The Penknife Cipher User's Manual

File Encryption and Key Management
for Electronic Mail

Terry Ritter, P.E.

Ritter Software Engineering
2609 Choctaw Trail
Austin, TX 78745
(512) 892-0494

Copyright 1993 - 1995 Ritter Software Engineering
Protected by U.S. Patent 4,979,832

Introduction

Penknife is a serious stream cipher for e-mail based on Dynamic Substitution technology. Penknife will encipher any file of any type into a file of text lines, and will decipher that ciphertext into a file which is byte-by-byte the same as the original. Penknife is currently implemented as a DOS program with an internal command line which works well under Microsoft Windows.

Penknife users normally select a hidden random key from an alias file of such keys (the alias file might be provided by the local corporation). A particular key is selected by an associated alias tag which need not be secret. This allows the hidden keys to change (e.g., as employees leave), while the user continues to use the exact same alias.

Penknife is a "conventional" or "Secret Key" cipher, and is ideal for secure local storage or secure communication within a corporation. Although "Public Key" ciphers are often suggested as an alternative, for true security, they require that received keys be certified. When this poorly-understood step can be ignored by users, supposedly secret information can be exposed to outsiders. This sort of problem does not occur in a Secret Key cipher.

Contents

Start Up

Overview

What Is Penknife?

Penknife is an easy-to-use data security program for MS-DOS which works well under Microsoft Windows. Penknife protects the information in a file from unauthorized viewing. Protected files can be sent by electronic mail, archived off-site, or just saved locally, hiding the information in those files from irresponsible individuals.

What Does Penknife Do?

Penknife translates (enciphers) files of any sort (word processing files, spreadsheets, programs, graphics, compressed archive files, etc.) into lines of confused-looking text characters. This "ciphertext" contains all of the original information, but keeps it hidden. Unlike many other encryption products, Penknife's ciphertext is real text, and can be handled like ordinary text: Penknife ciphertext can be sent as electronic mail, included in a document, viewed, or even edited. The original file is recovered by "deciphering" the ciphertext file under the correct key.

How Does Penknife Do It?

Penknife uses new, patented Dynamic Substitution technology to implement an especially fast and strong cipher. A user-selected Key Phrase defines the enciphering transformation, and EXACTLY THE SAME KEY PHRASE MUST BE USED TO RECOVER THE ORIGINAL FILE. Penknife has unique key-management facilities to make this easy.

When deciphering, Penknife translates the ciphertext back into exactly the same data as in the original file -- provided the deciphering key phrase is exactly correct. A CRC error-check warns if an incorrect key phrase was used or if the ciphertext file was damaged or tampered with.

Who Should Use Penknife?

Penknife is great for those who want practical privacy for their electronic mail. Most electronic mail has no protection at all, and any number of people can read or even modify it in transit. Penknife makes surreptitious viewing or alteration virtually impossible. Penknife can also be used to protect off-site archives from inappropriate access, provide local privacy, or just to send large files through the Internet with strong error-checking.

Penknife's key-management facilities make enciphering quick and easy for individuals, and allow companies to institute a corporate-wide key management and control policy. A key policy is important, because employers need access to business information which their employees generate.

Everyone who saves enciphered messages and files will appreciate Penknife's support for archived messages enciphered under old keys.

What Do I Need To Use Penknife?

Penknife runs on any system which runs MS-DOS programs, from old 8088 systems through modern Pentium systems, including lap-tops, hand-held DOS computers and even emulated DOS on Unix and other systems. While Penknife's assembly- language code is optimized for modern processors, it is also very efficient on older machines. Unlike many other encryption products, Penknife does not require a numeric co-processor.

The Penknife Versions

Currently, there are four different versions of Penknife: Advanced (the usual choice), Commercial Demo (for evaluation), Decipher-Only (for CD-ROM protection), and Corporate (which limits use to specific keys). Each version has a particular combination of features; only the Advanced version has all Penknife features.

Advanced

The Advanced version of Penknife (typically PENADV.EXE) includes all features.

Commercial Demo

The Commercial Demo (typically PENDEMO.EXE) provides basic cipher capabilities in a small package. The commercial demo does not include alias files (/a, /f), batch files (/b, /k), key-generation (/g), wildcard support, or tree-mode (/t) mass ciphering. However, the Commercial Demo (and all documentation) can be sent -- without obligation -- to anyone with whom you would like to communicate.

Individuals can use the demo version until they decide to license the Advanced version. Businesses normally have a 30-day demo evaluation period, but would be better off to contact us for an Advanced demo with more of the features they will need.

Decipher-Only

The Decipher-Only version (typically PENDEC.EXE) has most features, but does not have routines for enciphering (/e) or key-generation (/g). The enciphering routines are physically not present anywhere in the program. This means that -- in certain cases -- the Penknife Decipher-Only version might be exportable.

Corporate

The Corporate version (typically PENCORP.EXE) has most features, but is intended to limit ciphering to only approved keys, and has no key-generation (/g) of its own. This of course means that some entity must produce and distribute alias files containing the approved keys. This gives corporations the ability to define the keys which will be used on corporate data.

Users of the Corporate version can cipher data only using the keys present in their alias file. These users cannot cipher data with a key entered from the keyboard, and so must use an alias option (/a or /f).

Corporate version users have no automatic way to make a new alias file. They also normally cannot decipher the alias file, and cannot encipher a new alias file under the alias key. This provides improved corporate control over secret keys.

Installation

All Penknife versions are DOS programs which include internal on-line help panels and a command-line editing facility (for use in Microsoft Windows). Each program is a single file: No separate DLL's or help files are used.

DOS installation

The version of Penknife you have (or want to use) should be copied to some directory listed in your command "path." (To see your current path under DOS, just type "set" -- plus enter -- and look for "PATH.") This will allow the program to be found, loaded into memory and executed. The examples generally assume you have Advanced Penknife, and have renamed the file as PENKNIFE.

Microsoft Windows Installation

A Microsoft Windows installation requires that the version of Penknife you want to use be copied into a convenient directory, perhaps one you normally use for e-mail. The PENKNIFE.PIF file should be copied to the same directory.

Use Program Manager to open the Accessories group and use File, New to create a new Program Item. Enter the Description "Penknife Cipher" and set Command Line as the full path to the program (e.g., "c:\pen\penknife.exe). Set Working Directory to where you want files without full paths to end up (e.g., "c:\pen). (Eventually, you may put your alias file in the Working Directory.) Enter "p" for Shortcut Key (which becomes Ctrl+Alt+P), and check Run Minimized. Use Change Icon and select the pocketknife icon, if desired.

After setup, Penknife can be started by double-clicking on the selected icon in Accessories, and then activated when desired with Ctrl-Alt-P, or Ctrl-Esc and Switch To. Or use File Manager and double-click on the Penknife program-file. Or use Program Manager File, Run.

What to Expect

When started, Penknife immediately displays an identification screen. Execution without a parameter starts-up the interaction menu, which can open the help system. If a parameter is found but the source (FromFile) is not found, Penknife will stop with an error; otherwise Penknife will request a key, then display the FromFile and the destination (ToFile) as ciphering starts. On a 25 MHz 386, a 30K file should finish in a couple of seconds.

Simple Operation and Help

Help

Execution without a parameter: 
     penknife
will bring up an interaction menu. One option is "Help," and almost all the information needed to run Penknife is available in the help system. Another option is "Enter new command line parameters," which allows Penknife to be used interactively. (Since the program is already running, do not use a "program name" like "penknife" on the interactive command line!)

Simple Enciphering

Basically, 
            penknife  readme.txt  readme.pen  /e
               ^           ^           ^       ^
               |           |           |       |
     program name   input file   output file   option
enciphers the file README.TXT into a new file README.PEN after the program asks the operator to enter a User Key twice. The resulting file can then be sent as a secure e-mail message. (Not available in the Decipher-Only version, and the Corporate version will require an alias; see Using a Key-Alias.)

Simple Deciphering

Similarly, 
           penknife  readme.pen  readme.res  /d
              ^           ^           ^       ^
              |           |           |       |
     program name   input file   output file   option
deciphers the enciphered file README.PEN into the file README.RES. It is normally unnecessary to "clean up" received messages; almost any e-mail header or signature or other text in the enciphered file is skipped automatically in the decipher process. (The Corporate version will require an alias.)

Sending Large Files by E-mail

For transmission on the Internet, a large file can be broken into a sequence of smaller ciphertext files automatically using the /L option: 
     penknife  big.txt  enc.001  /l  /e
               ^        ^         ^   ^ encipher
               |        |         |
     large file to      |     limit output file size
        encipher        |
                     first ciphertext file
This will generate a sequence of enciphered files named ENC.001, ENC.002, ENC.003, etc. until done. The user should send each of the resulting files as a separate message, and include the sequence number of the file in the subject line. (For the Advanced version, and the Corporate version will require an alias.)

Recovering Large Files from E-mail

If you receive a multi-message file, it is easy to accumulate and decipher the messages to get the original file using the append operator: 
     penknife  enc.001+enc.002+enc.003  big.txt  /d
               ^      ^     ^               ^     ^ decipher
               |      |     |   ...         |
       first msg   append   second msg      result
The headers and signatures in each of the messages generally DO NOT have to be removed. There can be no spaces around the "+" append operator. (The Corporate version will require a proper alias.)

Alternately, the messages may be appended as ciphertext (using a text editor or the DOS "copy" command's append mode), and then deciphered as a single large file. Or the individual messages could be deciphered separately and then appended as plaintext.

Creating a Key-Alias

Users of Advanced Penknife should create a file which holds user keys under cipher, so the user need remember only the one key (or pass-phrase) for the key file. We call this an alias file, and it can be created or extended by using the /generate option (Advanced version only): 
     penknife  /g
                ^
                generate
The /generate option starts an interactive system to define an alias entry (effective date, alias tag and key), encipher it (the user enters the alias key), and place it at the top of an alias file. If the user does not enter a specific key for the alias entry, a random key will be created.

In addition, the same key can be given a different alias tag (perhaps your own e-mail name) and placed in another file (under another key) for secure transport. The transport key will be installed at the far end, and the different alias tag will be used there to refer to the key used to communicate with you. Normally, each alias tag will in some way refer to the person or entity at the other end.

Ideally, the transport file would be copied to a floppy disk, carried to the far end, and the transport key delivered by separate channel (for example, by postal mail or phone).

Installing a Transported Key-Alias

When an Advanced Penknife alias transport file and its key have arrived, the new alias line can be deciphered with the transport key and immediately re-enciphered under the local alias-file key: 
     copy  jerrys.pen  temp.tmp
     penknife  /d  jerrys.pen    (enter the transport key)
     penknife  /e  jerrys.pen    (enter your alias key)
The resulting ciphertext (now enciphered under the local alias-file key) can simply be placed at the top of the alias file, using a text editor or the DOS "copy" command's append mode: 
     copy  penknife.mgt  penmgt.old
     copy  jerrys.pen+penmgt.old  penknife.mgt
This is intended to save the current alias file, then to collect the ciphertext from the transport file and the saved alias file into a new alias file. Note that the new alias is appended to the alias file as ciphertext, and the existing alias file need not be deciphered. The saved alias file can then be erased, if desired.

A similar operation is available in the Corporate version: The corporate key-generation facility can provide incremental upgrades in the alias key (or pass-phrase) for each user. The new block of alias entries then is just copied to the top of the existing alias file: No ciphering is needed to add a key to the alias file.

Using a Key-Alias

Once a Penknife alias file is set up, the /a "tag" (a single word) selects an alias in that file: 
     penknife  file.txt  *.pen  /a fred  /e
               ^           ^     ^    ^   ^encipher
               |           |     |    |
      file to be   resulting     |    the alias to select
      enciphered   file is:      |
                  "FILE.PEN"     alias mode
Note that fred's key may be updated occasionally, but it is no longer necessary to remember any of those keys. Keys may change, but the alias tag "fred" need not, and also need not be secret. The user only need remember the one secret key to the alias file. In fact, an alias file which has keys effective at future dates provides an automatic and mostly invisible way to institute periodic key changes.

Alias files greatly simplify cipher use. Note that a new alias key can be transported on disk and activated (by releasing the transport key) only after it arrives safely. An alias file could be kept on a floppy and used by making that floppy the "current drive." For ultimate security, that floppy could be kept on the user's person when the cipher is not in use.

OPTIONS, Commands and Features

Command-Line Options

In most cases, a command line will consist of one or two file names plus various options. Each option is specified with a forward-slash "/" plus a letter (or a word with the same initial letter, for better batch-file documentation). Most options (except /k) can be placed anywhere on the command line, in any order, although /a, /k and /m require a data field to immediately follow. The first non-option character-sequence is taken to be the "source" or FromFile; the second non-option sequence (if any) the "destination" or ToFile.
/Alias <tag> or /a <tag>

Use an alias to select a secret key. (Advanced, Decipher-Only and Corporate versions.)

Decipher the closest alias file (in memory only) and scan it for a match to the specified one-word . If such an entry is found, use the associated key-phrase for ciphering. The intent is to select secret keys using non-secret alias tags. Alias tags are not case-sensitive, and the field must immediately follow the /a option.

If environment variable PENMGT exists, that text value is taken to be the full path, file name and type of the local alias file. Otherwise, the program searches for the file PENKNIFE.MGT, first in the current directory, then in the parent directory, then in the root directory on the current drive, then in root on drive C. This allows the automatic use of multiple alias files depending on the current directory.

/a sets the alias tag, the name to search for in an alias file, and the tag itself must immediately follow /a. /a can be used alone or to overrule the tag from /f. Either /a or /f is required in the Corporate version. (Also see Alias Files.)

/Batch or /b

Initiate Penknife Batch mode: Decipher FromFile in memory and use each plaintext line as a Penknife command line. (Advanced, Decipher-Only and Corporate versions.)

With minor exceptions, each line operates just like it would if typed in at the top level. Option /b is not supported in batch files (no batch files of batch files), and option /k is supported ONLY in batch files, and ONLY as the LAST option on the command line (see /k). Also, options /q and /7 only work in a top level command-line (to DOS). (Also see Batch Mode.)

/Decipher or /d

Decipher mode: Decipher Penknife ciphertext. (All versions.)

Normally, e-mail ciphertext need not be "pre-processed" or "cleaned up" before deciphering; headers, signatures and plaintext are usually skipped automatically (see /p).

If the ciphertext file was damaged, or the wrong key used, a CRC error will be reported and ciphering will stop after the current source or FromFile file completes. In one-filename decipher mode, the original FromFile data will be in the temporary file shown on the screen (usually PEN$$$$$.TMP). The temp file will be overwritten by the next one-filename ciphering, so if the original data are important, they should be copied back to the original file immediately. This recovery cannot be automatic, because if the correct key was used, the deciphered data may be the best we can do. See "One-Filename Mode." One of /d, /e, /n or /g is necessary for operation.

/Encipher or /e

Encipher mode: Encipher any file containing any type of data into a file of binary ciphertext. (Advanced, Commercial Demo and Corporate versions.) This text can then be transported as the body of an e-mail message. In one-filename mode, the existing source or FromFile will be overwritten with ciphertext and destroyed. It is thus vital that the User Key be entered CORRECTLY in one-filename enciphering, so that the file can later be deciphered. Use an alias file if at all possible, since a wrong alias will simply halt the program without changing the FromFile. Also see "One-Filename Mode." One of /d, /e, /n or /g is necessary for operation.

/File-alias or /f

Use the file name to create an alias to select a key for ciphering. (Advanced, Decipher-Only and Corporate versions.)

Create an alias tag from the first contiguous alphabetic characters in the file name. Create a message date from the operating system date for that file (decipher) or the current date (encipher). Use that tag and date to search the alias file for the appropriate User Key.

This process can occur dynamically (potentially selecting a different User Key for each file) as the result of wildcard operations. The intent is to support the archive storage of messages in their original enciphered form in an environment where User Keys are changed periodically. Options /a and /m can be used to modify the /f alias tag or date and access other or past or future User Keys.

/Generate or /g

Start interactive key generation. (Advanced version only.)

Get information from user, generate a new alias entry, place it at the top of the closest alias file, then place the same key in another enciphered file for transport. (Also see Creating A Key-Alias.)

/Key <keycharacters> or /k <keycharacters>

In a Penknife batch command ONLY, set a secret key. (Advanced, Decipher-Only and Corporate versions.)

A batch-command key applies to the alias file, or (absent /f, /a, or /m) the data file. /k is supported ONLY in Penknife batch files, AND ONLY as the LAST OPTION on the line: After /k, the rest of the command line is assumed to be the key. (Potentially, <keycharacters> could include option sequences, such as "/a/b/g/k" etc.)

/Limit or /l

When enciphering, limit ciphertext blocks to under 50,000 bytes, a size easily transported on the Internet. This is done by closing the current file, incrementing the filename, and opening a new file. (Advanced and Corporate versions.)

The resulting files should be sent as separate messages; these can be collected at the far end in the correct order by using the Penknife append operator, a text editor, or the append mode of the DOS copy command. Has no effect when deciphering. (Also see Sending Large Files by E-mail and Internet Size Limits.)

/Msgdate <date> or /m <date>

Set the date to be used when scanning for an alias (overrule the DOS date). (Advanced, Decipher-Only and Corporate versions.)

Can be used with /a to select a past or future User Key. Can be used with /f to overrule the date from the FromFile. Note that the <date> field must immediately follow the /m option.

/m 0 means use the DOS date. Otherwise uses either of two date formats: yy-mm-dd, and mm/dd/yy as selected by the use of "-" or "/" (the numeric fields may have one to four digits).

/Nocipher or /n

Disable ciphering. Used to display wildcard file scans and directory-tree scans without affecting any files. (Advanced, Decipher-Only and Corporate versions.)

Display the From and To filenames as they would occur if ciphering were enabled. One of /d, /e, /n, or /g is necessary or the interactive command line is activated.

/Passthrough or /p

When deciphering, pass any plaintext found in the ciphertext through to the output file. (All versions.)

Typically used to automatically collect e-mail headers and .sigs (signatures) together with the deciphered message. Has no effect when enciphering.

/Quiet or /q

Disable screen output (unless there are errors). Also disable the key-input-prompt beep. (All versions.)

For the original top-level command-line (to DOS) only.

/Tree or /t

Scan FromFile directory AND ALL SUB-DIRECTORIES for FromFile filename matches. (Advanced, Decipher-Only and Corporate versions.)

Normally used with a FromFile wildcard expression. BE SURE TO FIRST USE /n WITH /t to display the names of the files which will be ciphered. (Also see Directory-Tree Scanning.)

/Zmode or /z

Delete ^Z (Control-Z, hex 1a, display image right-arrow) if that code exists as the last character in a deciphered block. (All versions.)

^Z is the way old CP/M and early DOS editors indicated the end of a text file (EOF). When some editors (and especially the DOS "type" command) see a ^Z they stop reading the file, even though much data may remain (and can be displayed with "copy con /b"). Zmode is useful when one or more ciphertext blocks in a file include a ^Z which could hide subsequent blocks and text.

/7bit or /7

Display panels as 7-bit ASCII; disable color changes and substitute * for line-draw characters. (All versions.)

Useful when running under emulated DOS on a workstation. For the original top-level command-line (to DOS) only.

Commands for Common Operations

Encipher File "in place" 

     penknife file1.txt /e
(Advanced and Commercial Demo versions.) One-filename simple ciphering: Ciphers through a temporary file and places the result back in FILE1.TXT. This hides the original plaintext, but also destroys it, so it is no longer available. The user enters a User Key phrase, twice.

Decipher File "in place" 

     penknife file1.txt /d
(Advanced, Commercial Demo and Decipher-Only versions.) One-filename simple ciphering: Ciphers through a temporary file and places the result back in FILE1.TXT. This destroys the ciphertext, so it is no longer available. The user enters a User Key phrase, twice.

Generate Alias Key Effective Jan. 1, 2001 

     penknife  /g  /m 2001-1-1
(Advanced version only.) The user enters the alias-file key phrase, the local alias, the far-end alias, the transport filename and key phrase interactively. The most-future keys should always be at the top of the alias file; since /g always places a new key at the top of the file, the user should create new keys in order of increasing date.

Wildcard Alias-Encipher .TXT Files Into .CLO Files 

     penknife  *.txt  *.pen  /e  /a fred
(Advanced and Corporate versions.) Two-filename alias ciphering with wildcard file search: Each file matching *.TXT is enciphered into *.PEN. The "closest" alias file is searched for alias "fred" (and the key in effect as of the current DOS date) to find the associated User Key. The user enters the alias-file key phrase, once.

Decipher File Using Alias "fred" 

     penknife  file1.pen  *.res  /d  /a fred
(Advanced, Decipher-Only and Corporate versions.) Two-filename alias ciphering: FILE1.PEN is deciphered into FILE1.RES. The "closest" alias file is searched for alias "fred" (and the key in effect as of the current DOS date) to find the associated User Key. The user enters the alias-file key phrase, once.

Decipher In-Place and Pass-Through Plaintext 

     penknife  file1.txt  /d  /a fred  /p
(Advanced, Decipher-Only and Corporate versions.) One-filename alias ciphering: This overwrites the ciphertext, which is then unavailable. The user enters the alias-file key phrase, once. The "passthrough" option keeps header and signature lines with the deciphered body of each e-mail message.

Encipher Using Alias Key Active on Dec. 15, 1993 

     penknife  file1.txt  /e  /a fred  /m 93-12-15
(Advanced and Corporate versions only.) One-filename alias ciphering: This overwrites the original plaintext, which is then unavailable. The "closest" alias file is searched for alias "fred" (and the key in effect as of 1993-12-15) to find the associated User Key. The user enters the alias-file key phrase, once. If the alias-file key is mistyped, the alias will not be found, and FILE1.TXT will not be damaged.

Decipher Using Alias Key Active on Dec. 15, 1993 

     penknife  file1.pen  *.res  /d  /a fred  /m 93-12-15
(Advanced, Decipher-Only and Corporate versions.) Two-filename alias ciphering: Normally, the current date is used in alias searches; /m overrides that with an explicit date.

Encipher a File For File-Alias Deciphering 

     penknife  file1.txt  fred1.pen  /e  /a fred
(Advanced and Corporate versions only.) Two-filename file-alias ciphering: Note that the first part of ToFile is the same as the alias; this allows the alias to be recovered from the filename. This command enciphers the file under the key for alias "fred" as of the current date. The resulting file FRED1.PEN will produce alias "fred" under /f deciphering, and the file date will hold the enciphering date for the decipher alias search.

Wildcard File-Alias Deciphering 

     penknife  *.pen  /f  /d
(Advanced, Decipher-Only and Corporate versions.) One-filename file-alias ciphering with wildcard file search: Find all files in the current directory with type field ".pen", create an alias from the first contiguous alphabetic characters in each filename, create an alias date from the file date for that file, search the alias file for the correct key and decipher each file. In each case the resulting plaintext overwrites the ciphertext file; if one of the files deciphers incorrectly, ciphering stops and the original ciphertext for that file remains in the temp file displayed on the screen.

Note that /f assumes that all *.PEN files have names which convert to valid alias tags, and that each retains the original enciphering date. Even though many different keys may be required for the selected files, the user need only remember and enter the single key for the alias file.

Wildcard File-Alias Deciphering with Alias "fred" 

     penknife  *.pen  /f  /d  /a fred
(Advanced, Decipher-Only and Corporate versions.) One-filename "filealias" ciphering with wildcard file search: /a overrides the automatic generation of the alias and just uses the file date associated with each file to select the correct User Key for deciphering (since keys may have changed over time). This assumes that each file retains the original enciphering date. Ideal for ciphertext archives where a single subdirectory contains messages from a single alias.

Change The Alias-File Key 

     penknife  penknife.mgt  /d
     penknife  penknife.mgt  /e
(Advanced and Commercial Demo versions only.) One-filename simple ciphering: Carefully use one-filename mode to decipher the alias file under its old key, and then carefully re-encipher the file under the new key. Note that there may be multiple alias files in various directories, or the alias file may have a different name if there is a PENMGT environment variable (see the section "Alias Files").

Encipher Multiple Files into Ciphertext Archive 

     penknife  *.txt  arch1.pen  /e  /a fred
(Advanced and Corporate versions only.) Two-filename append ciphering with wildcard file search. Each *.TXT filename match causes the associated file to be enciphered into a ciphertext block. Two blank lines are placed between blocks, and all blocks accumulate into ARCH1.PEN.

Encipher Particular Files into Ciphertext Archive 

     penknife  file1.txt+file2.txt+file3.txt  arch1.pen  /e
(Advanced and Commercial Demo versions; the Corporate version would need an alias.) Two-filename append ciphering (although FromFile steps through three explicit filenames). Each file is enciphered into a ciphertext block. Two blank lines are placed between blocks, and all blocks accumulate into ARCH1.PEN.

Decipher Ciphertext Archive 

     penknife  arch1.pen  *.res  /d
(Advanced and Commercial Demo versions; the Corporate version would need an alias.) Two-filename append ciphering. Each ciphertext block in ARCH1.PEN is deciphered and the plaintext accumulated into the common file ARCH1.RES. Each block is announced with either a "." (no data error) or a "*" (data errors found).

Penknife Features

Detailed Operation

Two-Filename Mode

Two-filename mode ciphers from one file to another and the first file is not modified. To start ciphering, just enter: 
     penknife FromFile ToFile /e
to encipher, or 
     penknife FromFile ToFile /d
to decipher.

FromFile and ToFile represent your own filenames. The "from" or "source" file must already exist; it is the file you wish to protect. The "to" or "target" file will be the enciphered version of the "from" file, and will replace any existing file with the same name in the same directory. Both FromFile and ToFile may be as simple as just a name (if the file is in the current directory), or include a drive-letter and/or "path" specification (to locate the file in some other subdirectory). In two-filename mode, the original file is not modified at all. This can be a safety-net to allow recovery in the event of problems, but can also leave sensitive information on the disk. As an alternative, Penknife has "one-filename mode":

One-Filename Mode

Another way to use the program is to enter: 
     penknife FileName /e
to encipher in the "one filename" mode, in which the result overwrites the original file. One-filename mode can be more secure than two-filename mode, because a plaintext copy is not left behind unhidden. But it can also be more risky, since the original file will be overwritten and destroyed.

ONE-FILENAME MODE CAN BE DANGEROUS! Because the original file is normally overwritten, its contents will be destroyed and cannot be recovered.

BE VERY CAREFUL WHEN USING ONE-FILENAME MODE. If a wrong User Key is somehow entered in the same wrong way twice (trust me, it happens), the program cannot know this, and -- unless the error can be reproduced -- the data will have been lost.

Use an alias file if at all possible. An error in entering an alias-file key will simply result in the desired alias not being found, preventing ciphering and also preventing any change to the FromFile.

CRC Error In One-Filename Deciphering

If the ciphertext file has been damaged, or the wrong key used when deciphering, Penknife will report a CRC error and stop, leaving the original data in the file described on the screen. In one-filename mode, the original data will be in a temp file (usually PEN$$$$$.TMP).

The program has no way to know whether the CRC error resulted from something small like one bad ciphertext line, or something large like the use of the wrong key. Penknife is designed to be error-resilient and the result (even with a bad section) may be the best that can be achieved with the damaged ciphertext, so things are left as they are. The user should examine the deciphered data which is now stored in the original file.

If the problem was the use of the wrong key (indicated by a completely-random deciphered result), the user should copy the ciphertext from the temp file back to the original file, and decipher under the correct key. It is important to recover the data in the temp file before it is destroyed by another one-filename ciphering operation. One other possibility is discussed next:

"Deciphering" a Text File

When deciphering in "one filename" mode, if the user in error attempts to "decipher" a text file which has not been enciphered, is likely that no valid ciphertext will be found, in which case no deciphering will occur. This case is specifically detected, and the original file will not be modified, but the program will stop with a CRC error.

If this happens, the temporary file (usually PEN$$$$$.TMP) will not be erased, and the original plaintext will be in both files. If the user has placed the temp file on a RAM disk (by setting an environment variable, as described below), there is no security issue. However, if the temp file is on the hard drive, this situation has created yet another dangerous -- but in this case, useless -- plaintext file. The temp file should be scrambled by enciphering in "one filename" mode, and then deleted.

Secure Overwrite Depends on DOS

Although one-filename mode does indeed overwrite the actual disk sectors of the original file in most cases, this depends upon non-guaranteed characteristics of DOS which could depend on the particular version of "DOS" actually used. (Presumably, disk-cache programs could have an effect as well.) A user who is worried about this should format a new floppy, copy one text file to the floppy, encipher that file in one-filename mode, and then use a low-level disk utility to check the disk for sectors containing the original text. Normally there are no such sectors. If there are, it may be necessary to use a disk "wipe" utility to erase all unallocated sectors. Other alternatives include enciphering on floppy disks (which can be bulk-erased to remove all hidden plaintext), or restricting all plaintext files to RAM disk or floppy disk. In some cases it may be necessary to check hard-drive operations as well.

Put Temp Files on a RAM Disk

One-filename ciphering can operate faster (and be more secure) if the intermediate file is on "RAM disk," and this can be arranged (provided you have a RAM disk) by setting an environment variable in AUTOEXEC.BAT: 
     set pentmp=[path and filename]
In my system, I use: 
     set pentmp=h:\pen$$$$$.tmp
because drive H: is a RAM disk on my system.

The User Key

When invoked without an alias command (such as /a or /f), the program will ask you to enter a User Key, twice (so there is no mistake), after which ciphering will occur. The User Key should be long phrase (30 or more characters) which you will remember, modified to be unlike anything in print.

Penknife Key Phrases

A Penknife key-phrase could be as long as 250 characters. Each key-character can be an upper or lower case letter, a number, or any 8-bit value not used for key-entry which DOS will report to the program.

Some codes which may be a problem for DOS include: 

	^C	abort
	^N	output to printer
	^P	terminal print-echo
	^S	suspend output
	^X	cancel
Note that ^C means "control-C."

Codes used by Penknife for key-entry include: 

	^[	Esc	erase line / quit
	^H	BS	erase last character
	^J	LF	ignored
	^M	CR 	end-of-entry.
	^U		alternate erase line / quit
Leading and trailing spaces are ignored in key phrases, but internal spaces are significant.

Entering and Editing the User Key

As you enter your User Key it will not appear on the screen so it cannot be seen and stolen. Instead, a sequence of numbers will appear which are the last digit of the number of characters you have entered. While entering your User Key, you may realize that you made a mistake; if so, you can use the backspace key to erase incorrect characters, or hit the Esc key once and start over from the beginning of the line. (Ctrl-U can be used instead of Esc.) Normally, the display digits will be removed, but if your User Key is over about 55 characters, it will wrap to the next line, and display digits will not be erased on a previous line; backspace and Esc will edit the key properly, however.

If you have forgotten the User Key and need to think, just hit the Esc key twice to exit the program.

Some Key Phrase is Always Necessary

When using alias files, the actual User Keys can be random character sequences (since they need not be typed-in or remembered). In fact, the Advanced Penknife /generate option will create random user keys. Still, the alias file itself will need a remembered key, as will any Penknife batch file. Thus, there will always be a need for some keys based on long, rememberable-but-unlike-anything-in-print key phrases.

Alias Files

The ideal way to operate Penknife is to use the alias facility available in most versions. An alias file is an enciphered file which contains the keys for your various uses or contacts. For example, when I want to encipher FileName to "frank" I type: 
     penknife FileName /e /a frank
The program then asks for the alias-file key, which need be entered only once. (If the wrong key is given, the alias-tag "frank" will not be found, and the program will stop without damaging data.) So I need to remember only the one key for the alias file, instead of Frank's (and Dave's and Bill's) current secret key (whose actual keys should change routinely anyway).

Creating or Extending an Alias File

The user can create or extend an alias file using the /generate option (in the Advanced version): 
     penknife  /g
                ^
                generate
This normally creates a 40-character random new User Key (unless a specific new key is assigned by the user). The new key is collected with a user-supplied alias tag plus a key-effective date (the current date, unless otherwise specified by user) on a single text line. The resulting line is enciphered under an "alias key" from the user, and placed at the start of the closest alias file (if none is found, one is created in the current directory). The same key is also collected with the same date and a different alias tag (for use at the far end) and then enciphered into a "transport file" under a "transport key" from the user.

Dated Aliases

Alias entries include a "key-effective" date to specify when the associated key was (or will be) placed in service. The various alias lines in an alias file should be ordered by date, "future first, past last." Penknife searches for the first occurrence of an alias tag which is active as of the "current" date. The user can set a particular "current" date from the command line (using /m), thus having access to past (or even future) keys. Alias files can be constructed months -- or even years -- in advance, making key-updates painless and automatic.

The Closest Alias File

Penknife seeks an alias file by first checking for an environment variable "penmgt," which it expects to contain the path to and name of an alias file. If the environment variable is not found, Penknife searches for a file named PENKNIFE.MGT, first in the current directory, then in the parent directory, then in the root directory on the current drive, then in root on drive C. This allows the user to have different alias files for different areas of the directory tree structure. We can use the DOS "set" command to establish the environment variable: 
     set penmgt=[path and filename]
which will avoid the search, and allow any desired filename. The user might place this command in AUTOEXEC.BAT, where it will be executed automatically when DOS is started. In my system I do not use the environment variable, but instead simply place the working alias file in the root directory on drive C:, thus making it available for use from any current directory. I also have another alias file in my development directory for testing; Penknife uses the testing alias file automatically when I make my development directory "current" (using the DOS "cd" command).

The Transport File

The transport file (generally created when an alias key is generated) must be transported to the far end. There it normally will be deciphered with the transport key and then re-enciphered under that user's alias key. Then the far end user will place the new alias line at the top of their alias file, typically using the append mode of the DOS "copy" command. (See the earlier section "Simple Operation and Help.")

Alias File Format

An alias file is simply an enciphered text file of alias lines. Each alias-file line should contain an "effective" date, an alias "tag," and an associated secret key; each field separated by one or more spaces: 
2000-12-15 harry          W+dhRbOnz5Ao4Iw07sSjcr5X/dLHm2u24elvx5h
1994-03-24 bob            c7YIvxs8+pfTpk5X3Wqo8Rfs9GvTe1zMPZUmTkE
1993-12-15 fred           EfLoU84fsrN5EwivDK6/6Fpl5qyKGmWEuoHM7Ll
Dates are in a form which supports easy sorting: yyyy-mm-dd. Alias tags are single "words" with no internal spaces, do not start with "/",and are not case-sensitive. The secret key starts with the first non-space character after the tag, and includes all characters through the end of the line (except trailing space characters, which are deleted) just like a key typed in on the keyboard. The secret key is case-sensitive and may include internal spaces and any character-codes other than CR or LF. (However, /g produces only the transportable ciphertext characters so that any subsequent editing operations will not have to deal with ASCII control codes or non-ASCII codes). An alias file line cannot exceed about 250 characters in length including, date, tag, secret key and spacing.

Editing Alias Files

Because an alias file is simply an enciphered text file, it may also be edited, either to change alias tags, add new entries which have a language phrase key, or to delete very old keys. However, because an alias file contains perhaps the most sensitive information of any file, effort should be made to minimize overall exposure. For example, a new user-created alias line could be enciphered alone, and then added at the top of the existing alias file as ciphertext (either using a text editor, or the DOS "copy" command's append mode). Two blank or other clearly non-ciphertext lines should separate the new ciphertext from the old ciphertext. Thus, the information in the existing alias file need not be exposed at all.

Date Order Required

Alias files scanned for the first tag-match which is valid as of the "current" date. Thus, alias files should have entries in date order, "future first, past last." All alias lines should have "yyyy-mm-dd" dates so that alias files can be sorted automatically using the DOS "sort" command on the deciphered alias file. (For security reasons, this sort of processing should be done on a RAM disk and the alias-file plaintext should never be displayed on a CRT.)

Penknife Batch Mode

Batch Mechanism

For installations which wish to automate operations, Penknife includes a batch mode. A Penknife batch file is an enciphered file of Penknife command lines. The batch mechanism simply obtains the next text line from such a file, and feeds that line to the normal Penknife system. As much as possible, Penknife processing will look and work exactly the same when processing a true command line, or a command line from a Penknife batch file.

The Differences

There are a couple of differences in batch mode: First, /batch is not recognized in batch files -- it is only used to start batch operations. Next, the /key option is ONLY valid in a batch file. A leading colon (:) on a Penknife batch line indicates a comment. Neither blank lines nor comments are executed, nor are they counted as commands.

Explicit Keys

The /key option (which is only valid at the end of a Penknife batch line) allows batch commands to use alias files (which are enciphered) without separate key entry. Of course, the key for the batch file which starts everything off will have to be entered manually, but only that key, and only once.

Errors Stop the Show

When an error occurs during batch processing, the line-in-error is displayed (with any /key option overwritten) and processing halts, to limit any possible damage to other files. Penknife returns an error-count through the DOS "process return code" which supports special-case processing in DOS batch files.

Other Penknife Features

Append Mode

Penknife has processes which detect first and last ciphertext lines in ordinary text, so it is reasonable to have multiple ciphertext blocks (each enciphered under the same key) in one file. One way to build such a file is to use the Penknife "append" mode: A wildcard FromFile expression, with a non-wildcard single file as the ToFile. This can encipher multiple files and collect the ciphertext in a single file; each block will be a stand-alone ciphertext segment, with its own CRC. (All ciphertext blocks in such a file will be deciphered into the same plaintext file.)

Similar results can be obtained with an explicit list of files separated by "the append operator" or "+" in FromFile only (no spaces are allowed around the +): 

     penknife bob1.txt+john.txt *.pen /e
Alternately, the user might use a text editor to manually collect various ciphertext files in a single document, being sure to separate ciphertext blocks with two non-ciphertext lines (either blank lines or text lines with non-ciphertext characters, such as space, punctuation or other symbols). Yet another way would be to use the append mode of the DOS "copy" command to collect separately enciphered files.

When deciphering, CRC results are announced for each block with "." for OK, and "*" for BAD, but processing will continue until the file has been completely processed.

Internet Size Limits

Some parts of the Internet will not handle large messages, so it is wise to break large files down into small and transportable messages. The /L (limit) option will do this automatically: 
     penknife big.fil *.001 /e /l
will produce a sequence of ciphertext files: BIG.001, BIG.002, BIG.003, etc. These should be sent as separate messages, with the part number clearly described in the Subject heading.

The process used to step the output file names also supports alphabetic characters. For example: 

     penknife big.fil *.9y /e /l
could produce: BIG.9Y, BIG.9Z, BIH.0A; alphabetic characters can be used instead of -- or with -- numeric sequence indicators.

The receiving end can accumulate all the small ciphertext files (in the right order) into one big file using the explicit append mode built into both versions of Penknife: 

     penknife big.001+big.002+big.003 big.fil /d
Alternately, the files can be accumulated as ciphertext, using a text editor, or the append mode of the DOS copy command: 
     copy big.001+big.002+big.003 big.enc
There is usually no need to chop off headers or signatures since they are skipped automatically in decipher, and a couple of lines need to separate the different ciphertext blocks anyway. The resulting large enciphered file is simply deciphered.

Yet another alternative is to decipher each of the messages separately, and then accumulate the resulting plaintext. If the plaintext is language text, accumulation is easily done in a text editor or with the append mode of the DOS copy command. If the plaintext is program data, it is important to collect the results using some operation which is insensitive to particular binary values; the binary mode of the DOS copy command should work: 

     copy /b big.tx1+big.tx2+big.tx3 big.txt

Wildcard File Specification

Most versions of Penknife support "wildcard" file specifications, such as: 
     penknife *.txt /e
This command scans the current directory for all files which have a file type field of ".TXT" and enciphers each under the same key in one-filename mode.

Directory-Tree Scanning

Most versions of Penknife also support "directory-tree" operations which scan the current directory -- and all lower sub-directories -- for a match, as in: 
     penknife *.txt /e /t
This command scans the current directory -- and all subdirectories of the current directory -- for files which have a file type of ".TXT" and enciphers each match under the same key in one-filename mode.

Note that TREE MODE CAN BE DANGEROUS! "Tree mode" can encipher a lot of files, and could cause a lot of trouble if you make a mistake with the key, or encipher instead of deciphering. Normally, it is important to first use "no-operation" mode, like this: 

     penknife *.txt /t /n
which will do the same scan, and display all file matches, but change nothing.

Wildcard operations also support append mode, in which there is a wildcard FromFile specification, but a ToFile without a wildcard. This accumulates the result of ciphering operations in a single file, and can be helpful in maintaining enciphered archives.

Append Operator (+)

Results somewhat similar to wildcard scanning can be obtained by using "the append operator" or "+". This is used to separate a list of files in a FromFile specification; no spaces are allowed, and ToFile must exist and not have a wildcard: 
     penknife bob1.txt+john.txt res.pen /e

Sequence Operator (,)

Penknife also has a "sequence operator" or "," to separate a list of files in a FromFile specification. No spaces are allowed, and if ToFile exists, it must have a wildcard. This operator allows filenames which are textually unrelated to be operated on in fast sequence with a single key-entry. 
     penknife bob1.txt,john.txt *.pen /e

Z-Mode

Some text editors place a control-Z character at the end of a DOS text file; the DOS "type" utility and some text editors will interpret this as the end of the file. When such files are collected into a single ciphertext file, and then deciphered, the control-Z at the end of the text in the first block could hide subsequent blocks and text. Consequently, the /z option was introduced to delete the last character of a deciphered block, if (and only if) that character is a control-Z, thus allowing subsequent text to remain visible.

Cipher Technical Overview

Stream Cipher

Penknife converts a User Key phrase of arbitrary length into the internal state of a unique 63-bit random number generator (RNG) used to produce a pseudo-random sequence. This (linear) sequence is made nonlinear by deleting random amounts of data from the sequence at random times. The resulting nonlinear sequence is combined with data in a patented nonlinear-but-reversible dynamic combiner, and then in a static linear combiner, to produce binary ciphertext. That ciphertext is then translated into the ASCII character set.

Error-Resilience

In many serious ciphers, a transmission error in the ciphertext will hide all subsequent data. But in Penknife, input plaintext data are processed in blocks of 53 binary bytes, which are enciphered and expanded into 76-character alpha-numeric lines. Each Penknife line is fully independent, and an error in one line affects only that line.

Line Keys

Each Penknife line carries a 32-bit "line key"; each line key is combined with the original User Key state to produce a modified state for a particular line. Typically, about 64k lines would be required under one User Key before we are likely to find any two lines enciphered under the same key.

Multiple Combiners

The plaintext data are combined with a non-linear pseudo-random sequence. The first-level combiner is selected from 16 possibilities on a line-by-line basis, thus complicating attempts to discover the initial combiner state. The second-level combiner further complicates attacks on combiner state because it hides the result of the first combiner.

Nonlinear Combining

Because the Penknife design uses a unique nonlinear data combiner, the usual "known plaintext" attack (which is devastating on the normal stream cipher) cannot work. More complex attacks seem to require a huge amount of ciphertext enciphered under one User Key with the same line key. A user concerned about security will change User Keys periodically anyway, because the User Key could have been exposed in other ways.

A detailed design document and security analysis is also available.

One-Filename Detailed Operation

Ciphering Through a Temp File

Penknife supports one-filename ciphering, in which the result overwrites the original file. This is done by first enciphering or copying to a "temp" or intermediate file normally named PEN$$$$$.TMP (or .TMQ). Temp Ciphering is Strange For best security, any ciphering file should only contain ciphertext. Consequently, enciphering occurs from the original file to the intermediate, which is then copied back over the original. In contrast, deciphering must first copy the ciphertext to the intermediate file, and then decipher from the intermediate over the original. This operational difference can cause some confusion, but is necessary to maintain security.

Ciphertext Can Be Safely Deleted

Barring user error, the temp file is always ciphertext, and is simply deleted after use. The temp file is almost the only file which Penknife writes other than the indicated output file. (The Advanced Penknife /generate option will write a new transport file, and will add a few lines to an alias file.) Penknife does not manipulate the file-access table (FAT) or any other low-level part of the disk system or DOS.

File Overwrites

Note that overwriting a file is not the same as first "deleting" a file and then creating a new file. The difference is in the storage allocation: A deleted file releases its allocated store (which still contains the original data), and a new file probably would not be assigned that same store. This means that some or all of the original data would remain on the disk, unhidden. On the other hand, when a file is overwritten, there is no need for the operating system to release the current store or re-allocate new store; it need only overwrite the existing store, and this appears to be what DOS does. Of course, DOS does not guarantee to do this, but it does not claim to not do this, either. The wary user might choose to use low-level disk programs to investigate what actually happens on his or her local system, or alternately use a RAM disk or a floppy (which could and should be bulk-erased) to store any and all plaintext files.

Scrambling For Secure Deletes

In most cases, one-filename mode will overwrite the actual storage sectors used for the original file. When enciphered, a file expands, so all the previous sectors will be used, and more. Thus, one way to support a secure "delete" function is to first encipher a file in one-filename mode -- thus "scrambling" the data -- and then do a normal DOS "delete."

Sample Commands

On the DOS command line, each command is preceded by the name of the program; in Penknife batch files, the command stands alone.

One-Filename Simple Ciphering

     test.tmp /e
     test.tmp /d
Encipher the plaintext from file TEST.TMP and place the ciphertext back in TEST.TMP, or Decipher the ciphertext in TEST.TMP and place the plaintext back in TEST.TMP. Encipher overwrites the original plaintext with the resulting ciphertext, but risks losing the file data if a mistaken key is entered, twice, in the same wrong way.

Two-Filename Simple Ciphering

     test.tmp test.pen /encipher
     test.pen test.res /decipher
Encipher the plaintext from file TEST.TMP and place the ciphertext in TEST.PEN, or decipher TEST.PEN and place the plaintext in TEST.RES. Two-filename ciphering does not overwrite the original file, and thus does not hide plaintext when enciphering, but also does not destroy a potentially-useful file.

One-Filename Alias Ciphering

     test.tmp /e /a fred
     test.tmp /d /a fred
The closest alias file (typically PENKNIFE.MGT) is deciphered in memory, and each plaintext text line is searched for alias-tag "fred". When found, the last part of that line becomes the User Key for data ciphering. Encipher overwrites dangerous plaintext, the alias file avoids the consequences of entering a mistaken key, and the alias key need be entered only once.

Two-Filename Alias Ciphering

     test.tmp test.pen /encipher /alias fred
     test.pen test.res /decipher /alias fred
Using an alias implies a single key entry. Generally avoids the effects of mistakes. My favorit mode.

One-Filename Alias Wildcard Ciphering

     *.tmp /e /a fred
     *.tmp /d /a fred
The DOS wildcard "*.tmp" matches (and ciphers) any file of any name which has a type field of ".TMP" in the current directory.

One-Filename Alias Wildcard Ciphering And Directory-Tree Scanning

     *.tmp /encipher /alias fred /tree
     *.tmp /decipher /alias fred /tree
Here "*.tmp" matches (and then ciphers) any file of any name which has a type field of ".TMP" in the current directory and all subdirectories of the current directory. USE WITH CAUTION, since distant, forgotten files may match the scanning pattern and be mistakenly enciphered. (See below.)

No Ciphering, Just A File-Match Display.

     *.tmp /n /t
Show the effect of a directory scan (or just a wildcard scan) before committing to ciphering.

Two-Filename Alias Wildcard Ciphering And Directory-Tree Subdirectory Scanning

     *.tmp *.pen /e /a fred /t
     *.pen *.res /d /a fred /t
The FromFile wildcard is used to scan the directories for matching files; the ToFile wildcard represents the characters found in any match. Note that the result files are created in the ToFile directory (here the current directory), and not in the FromFile directory (which will change, as the subdirectories are scanned).

Two-Filename Alias Wildcard Ciphering with Specific ToFile: "Append Mode"

     *.tmp archive.pen /e /a fred
     *.pen result.txt /d /a fred
When enciphering, each plaintext FromFile will produce a separate ciphertext block, and all the blocks will be accumulated in the single file ARCHIVE.PEN. All cipher blocks in that file can then be deciphered into a single accumulated plaintext file in one operation. When deciphering, each ciphertext FromFile will produce plaintext which is accumulated in the single file RESULT.TXT.

One-Filename File-Alias Ciphering

     fred1.txt /e /f
     fred1.txt /d /f
Develops alias tag "fred" from the first contiguous alphabetic characters of the file name and the current date (when enciphering) or the file date (when deciphering). In this way a filename can be the alias tag, and the file date can be the enciphering date, so the deciphering user need not remember the alias or think about key changes which may have occurred since the original ciphering.

One-Filename File-Alias Wildcard Ciphering

     fred*.* /encipher /filealias
     fred*.* /decipher /filealias
Develops alias tag from the first contiguous alphabetic characters of each matching filename. The example uses alias tag "fred" with the current date (when enciphering) or the file date (when deciphering). Potentially uses a different key for every file ciphered. Assuming the desired alias is "fred", each match-file name (files which match FRED????.???) must not have a letter after the "D".

One-Filename File-Alias Wildcard Ciphering w/ Forced Alias

     fred*.* /e /f /a fred
     fred*.* /d /f /a fred
The alias is forced to be "fred" independent of the file names. Uses the current date (when enciphering) or the match-file date (when deciphering).

One-Filename File-Alias Wildcard Ciphering w/ Forced Date

     fred*.* /e /f /m 93-11-25
     fred*.* /d /f /m 11/25/93
Uses the filename from any file match to form the alias search tag. The alias-search date is forced to be 11/25/93 independent of the current date or file date. Note that there are two valid date formats, signalled by the first separator (- or /). In either case, the year can be full (1993 or 2001) or abbreviated (93 or 1).

One-Filename File-Alias Wildcard Ciphering w/ Forced Current Date

     fred*.* /encipher /filedate /msgdate 0
     fred*.* /decipher /filedate /msgdate 0
The alias date is forced to be the current DOS date, independent of the file dates. Uses the match-file name to form the alias tag.

Internet Size Limit Ciphering

     bigfile.txt smallfil.001 /encipher /limit

     smallfil.001+smallfil.002+smallfil.003 bigfile.res /decipher
Enciphers BIGFILE.TXT to a sequence of smaller files. Deciphers the small files and appends the results into the single plaintext file BIGFILE.RES.

Penknife and Business

Ciphers and Keys

The Key-Distribution Problem

Penknife is a secret-key cipher, and this is no problem at all when protecting local files, or creating off-site archives. But a secret-key cipher can be a problem for communications: Users at each end must somehow acquire the same secret key with absolute security. This is "the key-distribution problem" that many people think public-key technology has solved. But -- much to their surprise -- public-key ciphers need an ADDITIONAL cryptographic protocol which secret-key ciphers do not. Public-key ciphers must "authenticate" ("certify" or "validate") each public key a user acquires. Failure to validate public keys can result in exposure of the ciphered information WITHOUT any need to break the cipher proper. This is a complication and weakness which secret-key ciphers just do not have.

Straightforward Secrecy

Granted, Penknife e-mail users must somehow transfer secret keys, and then keep those keys secret, but this is an obvious, straightforward requirement, just like house keys and car keys. Penknife keys can be delivered when users meet, or transported by mail or express delivery services or with traveling friends or employees. Once keys are set up, there is no ambiguity about the Penknife cipher being exposed due to protocol error. Because Penknife uses no complex protocols, any "Opponent" must technically attack and break the cipher itself (or steal the key) to read the protected data. Normally, a technical attack on ciphertext is extremely complex, lengthy, and expensive, and so is perhaps the least likely way for someone to gain access to hidden information.

Key Management

Penknife uses alias files: enciphered files which hold secret keys. The user only need remember the one secret key phrase for the alias file itself, and then the keys in that file can be selected with a non-secret "nickname" or alias tag. Keys which exist only in enciphered files are very difficult to steal. As in any cipher system, it is important to use a long, strange key for the alias file key phrase (pass phrase), and to protect that key and change it when it may have been compromised.

Keys for Transport

Advanced Penknife can generate a random key for any alias. One copy is placed in the current alias file, and another in a separate file -- enciphered under a different key -- for transport. The transport key can be sent by a different channel to improve transport security. The resulting transported key can be added to a user's alias file without editing or on-screen exposure. Corporate users need only register their alias-file keys with the corporate key-generation facility to be provided with alias files they can use.

Business Cipher Management

Fear of Loss

One big issue for business cryptography is the possibility that employees could damage or hide data, or that they may forget keys or hold them ransom. It is important, though, to separate the aspects which cryptography really affects. Employees can damage or hide data without cryptography. Presumably business managers could feel that they take less risk by empowering their own people than they would by leaving their communications open to everyone.

Compartmental Access

Each member of a group working on a particular project can be given the same "project key." As people leave the project, members can simply add a new project key to their alias files, and continue with business as usual, using exactly the same alias they previously used. This helps to minimize the impact of security management on innovative people.

Business Keys for Business Data

Many businesses may want to institute a policy that employees may use only business keys on business data. With Penknife, businesses can establish alias files for various departments (or users), and by using dated aliases, provide automatic, company-wide, virtually-painless key-updates. Such alias files are easily extended and distributed without havoc.

Key Audits

To ensure compliance with a policy of using only corporate keys for corporate files, key audits of corporate files are possible, simply by trying the approved keys on enciphered files. The validity of the key is indicated by the resulting CRC. Finding enciphered files which fail such an audit would be a warning sign to any reasonable business.

Corporate Archives

To the extent that employees can create and modify files, they can damage files in all sorts of ways that do not require cryptography. (Indeed, the major problem may be accidental damage.) If this is an issue, a corporate archive may be needed to maintain fair copies of important files, and the need for this may well be completely independent of the use of cryptography. But Penknife especially supports corporate cryptographic archives through its ability to retain and access old, outdated keys.

Penknife Batch Files

Enciphered Penknife batch files can include explicit keys. Thus, Penknife batch files could be used to limit and simplify user options, or provide special circumstance features for particular projects or users.

Secure Message Archives

If everyone used the same key, and that key never changed, there would be no problem archiving ciphertext. But in a secure environment there will be many different keys, and those keys will change periodically (or when employees leave), making access to the archives a serious problem.

One possible approach is to immediately decipher every received message to plaintext, and simply append that onto an existing plaintext file. While fairly efficient, this would be less secure than we would like.

Another approach would be to decipher a received message, then decipher the archive file, add the received message to the end of the deciphered archive file, and re-encipher that file under the archive key. This could be secure, but very inefficient.

Multi-Block Ciphertext Files

Penknife directly supports files containing multiple enciphered blocks. This allows ciphertext from a single user (under a single key) to be accumulated in an archive simply by appending each new ciphertext message to the end of the existing archive file. When multi-block Penknife files are deciphered, they can "pass through" each message header and signature to remain with the deciphered message body. This approach is efficient and secure, and the appending could be made automatic. Although it probably implies a new archive file for each user and key, this might be a good way to organize the archives anyway.

File-Alias Mode

Penknife also supports a /filealias mode which develops an alias tag and date from the name and date of each selected file. Thus, another alternative is to institute a policy of naming incoming ciphertext files with the appropriate alias, plus a sequence number. Those files could then be accessed automatically because the alias and date could be developed from the file name and date, even for many different aliases and many different keys over long periods of time. This is efficient and secure, and the appropriate message naming could be made automatic.

Penknife the Product

Limits of Ciphering

No cipher, by itself, can possibly be considered a complete solution to data security. The simple use of any cipher program may not seal all information leaks.

Ciphers can only hide information which is otherwise secret

If someone can read, bribe, coerce, break-in and copy, bug, remotely monitor, or in some other way get the information, no cipher can help. And when a direct technical attack on a cipher is more expensive than an alternate way to get the information, the cipher is probably tough enough. Penknife is intended to be "tough enough," but is not intended for life-critical security. We could provide such a cipher, if desired, but to make it worthwhile the user would need extensive physical security and a special low-emission computer.

Speed vs. Strength

Any software cipher must inherently trade off speed for strength. Penknife is a relatively fast e-mail cipher with strength far beyond the usual "toy" cipher, because it uses better technology. In the normal user environment (that is, without guards, internal secure areas, and a security staff to handle external coercion), it should be cheaper to obtain almost any information in some way other than a direct technical attack on Penknife ciphertext.

Use Long Key Phrases

The user who is concerned about strength will have User Key phrases at least 30 characters long, modified with unusual spacing, capitalization, and numbers and symbols to be very unlike anything ever before placed in print. The /generate option will create random keys which can be transferred on floppy disk and then used in an alias file; they need not be remembered. Of course, the key to the alias file itself must still be remembered. No matter what cipher is used, all cryptographic security ultimately relies on the hope that one or more secret keys is still a secret.

Never Write Down a Key

Penknife alias files can reduce the number of keys to be remembered to one. Nevertheless, at least one User Key (the password to the alias file) must be remembered, for if it is written down, the surface it is written on must be kept secure. It is far easier to have one memorable key phrase for the alias file than to keep some surface secure.

Transporting Secret Keys

Transporting keys is not required unless the enciphered files are to be sent by electronic communication. In that case, the best way to deliver a new key is to hand a person a disk. Many businesses support frequent travel between corporate offices, and new secret keys could easily be hand-carried on such trips. Ordinary mail is another possibility, as are express mail or delivery services. Ideally, key-change mail would be dropped in a public mailbox and sent to a pre-arranged neighbor of the intended recipient, thus hopefully avoiding any mail interception. Anything which constitutes a "separate channel" will frustrate any Opponent who does not maintain massive continuous monitoring of that particular channel. And any Opponent with that level of resources has many other alternatives.

Add Received Keys Securely

Note that it is possible to add the new key to an alias file without ever showing the key on the display; see "Installing a Transported Key-Alias." Moreover, Penknife supports adding keys to an alias file without deciphering either the transport file or the alias file (and thus exposing the keys inside). This is done by converting the transported entry to the alias key, and appending the new entry to the start of the alias file.

Caution

Penknife is a serious cipher: It is specifically designed to convert data into a form which is useless without knowledge of the secret key used in encryption. It uses a large internal key, and there is no "backdoor." If you forget your secret key, you will lose the ability to expose the data enciphered with that key. If you allow this to happen, nobody will be able to recover the data for you.

Archiving arbitrary enciphered files risks data loss as keys fade from use and memory. If you are concerned about potential key loss, name the files for use with the Penknife /filealias option and maintain some alias files with all the old keys. Alternately, keep backups under a common key, or in plaintext form in a secure location. Companies should be aware of the need to keep valid keys to any work files employees may generate. It may be reasonable to demand that corporate files only use corporate keys, and audit files periodically to assure that this is being done. Again, without the correct secret key, nobody can recover data from the ciphertext.

Licensing

The Penknife program is protected both by copyright and patent law.

Evaluation

Penknife is available in a Commercial Demo version for evaluation. Individuals may evaluate the demo until they choose to license Penknife. Commercial entities are normally limited to a 30 day free evaluation, and should evaluate the Advanced version anyway.

Commercial Program

Penknife is a commercial cipher. Everyone who uses Penknife must be either "evaluating" or "licensed." However, the program does not attempt to enforce licensing, but instead simply states that a licensing fee is required. Licensed users should be aware that the announcement is displayed so that, if and when the program is used by others, or even just observed in operation, the licensing requirement is made plain.

Licensed Per User

Individual licensing is $129 per user. (A "user" is any originator and/or recipient of text or data enciphered by the Penknife cipher. It is not acceptable to buy one Penknife license and process messages for an entire group.) Quantity rates are available, and various sorts of group or site licenses can be negotiated.

Commercial Demo May be Distributed Freely

Penknife users can communicate with anyone they wish, simply by sending out the demo. They should be sure to include documentation so the new evaluator will know how to use the program.

Not for Export

Penknife is a serious commercial cipher, and is unlikely to be approved for export. Currently, anyone who "exports" such a cipher may be in violation of federal law. To avoid placing bulletin-board operators in an awkward position, users are asked to not place any version of Penknife on any open BBS. The Penknife commercial demo can be given to friends and others in the U.S., but they should understand that if they "export" the program they may violate U.S. law.

International Travel

In the past, international travelers have wondered whether they should remove commercially-available cipher programs from their portable computers when they travel. According to a recent State Department release, that is no longer necessary: 
Statement of	Dr. Martha Harris

Deputy Assistant Secretary of State for Political-Military
Affairs

February 4, 1994

Encryption -- Export Control Reform

[...]

* Personal use exemption: We will no longer require that U.S.
citizens obtain an export license prior to taking encryption
products out of the U.S. temporarily for their own personal use.
 In the past, this requirement caused delays and inconvenience
for business travelers.

[...]

The contact point for further information on these reforms is
Rose Biancaniello, Office of Defense Trade Controls, Bureau of
Political-Military Affairs, Department of State, (703) 875-6644.

Disclaimer

RSE takes pride in cryptographic innovation and the design and implementation of this program. We will repair any problems in the program which we find to be our error for the first year after licensing.

It is up to each licensee or user to check this product in their own particular environment and not rely upon the product until fully satisfied that it is suitable for use.

License for use of this program is conditional upon agreement that neither RSE nor the author are liable for consequential damage, and that our ultimate liability will in no case exceed the license fees actually paid by the licensee involved.

Author, Company, Publications

Author's Background

The author is a registered Professional Engineer, in another life one of the architects of the MC6809 processor, and has been researching, publishing, inventing and applying cryptography full-time for over half a decade. He has been writing computer programs for almost thirty years and working in the 80x86 DOS assembly-language environment for the past decade.

Ritter Software Engineering

One of the reasons for producing Penknife is to demonstrate and advertise our role as a provider of new, innovative cryptographic technology. Ritter Software Engineering -- a government-registered manufacturer of cryptographic armaments -- has developed a number of innovative ciphers and cipher-engines which cover a range of speed, strength, and special-use situations. The cipher engines are designed for "drop-in" inclusion in user software like editors and spreadsheets. The especially high-speed designs would be appropriate for system software such as disk-controllers and LAN servers.

References

[1] Ritter, T. 1990. Substitution Cipher with Pseudo-Random Shuffling: The Dynamic Substitution Combiner. Cryptologia. 14(4): 289-303.

[2] Ritter, T. 1990. Dynamic Substitution Combiner and Extractor. U.S. Patent 4,979,832.

[3] Ritter, T. 1991. The Efficient Generation of Cryptographic Confusion Sequences. Cryptologia. 15(2): 81-139. 213 refs.

Terry Ritter, his current address, and his top page.

Last updated: 1995-12-14