|
Introduction. One day I realised
that I need to hide some of my data from strangers.
That doesn't mean I have an access to X-Files, but everybody
has something "for his eyes only". That's
getting more important in case have your own business.
Nobody yet has disabled the market competition. I've
searched the Hobbes archive and other Internet sites
for an application that would allow me to encrypt my
data. Most of found links are dead, some developers
had moved to Windows or Linux. Nevertheless I've found
some useful products. Unfortunately they use old encryption
algorithms such as DES. I thought that there must be
an application with stronger encryption, and I was right,
because there was the Cipher plugin for NetDrive for
OS/2.
What is the Cipher plugin? Cipher plugin is a dynamic loadable
library that used by NetDrive for OS/2 for transparent data encryption/decryption.
Like all NetDrive plugins the Cipher is a part of the IFS (installable
file system) called NDFS (NetDrive File System). It works imperceptibly
and quietly, but provides strong encryption and as a result good privacy
for your data.
What can and can't the Cipher plugin do? Cipher plugin allows
you to create protected disks and folders within NetDrive File System
and to use the data stored on those disks and folders as if it was ordinary
data on an ordinary OS/2 storage device. Cipher protects selected part
of files on your disk or diskette, in addition Cipher hides the file
date/time and size. Cipher can't encrypt neither your e-mail messages
sending via cables nor any traffic in wires. For those purposes you
can use other products, for example PGP for e-mail, IBM firewall for
private networks.
Cipher plugin can use different cryptography methods (algorithms).
At the moment the following methods are ready to use:
- Blowfish, key length 1-56 bytes;
- Cast 256, 1-32 bytes;
- GOST (the encryption standard in Russia), 32 bytes;
- Loki97, 1-32 bytes;
- Mars, 4-56 bytes;
- RC6, 1-255 bytes;
- Rijndael, 1-32 bytes;
- Safer Plus, 1-32 bytes;
- Serpent, 4, 8, 12 ... 32 bytes;
- Tripple Des, 24 bytes;
- Twofish, with 16, 24, 32 bytes keys long.
How to install? Plugin installations is very easy with the NetDrive
2.0 version. Cipher plugin distributed in archive ndpcphr.zip.
You have to unzip it into an empty directory. Then run instlpl.cmd
from the directory. You do not have to reboot the system.
How to work with Cipher plugin? Create a directory somewhere
on your hard disk or diskette (of course it can be a root directory).
Inside this directory you will store crypted data. Decide which crypt-algorithm
is preferable for your aims and what will be the key length. We don't
provide any information about that, because data protection is rather
complicated field and it is better to find good expert. You can read
about algorithms those used in the plugin at the sources listed in Bibliography.
As every NetDrive resource, Cipher has to be mounted before accessing.
Note. There is a sample sequence of commands for mounting Cipher
resource :
nd attach u:
nd createmp u:\Secret
nd mount chipher u:\Secret ;name=blowfish.dll;root=D:\Secret;round=1;key=C:\NDFS\key
w
At first you create a new NetDrive drive letter.
Second line creates a mount point for mounting Cipher resource.
Third line mounts Cipher resource into the created mount point.
There are four parameters for the Cipher plugin :
name - name of the dynamic link library that implements encryption
method you selected, all those libraries are in ndplugs\cipher
sub-directory. If you use different cipher or cipher library is placed
in another directory, you should enter full path to this library. There
is no default value for this parameter.
root - the name of the directory we've created to save protected
data to. There is no default value for this parameter.
round - number between 1 and 10, the number of encoding iterations
(default - 1). Note. More iterations provides stronger encryption
but less speed.
key - full name for the file where your key (key is a sequence
of hexadecimal digits) is saved. There is no default value for this
parameter.
Note. Cipher plugin needs your key only during mounting, after
that you can (have to ?) remove the diskette with a key and put it in
safe place. ATTENTION. YOU HAVE TO KEEP YOUR KEYS IN THE SAFE PLACE
!!! Don't spread keys around your disks, write them into diskette, make
a copy and keep both copies separated somewhere physically protected.
You can also use NetDrive Control Panel to mount Cipher resource. Look
at the screen shot below :
Attach new drive and create mount point by pressing a few buttons.
Then select the created mount point and press 'Mount' button. Choose
'cipher' type form the list and to fill in the form with values described
earlier. In the Control Panel you can save all your adjustments and
then restore whenever you need.
After mounting, Cipher resource is ready to use. All files copied or
created in the mount point will be encrypted and saved in cipher. Plugin
doesn't keep your key in memory, so that fact decreases the probability
of its unfolding. To close the access to your encrypted data you should
unmount Cipher:
nd unmount u:\Secret 0
This action is also performed on the Control Panel by selecting the
Cipher resource and pressing "Unmount" button.
You can also use more secure and convenient way for unmounting resource
- install one of the hot-key popup managers (for example Win95key, Keyboard
Plus, Keymaster Pro, Mkey etc.) and assign unmount action (nd.exe
unmount ...) to one of the hot-keys. I installed "Keyboard
Plus" taken from Hobbes archive. And now Ctrl-Alt-F12 closes access
to my private data.
Key generation. There is another important thing you should
know - key generation. Special Rexx command file for key generation
cipherkey.cmd is included in the plugin distribution package
and is placed into the NetDrive directory (usually C:\NDFS). Cipherkey.cmd
is designed as a command line utility in an expectation of a very seldom
usage. Key generator has three parameters:
cipherkey.cmd <cipher name> <key length> <key file name>
Known ciphers are:
blowfish - valid key lengths are 1 - 56 bytes
cast256 - valid key lengths are 1 - 32 bytes
gost - valid key length is 32 bytes
loki97 - valid key lengths are 1 - 32 bytes
gost - valid key length is 32 bytes
mars - valid key length are 4 - 56 bytes
rc6 - valid key length are 1 - 255 bytes
rijndael - valid key length are 1 - 32 bytes
serpent - valid key length are 4 - 32 bytes by 4 bytes
tripdes - valid key length is 24 bytes
twofish - valid key length is 16, 24, 32 bytes
Where:
cipher name - one of the listed above cipher methods;
key length - in bytes, a number from the listed above valid
key boundaries for selected method;
key file name - file name to save generated key to.
For example you can create a key with the following command line :
C:\NDFS>cipherkey.cmd rijndael 16 A:\mykey
In case you use cipher not included into the plugin package you can
use for key generation the utility cryptkey.exe which you'll find in
the plugin distribution. It has only one parameters, a number - length
for generated key in bits (not bytes !). For example I need a key with
a length 128 bit (16 bytes long) for my algorithm:
C:\NDFS>cryptkey.exe 128 >A:\mykey
Note. Keys are random numbers. It's impossible to restore key
if you've lost it. Key generator never produces two equal keys.
Long names support. Cipher plugin supports long names for both
files and directories and has one side effect - if you mount FAT disk
or diskette as a secure resource you will be able to save files and
directories with long names there despite they aren't supported by such
file systems.
Emergency cases. There is one extra useful utility in the plugin
package - ciphrest.exe. It is designed for emergency restoring crypted
data - for example broken hard drive or you haven't NetDrive installed
on the computer you want to read that crypted data. This is the command
line utility too. It has five mandatory arguments :
ciphrest.exe <cipher> <key> <round> <source
path> <dest. path>
Where:
cipher - is the name or full path to cipher library (will be
searched in .\ndplugs\ciphers and LIBPATH)
key - full path to the key file which data was crypted with;
round - the number of crypting rounds (1 - 10), of course should be
the same value data was crypted with;
source path - full path to the directory where the crypted data
is located (see parameter root for mounting);
dest. path - full path to the directory where the data will
be decoded to.
For example I haven't NetDrive installed, but need to read files from
crypted ZIP-diskette, that could be done with the next command line:
C:\NDFS>ciphrest.exe rijndael A:\mykey 1 F:\Secret C:\WorkDir
Usage Example. I want to illustrate the Cipher plugin usage.
Imagine a firm with several computers. Firm's staff have to keep an
electronic archive and from time to time have to exchange data on removable
media (for example ZIP-diskette). They've got NetDrive and Cipher plugin
installed. All removable media on those computers mounted through Cipher
plugin. In such conditions if any diskette would be stolen, burglar
never read even a word from your data.
Notes. Author does not warrant that Cipher plugin will meet
all your requirements, that operation of Cipher plugin will be uninterrupted
or error-free, or that all Cipher plugin errors will be corrected. The
author is not responsible for problems caused by changes in the operating
characteristics of computer hardware or computer operating systems that
are made after the release of Cipher plugin nor for problems in the
interaction of this plugin with other software. The author has no responsibility
to replace or refund the fee of and media or license damaged by accident,
abuse or misapplication.
If you have bug report or suggestions, you are welcome.
Bibliography, used algorithm's references:
http://cnscenter.future.co.kr/crypto/algorithm/block.html
http://csrc.nist.gov/encryption/aes/round1/round1.htm#algorithms
Cipher plugin (C) 2001 Nickk
<nickk9@nettaxi.com>
NetDrive (C)
2000-2001 Blueprint Software Works.
Documentation copyright (C) 2001 Andrei
A. Porodko <porro@cbs-edu.chel.su>
|
