nelson@bolyard.wpd.sgi.com (Nelson Bolyard) (12/19/90)
On Wed Nov 28 13:45:24 PST 1990, in an article entitled: >Subject: Looking for encryption program for MAC I wrote: >I'm looking for a program to run on a MAC that will encrypt and/or >decrypt files. The intent is to encrypt files before transmission through >not-very-secure e-mail facilities, then decrypt upon receipt. > >The encrypted files must be able to be decrypted on IBM PCs as well as >on MACs. That means that the encryption algorithm used by the MAC program >must be well known and documented. I am prepared to write the necesary >program for the IBM PC, but I have no facilities for programming on a MAC. > >Ideally, it would use DES CBC encryption (CBC means Cipher Block Chaining). >A program that does what the **IX (Sun) DES program does would be fine. > >If you have, or know of, a program that meets my needs, please send me >e-mail about it. I don't read this newsgroup regularly. However, >in fairness to you who DO read this group regularly, I promise to be a good >net.citizen and post a summary of any positive relpies to this news group. The replies I got were these: >From: "Bob Fowles 814-865-4774" <RBF@PSUVM.PSU.EDU> SUM II by Symantec will encrypt/decrypt Mac files and folders. ----------------------------------------------------------------------------- >From: Chris Ranch <csr@ubvax> Empower from Magna might do what you want. (408)433-5467 ----------------------------------------------------------------------------- >From: scott@huntsai.boeing.com (Scott Hinckley) Stuffit offers encryption (I believe DES though can't quite remember) BONUS: It is shareware, and you can get it via FTP form any of the Mac archives, believe they only want $15-20 sent in for it. ----------------------------------------------------------------------------- I also learned about "Stuffit Deluxe", a commerical version of the shareware "Stuffit" program, and a program called "Sentinel". Unfortunately, NONE of these programs met my criteria, of using an algorithm that is "well known and documented" so that it could be duplicated on a UNIX or PC system. Stuffit Deluxe came the closest. They partially document their "NewDE" algorithm which is a variant of DES. But crucial parts of the algorithm were not specified (e.g. the "KSX" algorithm for producing the key schedule). ----------------------------------------------------------------------------- Nelson Bolyard nelson@sgi.COM {decwrl,sun}!sgi!whizzer!nelson Disclaimer: Views expressed herein do not represent the views of my employer. -----------------------------------------------------------------------------
nelson@sgi.com (Nelson Bolyard) (12/20/90)
My Summary article generated MUCH more response than my original request for information. Lots of people sent me short messages saying "such-and-such" program "does DES" or "uses DES". Unfortunately, they missed the point of the original article. One respondent at least asked the right question. In article <5308@crystal9.UUCP> derosa@motcid.UUCP (John DeRosa) wrote: >There is a program in the archives called UTIL/DES-ENCRYPTION.HQX >but does not work on an IBM. >FOR THE DES EXPERTS. Will DES encoded files be decoded by any >des decoding tool? Well, John, the answer is NO. Not all programs that use DES for encryption do the same thing! You may ask: Is that because DES is not really a standard?? The answer is: No, DES is a real standard. In fact it is Federal Information Processing Standard (FIPS) 41, a U.S. government standard. But, DES is NOT a standard for encrypting FILES!! It is a standard for encrypting (or decrypting) exactly 8 BYTES! (64 bits, to be precise). When the amount of data you need to encrypt is bigger than 8 bytes, (as a typical file is) there are MANY ways to use DES to encrypt that data. These ways of using DES to encrypt files or messages are called DES "modes of operation." No two different modes of operation are compatible; that is, if you encrypt a file with one DES mode of operation and then try to decrypt it with another mode, it doesn't work. There are exactly 4 standard DES modes of operation, and there are MANY NON-standard modes of operation. The 4 standard modes of operation are published by the U.S. government in Federal Information Processing Standard (FIPS) 81. The obvious mode of operation is to take the file 8 bytes at a time, and separately encrypt each set of 8 bytes with DES. This method, called "Electronic Code Book" (ECB) has the disadvantage that identical input data produces identical output data; that is, if you have a line with a long string of blanks, each set of 8 blanks procedues exactly the same output, and a "cryptanalyst" (a person who tries to decipher encrypted messages) can spot those repeating patterns. Consequently, the U.S. government has banned the use of ECB for governmental communications (and I wouldn't advise it for people who seriously want their files kept secret). Without going into any details, the other standard DES methods of operation are: Cipher Block Chaining (CBC), Cipher FeedBack (CFB), and Output FeedBack (OFB). None of these methods have the problems of ECB. In addition to the different ways of using DES, there are different ways of handling Macintosh files. Stuffit Deluxe is believed to encrypt the separate "forks" in a mac file (the "resouce fork" and the "data fork") as if they were separate messages. Other programs treat the whole file as one message to be encrypted. So, as you can now see, it really is necessary to know a LOT more detail about the exact encryption algorithm than merely "DES" in order to be able to decrypt a file that has been encrypted on a MAC. I called up the customer support lines of several of the companies that make encryption software for the MAC, e.g. the makers of SUM II and the makers of Sentinel, and asked them what DES mode of operation they use with DES. Only Aladdin Systems (makers of Stuffit Deluxe) knew what I was even talking about! I even went so far as to explain it in detail to some of them, and offered the names of the standard modes to see if they rang any bells. But to no avail. Aladdin knew that they used CBC (good for them!) but they don't merely encrypt the whole file with CBC, but instead treat each fork separately, and do some other things to the file for which I could not get documentation. So I now re-ask my original request. If you know of a DES encryption program for the MAC that uses a fully documented standard encyption algorithm please let me know. Please e-mail your replies to the address below. I will summarize significant responses to this newsgroup. P.S. to any crypto software makers that read this: This could be your opportunity to make advances against your competition by replying to this posting, and explaining your use of standard DES modes of operation! ----------------------------------------------------------------------------- Nelson Bolyard nelson@sgi.COM {decwrl,sun}!sgi!whizzer!nelson Disclaimer: Views expressed herein do not represent the views of my employer. -----------------------------------------------------------------------------