only and Corporate versions.) Two-filename
alias ciphering: FILE1.PEN is deciphered into FILE1.RES. The
"closest" alias file is searched for alias "fred" (and the key
in effect as of the current DOS date) to find the associated
User Key. The user enters the alias-file key phrase, once.
Decipher In-Place and Pass-Through Plaintext
penknife file1.txt /d /a fred /p
(Advanced, Decipher-Only and Corporate versions.) One-filename
alias ciphering: This overwrites the ciphertext, which is then
unavailable. The user enters the alias-file key phrase, once.
The "passthrough" option keeps header and signature lines with
the deciphered body of each e-mail message.
Encipher Using Alias Key Active on Dec. 15, 1993
penknife file1.txt /e /a fred /m 93-12-15
(Advanced and Corporate versions only.) One-filename alias
ciphering: This overwrites the original plaintext, which is
then unavailable. The "closest" alias file is searched for
alias "fred" (and the key in effect as of 1993-12-15) to find
the associated User Key. The user enters the alias-file key
phrase, once. If the alias-file key is mistyped, the alias will
not be found, and FILE1.TXT will not be damaged.
Decipher Using Alias Key Active on Dec. 15, 1993
penknife file1.pen *.res /d /a fred /m 93-12-15
(Advanced, Decipher-Only and Corporate versions.) Two-filename
alias ciphering: Normally, the current date is used in alias
searches; /m overrides that with an explicit date.
Encipher a File For File-Alias Deciphering
penknife file1.txt fred1.pen /e /a fred
(Advanced and Corporate versions only.) Two-filename file-alias
ciphering: Note that the first part of ToFile is the same as
the alias; this allows the alias to be recovered from the
filename. This command enciphers the file under the key for
alias "fred" as of the current date. The resulting file
FRED1.PEN will produce alias "fred" under /f deciphering, and
the file date will hold the enciphering date for the decipher
alias search.
Wildcard File-Alias Deciphering
penknife *.pen /f /d
(Advanced, Decipher-Only and Corporate versions.) One-filename
file-alias ciphering with wildcard file search: Find all files
in the current directory with type field ".pen", create an alias
from the first contiguous alphabetic characters in each
filename, create an alias date from the file date for that file,
search the alias file for the correct key and decipher each
file. In each case the resulting plaintext overwrites the
ciphertext file; if one of the files deciphers incorrectly,
ciphering stops and the original ciphertext for that file
remains in the temp file displayed on the screen.
Note that /f assumes that all *.PEN files have names which
convert to valid alias tags, and that each retains the original
enciphering date. Even though many different keys may be
required for the selected files, the user need only remember and
enter the single key for the alias file.
Wildcard File-Alias Deciphering with Alias "fred"
penknife *.pen /f /d /a fred
(Advanced, Decipher-Only and Corporate versions.) One-filename
"filealias" ciphering with wildcard file search: /a overrides
the automatic generation of the alias and just uses the file
date associated with each file to select the correct User Key
for deciphering (since keys may have changed over time). This
assumes that each file retains the original enciphering date.
Ideal for ciphertext archives where a single subdirectory
contains messages from a single alias.
Change The Alias-File Key
penknife penknife.mgt /d
penknife penknife.mgt /e
(Advanced and Commercial Demo versions only.) One-filename
simple ciphering: Carefully use one-filename mode to decipher
the alias file under its old key, and then carefully re-encipher
the file under the new key. Note that there may be multiple
alias files in various directories, or the alias file may have a
different name if there is a PENMGT environment variable (see
the section "Alias Files").
Encipher Multiple Files into Ciphertext Archive
penknife *.txt arch1.pen /e /a fred
(Advanced and Corporate versions only.) Two-filename append
ciphering with wildcard file search. Each *.TXT filename match
causes the associated file to be enciphered into a ciphertext
block. Two blank lines are placed between blocks, and all
blocks accumulate into ARCH1.PEN.
Encipher Particular Files into Ciphertext Archive
penknife file1.txt+file2.txt+file3.txt arch1.pen /e
(Advanced and Commercial Demo versions; the Corporate version
would need an alias.) Two-filename append ciphering (although
FromFile steps through three explicit filenames). Each file is
enciphered into a ciphertext block. Two blank lines are placed
between blocks, and all blocks accumulate into ARCH1.PEN.
Decipher Ciphertext Archive
penknife arch1.pen *.res /d
(Advanced and Commercial Demo versions; the Corporate version
would need an alias.) Two-filename append ciphering. Each
ciphertext block in ARCH1.PEN is deciphered and the plaintext
accumulated into the common file ARCH1.RES. Each block is
announced with either a "." (no data error) or a "*" (data
errors found).
Penknife Features
- New Technology:
Penknife is based on original Dynamic Substitution technology
invented by this author, technology which provides an improved
tradeoff between speed and security in a software stream cipher.
Because the technology is patented, a detailed technical
description of the cipher design is available and has been
published and discussed in the Usenet News sci.crypt group.
- Error-Resilient:
Penknife was designed specifically for communications and
e-mail, and was designed to be error-resilient: If a
transmission error occurs, Penknife can recover at the start of
the next ciphertext line; other ciphers may trash the rest of
the file.
- Random Line Keys:
Each and every ciphertext line has its own random line key, in
addition to the overall User Key. This greatly improves cipher
strength in an error-resilient design.
- Penknife Ciphertext is Real Text:
Because Penknife produces lines of randomized ASCII characters,
the ciphertext can be imported into ordinary text files. This
provides the unusual capability of transporting one or more
binary files in an ordinary text file, perhaps with surrounding
text. Programs or graphics can be transported in this way.
- Penknife Ciphertext is Only Text:
By avoiding the temptation to have a binary output mode,
Penknife avoids the need for users to guess about which mode to
use when deciphering.
- Automatically Handles DOS or Unix Text Lines:
Penknife enciphers files into DOS-style text lines (ending in CR
LF), but can decipher either DOS-style or Unix-style lines
(ending in LF), automatically and invisibly. Since
line-terminators can change in transmission, this can help to
reduce confusion, especially for non-technical users.
- Automatically Skips E-mail Headers or Signatures:
In most cases, Penknife deciphering will automatically skip
e-mail headers or signature text. It is normally unnecessary to
"clean up" e-mail messages for deciphering.
- Optionally Passes-Through E-mail Headers or Signatures:
Instead of just skipping e-mail headers and signatures, that
text can automatically be "passed through" to the output file.
This will keep headers and signatures with the deciphered body
of each message. (The /p option.)
- Checks for Data Error:
Penknife deposits an error-check value in every ciphertext
block. This 32-bit cyclic redundancy check (CRC) is also
computed when each block is deciphered; if the values do not
match, an error is indicated. The error-check supports the
enciphering of programs, which should not be executed if they
have been damaged in storage or transit. (On the other hand, an
ordinary text file might be mostly readable even with a bad CRC
because Penknife is error-resilient.)
- Indicates Use of Wrong Key When Deciphering:
The error-check CRC also detects the use of the wrong
deciphering key, a common error in a cryptographic system.
- Optionally Overwrites Plaintext:
When Penknife is used in "one filename" mode (that is, not
ciphering from one file to a new file), the program overwrites
the plaintext file, thus (providing DOS cooperates) hiding the
original data even from file-recovery programs. No low-level
file access table (FAT) disk operations are needed or used.
- May Support a Secure Delete:
Penknife might be used as the basis of a secure file "delete"
operation. Normally, a file "delete" is not secure because the
information in the file remains on the disk (until it is
overwritten by another file). But to the extent that Penknife
"one filename" enciphering overwrites a file with ciphertext, it
can be used to "pre-treat" files to make the information on the
disk secure so those files can be deleted normally.
- No Ciphertext Bracketing Required
Penknife ciphertext has no structure apart from text lines.
There is no announcement that the body is ciphertext (e.g.,
BEGIN CIPHER), nor any description of what particular cipher is
in use. The recipient is expected to know that a cipher has
been applied, and which cipher in particular, along with the
secret key.
- Straightforward Secret-Key Cipher:
Penknife is a "conventional" or "secret key" cipher, and so
corresponds to the essence of secrecy: The need for conveying a
secret key reminds us that privacy is not available if the other
end cannot be trusted. A secret-key cipher does not require
"certification authorities" or "trust" with respect to the key.
A secret-key cipher automatically "authenticates" a person who
possesses the key. A secret-key cipher is not subject to
strange "man in the middle" or "spoofing" attacks like some
public-key ciphers.
- Can Break Up Large Files:
When enciphering, advanced Penknife can be commanded to
automatically break up a large file into smaller ciphertext
files which can be reliably transported on the Internet. When
deciphering, either version can decipher messages in a specified
order and accumulate them to a common file, thus recovering the
original large file. (Alternately, the received files can be
appended as ciphertext using DOS "copy" and then deciphered as a
single file, or deciphered separately and then appended as
plaintext.) (The /L option.)
- Supports Wildcard File-Search:
Most Penknife versions supports "wildcard" operations, in which
multiple files can be selected with a single FromFile expression
using the DOS wildcard characters "*" and "?". This allows
Penknife to encipher or decipher many files with a single
key-entry.
- Supports Directory-Tree File-Search:
Most Penknife versions support directory-tree ciphering, in
which the current directory, and all of its sub-directories (and
sub-sub-directories, etc.) are searched for a match to the given
filename or wildcard expression. This mode supports massive
ciphering, such as may be needed when changing keys or ciphers.
(The /t option.)
- Supports Multi-File Archives:
Penknife supports "append mode" operation, where multiple "from"
files (selected by a wildcard expression) are ciphered to a
single "to" file. Enciphering will produce an archive of
ciphertext blocks (which will decipher into a single file).
Deciphering will accumulate a plaintext archive from multiple
ciphertext files, each of which may have multiple ciphertext
blocks.
- Supports Explicit File-Append:
Penknife supports a form of append-mode operation in which a
list of specific files, separated by "+" (with no spaces around
the +) is presented as the FromFile. This allows explicitly
ordering the multiple blocks of a large file sent on the
Internet.
- Supports Explicit File-Sequence:
Penknife supports operation on a list of files separated by ","
and presented as the FromFile. This allows explicit
specification of filenames which are not related and for which
wildcard operations will not help.
- Supports Key-Alias Files:
Most Penknife versions support enciphered alias files, which
greatly simplify key management. A simple public alias can
select a long secret key from the alias file. Alias files
reduce the irritation and the potential for serious error which
can result from typing-in long secret keys (twice).
(The /a option.)
- Supports Key Update:
Penknife alias files support "dated" aliases: Each alias has an
"key effective date" to indicate when the associated key was (or
will be) placed in service. This allows the current key for an
alias to be changed to a new key, and periodic key-change is a
normal requirement in serious cryptosystems.
- Supports Access to Old Keys:
Normally, the current date is used to select the appropriate key
automatically, but the user can access past (or future) keys by
specifying a past (or future) date on the command line.
(The /m option.)
- Supports Archived Ciphertext:
Since old keys can remain accessible, the original ciphertext
can be archived without problem. Since occasional key changes
are inevitable (and required for security), the ability to
support access to ciphertext under old keys is a real advantage.
- Supports Automatic Key-Change:
Because Penknife supports "dated" alias entries, many different
keys can be programmed in advance for the same alias, to take
effect at future dates. This can make periodic key-changes
automatic and virtually painless.
- Supports Automatic Access using File Name and File Date:
Most Penknife versions support a "file-alias" facility for
developing both the alias tag and the appropriate date from the
name and date of the selected file. (The alias tag is built
from the first contiguous sequence of alphabetic characters in
the file name; the date comes from the file date.) This means
that many different files under many different keys can be
accessed automatically during wildcard ciphering.
(The /f option.)
- Supports Automatic Access to Archived Ciphertext:
By storing ciphertext messages with their alias tag in their
filenames (along with a sequence number), both the alias and the
ciphering date can be recovered automatically. This allows a
user to avoid remembering dates and aliases for ciphertext, and
is especially useful for archiving messages under many aliases.
- Supports Central Key-Management:
Key-management is important to businesses which have a policy
that all business files be enciphered only under business keys.
Such a policy can be enforced by audits which attempt to
decipher business files using the standard business keys. The
corporate version cannot cipher data with a key from the
keyboard, but instead requires a previously-generated alias file.
- Generates New Random Keys:
The Penknife Advanced version supports a "generate" option, to
create an alias line with a random key, and then place that line
at the start of the closest alias file, as well as (under a
different key) in a specified file for transport.
(The /g option.)
- Supports Key Transport:
The "generate" option places both the new key and a "far-end
alias" in a "transport file" which is enciphered under a
"transport key." The key-transport file can be copied to floppy
and carried or mailed to the far end. Once the file arrives
safely, the transport key can be provided by a separate channel.
- Supports Multiple Alias Files:
Most Penknife versions support multiple alias files, searched
for in this order: environment variable PENMGT, the current
directory, the parent directory, root, and root on drive C:
This allows each section of the directory tree to have its own
alias file. The alias file might be kept on a floppy which can
be personally retained.
- Penknife Batch Files:
Most Penknife versions also support Penknife batch files, which
are enciphered files in which each line is a Penknife command
line. This allows substantial processing operations to be
pre-programmed for production use.
(The /b option.)
- Non-Infringing:
Penknife does not infringe any known patents. Penknife has been
in use for years without problems.
Detailed Operation
Two-Filename Mode
Two-filename mode ciphers from one file to another and the first
file is not modified. To start ciphering, just enter:
penknife FromFile ToFile /e
to encipher, or
penknife FromFile ToFile /d
to decipher.
FromFile and ToFile represent your own filenames.
The "from" or
"source" file must already exist; it is the file you wish to
protect. The "to" or "target" file will be the enciphered
version of the "from" file, and will replace any existing file
with the same name in the same directory. Both FromFile and
ToFile may be as simple as just a name (if the file is in the
current directory), or include a drive-letter and/or "path"
specification (to locate the file in some other subdirectory).
In two-filename mode, the original file is not modified at all.
This can be a safety-net to allow recovery in the event of
problems, but can also leave sensitive information on the disk.
As an alternative, Penknife has "one-filename mode":
One-Filename Mode
Another way to use the program is to enter:
penknife FileName /e
to encipher in the "one filename" mode, in which the result
overwrites the original file. One-filename mode can be more
secure than two-filename mode, because a plaintext copy is not
left behind unhidden. But it can also be more risky, since the
original file will be overwritten and destroyed.
ONE-FILENAME MODE CAN BE DANGEROUS! Because the original file
is normally overwritten, its contents will be destroyed and
cannot be recovered.
BE VERY CAREFUL WHEN USING ONE-FILENAME MODE. If a wrong User
Key is somehow entered in the same wrong way twice (trust me, it
happens), the program cannot know this, and -- unless the error can
be reproduced -- the data will have been lost.
Use an alias file if at all possible. An error in entering an
alias-file key will simply result in the desired alias not being
found, preventing ciphering and also preventing any change to
the FromFile.
CRC Error In One-Filename Deciphering
If the ciphertext file has been damaged, or the wrong key used
when deciphering, Penknife will report a CRC error and stop,
leaving the original data in the file described on the screen.
In one-filename mode, the original data will be in a temp file
(usually PEN$$$$$.TMP).
The program has no way to know whether the CRC error resulted
from something small like one bad ciphertext line, or something
large like the use of the wrong key. Penknife is designed to be
error-resilient and the result (even with a bad section) may be
the best that can be achieved with the damaged ciphertext, so
things are left as they are. The user should examine the
deciphered data which is now stored in the original file.
If the problem was the use of the wrong key (indicated by a
completely-random deciphered result), the user should copy the
ciphertext from the temp file back to the original file, and
decipher under the correct key. It is important to recover the
data in the temp file before it is destroyed by another
one-filename ciphering operation.
One other possibility is discussed next:
"Deciphering" a Text File
When deciphering in "one filename" mode, if the user in error
attempts to "decipher" a text file which has not been
enciphered, is likely that no valid ciphertext will be found, in
which case no deciphering will occur. This case is specifically
detected, and the original file will not be modified, but the
program will stop with a CRC error.
If this happens, the temporary file (usually PEN$$$$$.TMP) will
not be erased, and the original plaintext will be in both files.
If the user has placed the temp file on a RAM disk (by setting
an environment variable, as described below), there is no
security issue. However, if the temp file is on the hard drive,
this situation has created yet another dangerous -- but in this
case, useless -- plaintext file. The temp file should be scrambled
by enciphering in "one filename" mode, and then deleted.
Secure Overwrite Depends on DOS
Although one-filename mode does indeed overwrite the actual disk
sectors of the original file in most cases, this depends upon
non-guaranteed characteristics of DOS which could depend on the
particular version of "DOS" actually used. (Presumably,
disk-cache programs could have an effect as well.) A user who
is worried about this should format a new floppy, copy one text
file to the floppy, encipher that file in one-filename mode, and
then use a low-level disk utility to check the disk for sectors
containing the original text. Normally there are no such
sectors. If there are, it may be necessary to use a disk "wipe"
utility to erase all unallocated sectors. Other alternatives
include enciphering on floppy disks (which can be bulk-erased to
remove all hidden plaintext), or restricting all plaintext files
to RAM disk or floppy disk. In some cases it may be necessary
to check hard-drive operations as well.
Put Temp Files on a RAM Disk
One-filename ciphering can operate faster (and be more secure)
if the intermediate file is on "RAM disk," and this can be
arranged (provided you have a RAM disk) by setting an
environment variable in AUTOEXEC.BAT:
set pentmp=[path and filename]
In my system, I use:
set pentmp=h:\pen$$$$$.tmp
because drive H: is a RAM disk on my system.
The User Key
When invoked without an alias command (such as /a or /f), the
program will ask you to enter a User Key, twice (so there is no
mistake), after which ciphering will occur. The User Key should
be long phrase (30 or more characters) which you will remember,
modified to be unlike anything in print.
Penknife Key Phrases
A Penknife key-phrase could be as long as 250 characters. Each
key-character can be an upper or lower case letter, a number, or
any 8-bit value not used for key-entry which DOS will report to
the program.
Some codes which may be a problem for DOS include:
^C abort
^N output to printer
^P terminal print-echo
^S suspend output
^X cancel
Note that ^C means "control-C."
Codes used by Penknife for key-entry include:
^[ Esc erase line / quit
^H BS erase last character
^J LF ignored
^M CR end-of-entry.
^U alternate erase line / quit
Leading and trailing spaces are ignored in key phrases, but
internal spaces are significant.
Entering and Editing the User Key
As you enter your User Key it will not appear on the screen so
it cannot be seen and stolen. Instead, a sequence of numbers
will appear which are the last digit of the number of characters
you have entered. While entering your User Key, you may realize
that you made a mistake; if so, you can use the backspace key to
erase incorrect characters, or hit the Esc key once and start
over from the beginning of the line. (Ctrl-U can be used
instead of Esc.) Normally, the display digits will be removed,
but if your User Key is over about 55 characters, it will wrap
to the next line, and display digits will not be erased on a
previous line; backspace and Esc will edit the key properly,
however.
If you have forgotten the User Key and need to think, just hit
the Esc key twice to exit the program.
Some Key Phrase is Always Necessary
When using alias files, the actual User Keys can be random
character sequences (since they need not be typed-in or
remembered). In fact, the Advanced Penknife /generate option
will create random user keys. Still, the alias file itself will
need a remembered key, as will any Penknife batch file. Thus,
there will always be a need for some keys based on long,
rememberable-but-unlike-anything-in-print key phrases.
Alias Files
The ideal way to operate Penknife is to use the alias facility
available in most versions. An alias file is an enciphered file
which contains the keys for your various uses or contacts. For
example, when I want to encipher FileName to "frank" I type:
penknife FileName /e /a frank
The program then asks for the alias-file key, which need be
entered only once. (If the wrong key is given, the alias-tag
"frank" will not be found, and the program will stop without
damaging data.) So I need to remember only the one key for the
alias file, instead of Frank's (and Dave's and Bill's) current
secret key (whose actual keys should change routinely anyway).
Creating or Extending an Alias File
The user can create or extend an alias file using the /generate
option (in the Advanced version):
penknife /g
^
generate
This normally creates a 40-character random new User Key (unless
a specific new key is assigned by the user). The new key is
collected with a user-supplied alias tag plus a key-effective
date (the current date, unless otherwise specified by user) on a
single text line. The resulting line is enciphered under an
"alias key" from the user, and placed at the start of the
closest alias file (if none is found, one is created in the
current directory). The same key is also collected with the
same date and a different alias tag (for use at the far end) and
then enciphered into a "transport file" under a "transport key"
from the user.
Dated Aliases
Alias entries include a "key-effective" date to specify when the
associated key was (or will be) placed in service. The various
alias lines in an alias file should be ordered by date, "future
first, past last." Penknife searches for the first occurrence
of an alias tag which is active as of the "current" date. The
user can set a particular "current" date from the command line
(using /m), thus having access to past (or even future) keys.
Alias files can be constructed months -- or even years -- in advance,
making key-updates painless and automatic.
The Closest Alias File
Penknife seeks an alias file by first checking for an
environment variable "penmgt," which it expects to contain the
path to and name of an alias file. If the environment variable
is not found, Penknife searches for a file named PENKNIFE.MGT,
first in the current directory, then in the parent directory,
then in the root directory on the current drive, then in root on
drive C. This allows the user to have different alias files for
different areas of the directory tree structure.
We can use the DOS "set" command to establish the environment
variable:
set penmgt=[path and filename]
which will avoid the search, and allow any desired filename.
The user might place this command in AUTOEXEC.BAT, where it will
be executed automatically when DOS is started. In my system I
do not use the environment variable, but instead simply place
the working alias file in the root directory on drive C:, thus
making it available for use from any current directory. I also
have another alias file in my development directory for testing;
Penknife uses the testing alias file automatically when I make
my development directory "current" (using the DOS "cd" command).
The Transport File
The transport file (generally created when an alias key is
generated) must be transported to the far end. There it
normally will be deciphered with the transport key and then
re-enciphered under that user's alias key. Then the far end
user will place the new alias line at the top of their alias
file, typically using the append mode of the DOS "copy" command.
(See the earlier section
"Simple Operation and Help.")
Alias File Format
An alias file is simply an enciphered text file of alias lines.
Each alias-file line should contain an "effective" date, an
alias "tag," and an associated secret key; each field separated
by one or more spaces:
2000-12-15 harry W+dhRbOnz5Ao4Iw07sSjcr5X/dLHm2u24elvx5h
1994-03-24 bob c7YIvxs8+pfTpk5X3Wqo8Rfs9GvTe1zMPZUmTkE
1993-12-15 fred EfLoU84fsrN5EwivDK6/6Fpl5qyKGmWEuoHM7Ll
Dates are in a form which supports easy sorting: yyyy-mm-dd.
Alias tags are single "words" with no internal spaces, do not
start with "/",and are not case-sensitive. The secret key
starts with the first non-space character after the tag, and
includes all characters through the end of the line (except
trailing space characters, which are deleted) just like a key
typed in on the keyboard. The secret key is case-sensitive and
may include internal spaces and any character-codes other than
CR or LF. (However, /g produces only the transportable
ciphertext characters so that any subsequent editing operations
will not have to deal with ASCII control codes or non-ASCII
codes). An alias file line cannot exceed about 250 characters
in length including, date, tag, secret key and spacing.
Editing Alias Files
Because an alias file is simply an enciphered text file, it may
also be edited, either to change alias tags, add new entries
which have a language phrase key, or to delete very old keys.
However, because an alias file contains perhaps the most
sensitive information of any file, effort should be made to
minimize overall exposure. For example, a new user-created
alias line could be enciphered alone, and then added at the top
of the existing alias file as ciphertext (either using a text
editor, or the DOS "copy" command's append mode). Two blank or
other clearly non-ciphertext lines should separate the new
ciphertext from the old ciphertext. Thus, the information in
the existing alias file need not be exposed at all.
Date Order Required
Alias files scanned for the first tag-match which is valid as of
the "current" date. Thus, alias files should have entries in
date order, "future first, past last." All alias lines should
have "yyyy-mm-dd" dates so that alias files can be sorted
automatically using the DOS "sort" command on the deciphered
alias file. (For security reasons, this sort of processing
should be done on a RAM disk and the alias-file plaintext should
never be displayed on a CRT.)
Penknife Batch Mode
Batch Mechanism
For installations which wish to automate operations, Penknife
includes a batch mode. A Penknife batch file is an enciphered
file of Penknife command lines. The batch mechanism simply
obtains the next text line from such a file, and feeds that line
to the normal Penknife system. As much as possible, Penknife
processing will look and work exactly the same when processing a
true command line, or a command line from a Penknife batch file.
The Differences
There are a couple of differences in batch mode: First, /batch
is not recognized in batch files -- it is only used to start batch
operations. Next, the /key option is ONLY valid in a batch
file. A leading colon (:) on a Penknife batch line indicates a
comment. Neither blank lines nor comments are executed, nor are
they counted as commands.
Explicit Keys
The /key option (which is only valid at the end of a Penknife
batch line) allows batch commands to use alias files (which are
enciphered) without separate key entry. Of course, the key for
the batch file which starts everything off will have to be
entered manually, but only that key, and only once.
Errors Stop the Show
When an error occurs during batch processing, the line-in-error
is displayed (with any /key option overwritten) and processing
halts, to limit any possible damage to other files. Penknife
returns an error-count through the DOS "process return code"
which supports special-case processing in DOS batch files.
Other Penknife Features
Append Mode
Penknife has processes which detect first and last ciphertext
lines in ordinary text, so it is reasonable to have multiple
ciphertext blocks (each enciphered under the same key) in one
file. One way to build such a file is to use the Penknife
"append" mode: A wildcard FromFile expression, with a
non-wildcard single file as the ToFile. This can encipher
multiple files and collect the ciphertext in a single file; each
block will be a stand-alone ciphertext segment, with its own
CRC. (All ciphertext blocks in such a file will be deciphered
into the same plaintext file.)
Similar results can be obtained with an explicit list of files
separated by "the append operator" or "+" in FromFile only (no
spaces are allowed around the +):
penknife bob1.txt+john.txt *.pen /e
Alternately, the user might use a text editor to manually
collect various ciphertext files in a single document, being
sure to separate ciphertext blocks with two non-ciphertext lines
(either blank lines or text lines with non-ciphertext
characters, such as space, punctuation or other symbols). Yet
another way would be to use the append mode of the DOS "copy"
command to collect separately enciphered files.
When deciphering, CRC results are announced for each block with
"." for OK, and "*" for BAD, but processing will continue until
the file has been completely processed.
Internet Size Limits
Some parts of the Internet will not handle large messages, so it
is wise to break large files down into small and transportable
messages. The /L (limit) option will do this automatically:
penknife big.fil *.001 /e /l
will produce a sequence of ciphertext files: BIG.001, BIG.002,
BIG.003, etc. These should be sent as separate messages, with
the part number clearly described in the Subject heading.
The process used to step the output file names also supports
alphabetic characters. For example:
penknife big.fil *.9y /e /l
could produce: BIG.9Y, BIG.9Z, BIH.0A; alphabetic characters can
be used instead of -- or with -- numeric sequence indicators.
The receiving end can accumulate all the small ciphertext files
(in the right order) into one big file using the explicit append
mode built into both versions of Penknife:
penknife big.001+big.002+big.003 big.fil /d
Alternately, the files can be accumulated as ciphertext, using a
text editor, or the append mode of the DOS copy command:
copy big.001+big.002+big.003 big.enc
There is usually no need to chop off headers or signatures since
they are skipped automatically in decipher, and a couple of
lines need to separate the different ciphertext blocks anyway.
The resulting large enciphered file is simply deciphered.
Yet another alternative is to decipher each of the messages
separately, and then accumulate the resulting plaintext. If the
plaintext is language text, accumulation is easily done in a
text editor or with the append mode of the DOS copy command. If
the plaintext is program data, it is important to collect the
results using some operation which is insensitive to particular
binary values; the binary mode of the DOS copy command should
work:
copy /b big.tx1+big.tx2+big.tx3 big.txt
Wildcard File Specification
Most versions of Penknife support "wildcard" file
specifications, such as:
penknife *.txt /e
This command scans the current directory for all files which
have a file type field of ".TXT" and enciphers each under the
same key in one-filename mode.
Directory-Tree Scanning
Most versions of Penknife also support "directory-tree"
operations which scan the current directory -- and all lower
sub-directories -- for a match, as in:
penknife *.txt /e /t
This command scans the current directory -- and all subdirectories
of the current directory -- for files which have a file type of
".TXT" and enciphers each match under the same key in
one-filename mode.
Note that TREE MODE CAN BE DANGEROUS! "Tree mode" can encipher
a lot of files, and could cause a lot of trouble if you make a
mistake with the key, or encipher instead of deciphering.
Normally, it is important to first use "no-operation" mode, like
this:
penknife *.txt /t /n
which will do the same scan, and display all file matches, but
change nothing.
Wildcard operations also support append mode, in which there is
a wildcard FromFile specification, but a ToFile without a
wildcard. This accumulates the result of ciphering operations
in a single file, and can be helpful in maintaining enciphered
archives.
Append Operator (+)
Results somewhat similar to wildcard scanning can be obtained by
using "the append operator" or "+". This is used to separate a
list of files in a FromFile specification; no spaces are
allowed, and ToFile must exist and not have a wildcard:
penknife bob1.txt+john.txt res.pen /e
Sequence Operator (,)
Penknife also has a "sequence operator" or "," to separate a
list of files in a FromFile specification. No spaces are
allowed, and if ToFile exists, it must have a wildcard. This
operator allows filenames which are textually unrelated to be
operated on in fast sequence with a single key-entry.
penknife bob1.txt,john.txt *.pen /e
Z-Mode
Some text editors place a control-Z character at the end of a
DOS text file; the DOS "type" utility and some text editors will
interpret this as the end of the file. When such files are
collected into a single ciphertext file, and then deciphered,
the control-Z at the end of the text in the first block could
hide subsequent blocks and text. Consequently, the /z option
was introduced to delete the last character of a deciphered
block, if (and only if) that character is a control-Z, thus
allowing subsequent text to remain visible.
Cipher Technical Overview
Stream Cipher
Penknife converts a User Key phrase of arbitrary length into
the internal state of a unique 63-bit random number generator
(RNG) used to produce a pseudo-random sequence. This (linear)
sequence is made nonlinear by deleting random amounts of data
from the sequence at random times. The resulting nonlinear
sequence is combined with data in a patented
nonlinear-but-reversible dynamic combiner, and then in a static
linear combiner, to produce binary ciphertext. That ciphertext
is then translated into the ASCII character set.
Error-Resilience
In many serious ciphers, a transmission error in the ciphertext
will hide all subsequent data. But in Penknife, input plaintext
data are processed in blocks of 53 binary bytes, which are
enciphered and expanded into 76-character alpha-numeric lines.
Each Penknife line is fully independent, and an error in one
line affects only that line.
Line Keys
Each Penknife line carries a 32-bit "line key"; each line key is
combined with the original User Key state to produce a modified
state for a particular line. Typically, about 64k lines would
be required under one User Key before we are likely to find any
two lines enciphered under the same key.
Multiple Combiners
The plaintext data are combined with a non-linear pseudo-random
sequence. The first-level combiner is selected from 16
possibilities on a line-by-line basis, thus complicating
attempts to discover the initial combiner state. The
second-level combiner further complicates attacks on combiner
state because it hides the result of the first combiner.
Nonlinear Combining
Because the Penknife design uses a unique nonlinear data
combiner, the usual "known plaintext" attack (which is
devastating on the normal stream cipher) cannot work. More
complex attacks seem to require a huge amount of ciphertext
enciphered under one User Key with the same line key. A user
concerned about security will change User Keys periodically
anyway, because the User Key could have been exposed in other
ways.
A detailed design document and security analysis is also
available.
One-Filename Detailed Operation
Ciphering Through a Temp File
Penknife supports one-filename ciphering, in which the result
overwrites the original file. This is done by first enciphering
or copying to a "temp" or intermediate file normally named
PEN$$$$$.TMP (or .TMQ).
Temp Ciphering is Strange
For best security, any ciphering file should only contain
ciphertext. Consequently, enciphering occurs from the original
file to the intermediate, which is then copied back over the
original. In contrast, deciphering must first copy the
ciphertext to the intermediate file, and then decipher from the
intermediate over the original. This operational difference can
cause some confusion, but is necessary to maintain security.
Ciphertext Can Be Safely Deleted
Barring user error, the temp file is always ciphertext, and is
simply deleted after use. The temp file is almost the only file
which Penknife writes other than the indicated output file.
(The Advanced Penknife /generate option will write a new
transport file, and will add a few lines to an alias file.)
Penknife does not manipulate the file-access table (FAT) or any
other low-level part of the disk system or DOS.
File Overwrites
Note that overwriting a file is not the same as first "deleting"
a file and then creating a new file. The difference is in the
storage allocation: A deleted file releases its allocated store
(which still contains the original data), and a new file
probably would not be assigned that same store. This means that
some or all of the original data would remain on the disk,
unhidden. On the other hand, when a file is overwritten, there
is no need for the operating system to release the current store
or re-allocate new store; it need only overwrite the existing
store, and this appears to be what DOS does. Of course, DOS
does not guarantee to do this, but it does not claim to not do
this, either. The wary user might choose to use low-level disk
programs to investigate what actually happens on his or her
local system, or alternately use a RAM disk or a floppy (which
could and should be bulk-erased) to store any and all plaintext
files.
Scrambling For Secure Deletes
In most cases, one-filename mode will overwrite the actual
storage sectors used for the original file. When enciphered, a
file expands, so all the previous sectors will be used, and
more. Thus, one way to support a secure "delete" function is to
first encipher a file in one-filename mode -- thus "scrambling" the
data -- and then do a normal DOS "delete."
Sample Commands
On the DOS command line, each command is preceded by the name of
the program; in Penknife batch files, the command stands alone.
One-Filename Simple Ciphering
test.tmp /e
test.tmp /d
Encipher the plaintext from file TEST.TMP and place the
ciphertext back in TEST.TMP, or Decipher the ciphertext in
TEST.TMP and place the plaintext back in TEST.TMP. Encipher
overwrites the original plaintext with the resulting ciphertext,
but risks losing the file data if a mistaken key is entered,
twice, in the same wrong way.
Two-Filename Simple Ciphering
test.tmp test.pen /encipher
test.pen test.res /decipher
Encipher the plaintext from file TEST.TMP and place the
ciphertext in TEST.PEN, or decipher TEST.PEN and place the
plaintext in TEST.RES. Two-filename ciphering does not
overwrite the original file, and thus does not hide plaintext
when enciphering, but also does not destroy a potentially-useful
file.
One-Filename Alias Ciphering
test.tmp /e /a fred
test.tmp /d /a fred
The closest alias file (typically PENKNIFE.MGT) is deciphered in
memory, and each plaintext text line is searched for alias-tag
"fred". When found, the last part of that line becomes the User
Key for data ciphering. Encipher overwrites dangerous
plaintext, the alias file avoids the consequences of entering a
mistaken key, and the alias key need be entered only once.
Two-Filename Alias Ciphering
test.tmp test.pen /encipher /alias fred
test.pen test.res /decipher /alias fred
Using an alias implies a single key entry. Generally avoids the
effects of mistakes. My favorit mode.
One-Filename Alias Wildcard Ciphering
*.tmp /e /a fred
*.tmp /d /a fred
The DOS wildcard "*.tmp" matches (and ciphers) any file of any
name which has a type field of ".TMP" in the current directory.
One-Filename Alias Wildcard Ciphering And Directory-Tree
Scanning
*.tmp /encipher /alias fred /tree
*.tmp /decipher /alias fred /tree
Here "*.tmp" matches (and then ciphers) any file of any name
which has a type field of ".TMP" in the current directory and
all subdirectories of the current directory. USE WITH CAUTION,
since distant, forgotten files may match the scanning pattern
and be mistakenly enciphered. (See below.)
No Ciphering, Just A File-Match Display.
*.tmp /n /t
Show the effect of a directory scan (or just a wildcard scan)
before committing to ciphering.
Two-Filename Alias Wildcard Ciphering And Directory-Tree
Subdirectory Scanning
*.tmp *.pen /e /a fred /t
*.pen *.res /d /a fred /t
The FromFile wildcard is used to scan the directories for
matching files; the ToFile wildcard represents the characters
found in any match. Note that the result files are created in
the ToFile directory (here the current directory), and not in
the FromFile directory (which will change, as the subdirectories
are scanned).
Two-Filename Alias Wildcard Ciphering with Specific ToFile:
"Append Mode"
*.tmp archive.pen /e /a fred
*.pen result.txt /d /a fred
When enciphering, each plaintext FromFile will produce a
separate ciphertext block, and all the blocks will be
accumulated in the single file ARCHIVE.PEN. All cipher blocks
in that file can then be deciphered into a single accumulated
plaintext file in one operation. When deciphering, each
ciphertext FromFile will produce plaintext which is accumulated
in the single file RESULT.TXT.
One-Filename File-Alias Ciphering
fred1.txt /e /f
fred1.txt /d /f
Develops alias tag "fred" from the first contiguous alphabetic
characters of the file name and the current date (when
enciphering) or the file date (when deciphering). In this way a
filename can be the alias tag, and the file date can be the
enciphering date, so the deciphering user need not remember the
alias or think about key changes which may have occurred since
the original ciphering.
One-Filename File-Alias Wildcard Ciphering
fred*.* /encipher /filealias
fred*.* /decipher /filealias
Develops alias tag from the first contiguous alphabetic
characters of each matching filename. The example uses alias
tag "fred" with the current date (when enciphering) or the file
date (when deciphering). Potentially uses a different key for
every file ciphered. Assuming the desired alias is "fred", each
match-file name (files which match FRED????.???) must not have a
letter after the "D".
One-Filename File-Alias Wildcard Ciphering w/ Forced
Alias
fred*.* /e /f /a fred
fred*.* /d /f /a fred
The alias is forced to be "fred" independent of the file names.
Uses the current date (when enciphering) or the match-file date
(when deciphering).
One-Filename File-Alias Wildcard Ciphering w/ Forced Date
fred*.* /e /f /m 93-11-25
fred*.* /d /f /m 11/25/93
Uses the filename from any file match to form the alias search
tag. The alias-search date is forced to be 11/25/93 independent
of the current date or file date. Note that there are two valid
date formats, signalled by the first separator (- or /). In
either case, the year can be full (1993 or 2001) or abbreviated
(93 or 1).
One-Filename File-Alias Wildcard Ciphering w/ Forced
Current Date
fred*.* /encipher /filedate /msgdate 0
fred*.* /decipher /filedate /msgdate 0
The alias date is forced to be the current DOS date, independent
of the file dates. Uses the match-file name to form the alias
tag.
Internet Size Limit Ciphering
bigfile.txt smallfil.001 /encipher /limit
smallfil.001+smallfil.002+smallfil.003 bigfile.res /decipher
Enciphers BIGFILE.TXT to a sequence of smaller files. Deciphers
the small files and appends the results into the single
plaintext file BIGFILE.RES.
Penknife and Business
Ciphers and Keys
The Key-Distribution Problem
Penknife is a secret-key cipher, and this is no problem at all
when protecting local files, or creating off-site archives. But
a secret-key cipher can be a problem for communications: Users
at each end must somehow acquire the same secret key with
absolute security. This is "the key-distribution problem" that
many people think public-key technology has solved. But -- much to
their surprise -- public-key ciphers need an ADDITIONAL
cryptographic protocol which secret-key ciphers do not.
Public-key ciphers must "authenticate" ("certify" or "validate")
each public key a user acquires. Failure to validate public
keys can result in exposure of the ciphered information WITHOUT
any need to break the cipher proper. This is a complication and
weakness which secret-key ciphers just do not have.
Straightforward Secrecy
Granted, Penknife e-mail users must somehow transfer secret
keys, and then keep those keys secret, but this is an obvious,
straightforward requirement, just like house keys and car keys.
Penknife keys can be delivered when users meet, or transported
by mail or express delivery services or with traveling friends
or employees. Once keys are set up, there is no ambiguity about
the Penknife cipher being exposed due to protocol error.
Because Penknife uses no complex protocols, any "Opponent" must
technically attack and break the cipher itself (or steal the
key) to read the protected data. Normally, a technical attack
on ciphertext is extremely complex, lengthy, and expensive, and
so is perhaps the least likely way for someone to gain access to
hidden information.
Key Management
Penknife uses alias files: enciphered files which hold secret
keys. The user only need remember the one secret key phrase for
the alias file itself, and then the keys in that file can be
selected with a non-secret "nickname" or alias tag. Keys which
exist only in enciphered files are very difficult to steal. As
in any cipher system, it is important to use a long, strange key
for the alias file key phrase (pass phrase), and to protect that
key and change it when it may have been compromised.
Keys for Transport
Advanced Penknife can generate a random key for any alias. One
copy is placed in the current alias file, and another in a
separate file -- enciphered under a different key -- for transport.
The transport key can be sent by a different channel to improve
transport security. The resulting transported key can be added
to a user's alias file without editing or on-screen exposure.
Corporate users need only register their alias-file keys with
the corporate key-generation facility to be provided with alias
files they can use.
Business Cipher Management
Fear of Loss
One big issue for business cryptography is the possibility that
employees could damage or hide data, or that they may forget
keys or hold them ransom. It is important, though, to separate
the aspects which cryptography really affects. Employees can
damage or hide data without cryptography. Presumably business
managers could feel that they take less risk by empowering their
own people than they would by leaving their communications open
to everyone.
Compartmental Access
Each member of a group working on a particular project can be
given the same "project key." As people leave the project,
members can simply add a new project key to their alias files,
and continue with business as usual, using exactly the same
alias they previously used. This helps to minimize the impact
of security management on innovative people.
Business Keys for Business Data
Many businesses may want to institute a policy that employees
may use only business keys on business data. With Penknife,
businesses can establish alias files for various departments (or
users), and by using dated aliases, provide automatic,
company-wide, virtually-painless key-updates. Such alias files
are easily extended and distributed without havoc.
Key Audits
To ensure compliance with a policy of using only corporate keys
for corporate files, key audits of corporate files are possible,
simply by trying the approved keys on enciphered files. The
validity of the key is indicated by the resulting CRC. Finding
enciphered files which fail such an audit would be a warning
sign to any reasonable business.
Corporate Archives
To the extent that employees can create and modify files, they
can damage files in all sorts of ways that do not require
cryptography. (Indeed, the major problem may be accidental
damage.) If this is an issue, a corporate archive may be needed
to maintain fair copies of important files, and the need for
this may well be completely independent of the use of
cryptography. But Penknife especially supports corporate
cryptographic archives through its ability to retain and access
old, outdated keys.
Penknife Batch Files
Enciphered Penknife batch files can include explicit keys.
Thus, Penknife batch files could be used to limit and simplify
user options, or provide special circumstance features for
particular projects or users.
Secure Message Archives
If everyone used the same key, and that key never changed, there
would be no problem archiving ciphertext. But in a secure
environment there will be many different keys, and those keys
will change periodically (or when employees leave), making
access to the archives a serious problem.
One possible approach is to immediately decipher every received
message to plaintext, and simply append that onto an existing
plaintext file. While fairly efficient, this would be less
secure than we would like.
Another approach would be to decipher a received message, then
decipher the archive file, add the received message to the end
of the deciphered archive file, and re-encipher that file under
the archive key. This could be secure, but very inefficient.
Multi-Block Ciphertext Files
Penknife directly supports files containing multiple enciphered
blocks. This allows ciphertext from a single user (under a
single key) to be accumulated in an archive simply by appending
each new ciphertext message to the end of the existing archive
file. When multi-block Penknife files are deciphered, they can
"pass through" each message header and signature to remain with
the deciphered message body. This approach is efficient and
secure, and the appending could be made automatic. Although it
probably implies a new archive file for each user and key, this
might be a good way to organize the archives anyway.
File-Alias Mode
Penknife also supports a /filealias mode which develops an alias
tag and date from the name and date of each selected file.
Thus, another alternative is to institute a policy of naming
incoming ciphertext files with the appropriate alias, plus a
sequence number. Those files could then be accessed
automatically because the alias and date could be developed from
the file name and date, even for many different aliases and many
different keys over long periods of time. This is efficient and
secure, and the appropriate message naming could be made
automatic.
Penknife the Product
Limits of Ciphering
No cipher, by itself, can possibly be considered a complete
solution to data security. The simple use of any cipher program
may not seal all information leaks.
Ciphers can only hide information which is otherwise secret
If someone can read, bribe, coerce, break-in and copy, bug,
remotely monitor, or in some other way get the information, no
cipher can help. And when a direct technical attack on a cipher
is more expensive than an alternate way to get the information,
the cipher is probably tough enough. Penknife is intended to be
"tough enough," but is not intended for life-critical security.
We could provide such a cipher, if desired, but to make it
worthwhile the user would need extensive physical security and a
special low-emission computer.
Speed vs. Strength
Any software cipher must inherently trade off speed for
strength. Penknife is a relatively fast e-mail cipher with
strength far beyond the usual "toy" cipher, because it uses
better technology. In the normal user environment (that is,
without guards, internal secure areas, and a security staff to
handle external coercion), it should be cheaper to obtain almost
any information in some way other than a direct technical attack
on Penknife ciphertext.
Use Long Key Phrases
The user who is concerned about strength will have User Key
phrases at least 30 characters long, modified with unusual
spacing, capitalization, and numbers and symbols to be very
unlike anything ever before placed in print. The /generate
option will create random keys which can be transferred on
floppy disk and then used in an alias file; they need not be
remembered. Of course, the key to the alias file itself must
still be remembered. No matter what cipher is used, all
cryptographic security ultimately relies on the hope that one or
more secret keys is still a secret.
Never Write Down a Key
Penknife alias files can reduce the number of keys to be
remembered to one. Nevertheless, at least one User Key (the
password to the alias file) must be remembered, for if it is
written down, the surface it is written on must be kept secure.
It is far easier to have one memorable key phrase for the alias
file than to keep some surface secure.
Transporting Secret Keys
Transporting keys is not required unless the enciphered files
are to be sent by electronic communication. In that case, the
best way to deliver a new key is to hand a person a disk. Many
businesses support frequent travel between corporate offices,
and new secret keys could easily be hand-carried on such trips.
Ordinary mail is another possibility, as are express mail or
delivery services. Ideally, key-change mail would be dropped in
a public mailbox and sent to a pre-arranged neighbor of the
intended recipient, thus hopefully avoiding any mail
interception. Anything which constitutes a "separate channel"
will frustrate any Opponent who does not maintain massive
continuous monitoring of that particular channel. And any
Opponent with that level of resources has many other
alternatives.
Add Received Keys Securely
Note that it is possible to add the new key to an alias file
without ever showing the key on the display; see
"Installing a Transported
Key-Alias."
Moreover, Penknife supports adding keys to an alias file
without deciphering either the transport file
or the alias file (and thus exposing the keys inside).
This is done by converting the transported entry to the alias
key, and appending the new entry to the start of the alias file.
Caution
Penknife is a serious cipher: It is specifically designed to
convert data into a form which is useless without knowledge of
the secret key used in encryption. It uses a large internal
key, and there is no "backdoor." If you forget your secret key,
you will lose the ability to expose the data enciphered with
that key. If you allow this to happen, nobody will be able to
recover the data for you.
Archiving arbitrary enciphered files risks data loss as keys
fade from use and memory. If you are concerned about potential
key loss, name the files for use with the Penknife /filealias
option and maintain some alias files with all the old keys.
Alternately, keep backups under a common key, or in plaintext
form in a secure location. Companies should be aware of the
need to keep valid keys to any work files employees may
generate. It may be reasonable to demand that corporate files
only use corporate keys, and audit files periodically to assure
that this is being done. Again, without the correct secret
key, nobody can recover data from the ciphertext.
Licensing
The Penknife program is protected both by copyright and patent law.
Evaluation
Penknife is available in a Commercial Demo version for
evaluation. Individuals may evaluate the demo until they choose
to license Penknife. Commercial entities are normally limited
to a 30 day free evaluation, and should evaluate the Advanced
version anyway.
Commercial Program
Penknife is a commercial cipher. Everyone who uses Penknife
must be either "evaluating" or "licensed." However, the program
does not attempt to enforce licensing, but instead simply states
that a licensing fee is required. Licensed users should be
aware that the announcement is displayed so that, if and when
the program is used by others, or even just observed in
operation, the licensing requirement is made plain.
Licensed Per User
Individual licensing is $129 per user. (A "user" is any
originator and/or recipient of text or data enciphered by the
Penknife cipher. It is not acceptable to buy one Penknife
license and process messages for an entire group.) Quantity
rates are available, and various sorts of group or site licenses
can be negotiated.
Commercial Demo May be Distributed Freely
Penknife users can communicate with anyone they wish, simply by
sending out the demo. They should be sure to include
documentation so the new evaluator will know how to use the
program.
Not for Export
Penknife is a serious commercial cipher, and is unlikely to be
approved for export. Currently, anyone who "exports" such a
cipher may be in violation of federal law. To avoid placing
bulletin-board operators in an awkward position, users are asked
to not place any version of Penknife on any open BBS. The
Penknife commercial demo can be given to friends and others in
the U.S., but they should understand that if they "export" the
program they may violate U.S. law.
International Travel
In the past, international travelers have wondered whether they
should remove commercially-available cipher programs from their
portable computers when they travel. According to a recent
State Department release, that is no longer necessary:
Statement of Dr. Martha Harris
Deputy Assistant Secretary of State for Political-Military
Affairs
February 4, 1994
Encryption -- Export Control Reform
[...]
* Personal use exemption: We will no longer require that U.S.
citizens obtain an export license prior to taking encryption
products out of the U.S. temporarily for their own personal use.
In the past, this requirement caused delays and inconvenience
for business travelers.
[...]
The contact point for further information on these reforms is
Rose Biancaniello, Office of Defense Trade Controls, Bureau of
Political-Military Affairs, Department of State, (703) 875-6644.
Disclaimer
RSE takes pride in cryptographic innovation and the design and
implementation of this program. We will repair any problems in
the program which we find to be our error for the first year
after licensing.
It is up to each licensee or user to check this product in their
own particular environment and not rely upon the product until
fully satisfied that it is suitable for use.
License for use of this program is conditional upon agreement
that neither RSE nor the author are liable for consequential
damage, and that our ultimate liability will in no case exceed
the license fees actually paid by the licensee involved.
Author, Company, Publications
Author's Background
The author is a registered Professional Engineer, in another
life one of the architects of the MC6809 processor, and has been
researching, publishing, inventing and applying cryptography
full-time for over half a decade. He has been writing computer
programs for almost thirty years and working in the 80x86 DOS
assembly-language environment for the past decade.
Ritter Software Engineering
One of the reasons for producing Penknife is to demonstrate and
advertise our role as a provider of new, innovative
cryptographic technology. Ritter Software Engineering -- a
government-registered manufacturer of cryptographic
armaments -- has developed a number of innovative ciphers and
cipher-engines which cover a range of speed, strength, and
special-use situations. The cipher engines are designed for
"drop-in" inclusion in user software like editors and
spreadsheets. The especially high-speed designs would be
appropriate for system software such as disk-controllers and LAN
servers.
References
[1] Ritter, T. 1990. Substitution Cipher with Pseudo-Random
Shuffling: The Dynamic Substitution Combiner. Cryptologia.
14(4): 289-303.
[2] Ritter, T. 1990. Dynamic Substitution Combiner and
Extractor. U.S. Patent 4,979,832.
[3] Ritter, T. 1991. The Efficient Generation of Cryptographic
Confusion Sequences. Cryptologia. 15(2): 81-139. 213 refs.
Terry Ritter, his
current address, and his
top page.
Last updated: 1995-12-14