DLOCK.TXT -- DOCUMENTATION FOR DLOCK.EXE AND ITS SOURCE FILES INTRODUCTION DLOCK is a Data LOCK program that uses the Diamond encryption algorithm. It also tests the correct implementation of the Diamond and Diamond Lite encryption algorithms in the enclosed library files. Although DLOCK is useful as it stands, it is probably of more use as a library of source code to use to build encryption into other applications. Diamond and Diamond Lite are 100% roylty free algorithms, derived from the MPJ and MPJ2 encryption algorithms. I've studied too much cryptography to make a brash claim of security for any algorithm, but my confidence level in Diamond and Diamond Lite is very high because of the failure of anyone I've dared to break MPJ to do so for several years. See the challenge section below. When used to encrypt or decrypt files, DLOCK places no special headers or other identification on the ciphertext files. This is good for security, but bad for user friendliness. It always processes from one file to another, so that you can verify that the encryption or decryption is good before deleting the original. This is very important, since a single character typo in the pass phrase is enough to render a file total garbage. LEGAL NOTICES Documentation files, executable files, and source code files not marked otherwise are Copyright (C) 1994 Michael Paul Johnson. All rights reserved. There is NO WARRANTY expressed or implied for any of this. Diamond and Diamond Lite are Trade Marks of Michael Paul Johnson. Other trade marks mentioned herein belong to their owners and are mentioned for identification purposes only. Some cryptographic, cryptanalytic, and key management software and technical data is subject to export controls and other legal restrictions. Contact competent legal authority for more information. It is your responsibility to comply with all currently valid laws and treaties that apply to you. Do not use this software or technical data for any illegal activity. As far as is permitted by law, permission is hereby granted to copy and use the copyrighted portions of this distribution for any legal use, provided that the documentation is kept unmodified and the software is used in accordance with the GNU Library General Public License as published by the Free Software Foundation, version 2. CRC.H, CRC.CPP, DIAMOND.H, and DIAMOND.CPP are in the Public Domain. SYSTEM REQUIREMENTS Two compiled versions are included in this distribution: MS-DOS executable and Sun SparcStation binary. If you wish to use this program on another platform, you may recompile the provided source code for that platform. COMMAND LINE SYNTAX To test Diamond and Diamond Lite against the validation data in DIAMOND.DAT: DLOCK /T To encrypt a file: DLOCK /E [/S] infilename outfilename [/Ppass phrase | /Kkeyfile] /E = Encrypt. /S = Silent mode (minimal screen output). /P = Pass phrase follows on the command line. The pass phrase is case sensitive, and every character counts. Embedded spaces are OK. /P, if used, MUST be the lase command line parameter, since all characters after it are considered to be part of the passphrase. /K = Get the pass phrase from the file name provided. The passphrase in a key file may include ANY binary data, up to 256 bytes. Note that if /P or /K is not used, then DLOCK looks for the passphrase in the environment variable DLOCK_KEY. If no passphrase is found there, then DLOCK will prompt you to enter the passphrase at the keyboard. Spaces and other special characters are allowed in the passphrase. For example, DLOCK /E MARCH.WK1 MARCH.ENC /PNone of YoUr BuSiness! Really! encrypts MARCH.WK1 with the passphrase "None of YoUr BuSiness! Really!", placing the results in MARCH.ENC. If you wish to get rid of the plain text version, use another utility to overwrite and delete the original. To decrypt a file: DLOCK /D [/S] infilename outfilename [/Ppass phrase | /Kkeyfile] Switches used here are the same as for encryption, except that the /D (for Decrypt) replaces /E. For example, DLOCK /D MARCH.ENC MARCH.WK1 /PNone of YoUr BuSiness! Really! decrypts the file encrypted above. Command line switches are not case sensitive, and may start with - or /. There should be a space or tab between adjacent switches. Except for /P, which must be last, the switches may occur in any order (before, between, or after the file names). HOW DLOCK WORKS When encrypting or decrypting files, DLOCK uses a 10-round Diamond block cipher in cipher block chaining with ciphertext feedback mode (CBC). This means that any regularities in the plain text are completely obscured in the cipher text. The original file length is exactly preserved. See the source code and the accompanying documents for details. ADVANTAGES OF DLOCK 1. To the best of my knowledge, no one has broken Diamond (or its predecessors, MPJ and MPJ2), yet. See the US$271.82 challenge, below. 2. The block chaining mode is time-tested and well respected. 3. Complete source code is included for your examination and to facilitate porting to other platforms. 4. The cipher text is the same size as the plain text. 5. It is free. 6. You are free to use the algorithms and/or code in this distribution to incorporate encryption into your own applications, without payment of royalties or delays. 7. Diamond and Diamond Lite, when incorporated into a system that weakens the effective key length and resists modification by the user to the satisfaction of the NSA, may be exportable. Contact the Department of State and the NSA for details and additional requirements. 8. DLOCK allows easy validation of implementations of Diamond and Diamond Lite. 9. If you don't like the way DLOCK works and you can program in C or C++, you can fix it to your liking. 10. The author is easy to contact via email (m.p.johnson@ieee.org). 11. The encryption is too strong to be generally exportable. There are no intentional weaknesses or trap doors in the algorithm or the program. 12. Identical files, encrypted with identical keys, always yield identical ciphertext. This is good for validating algorithms. DISADVANTAGES OF DLOCK 1. Key management is all manual. 2. Encryption of multiple files is cumbersome unless you use an archiving utility (like PKZIP, LHA, ARJ, etc.) first. 3. No one is getting rich on your purchase of this product, so it doesn't help the economy, much. 4. The ciphertext reveals the size of the plain text (but not its contents). 5. Identical files, encrypted with identical keys, always yield identical ciphertext. This is bad for resistance to traffic analysis. 6. No 7-bit ASCII armoring (uuencoding or radix-64 encoding) is built in for EMAIL purposes -- use another utility to do that. 7. The encryption is too strong to be exportable without a lot of hassles and controls on the destinations. 8. If you forget your passphrase, your encrypted data is as good as gone. I can't get it back, no matter how important it was. DATA COMPRESSION DLOCK doesn't compress data, but if you compress your data before encrypting it (i.e. with PKZIP, ARJ, etc.), you will decrease the size of the ciphertext and improve security. Attempted compression after encryption does neither. RECOMPILING DLOCK You don't really need to recompile DLOCK unless you want to modify it or port it to another platform. I compiled DLOCK.EXE with Borland C++ 4.0, using the commands in MAKDLOCK.BAT. This batch file also applies PKLITE compression, but that is optional. I compiled the Unix version of DLOCK on a Netcom interactive host machine with the command: c++ -DUNIX -o dlock dlock.c diamond.c crc.c VERIFYING THAT YOUR VERSION HASN'T BEEN TAMPERED WITH If you have PGP, you can check my detached signatures on the files in this distribution with the file VALIDATE.BAT, which should look like: pgp challeng.sig challeng.enc pgp copying.sig copying.txt pgp crc_cpp.sig crc.cpp pgp crc_h.sig crc.h pgp def.sig def.h pgp diamondc.sig diamond.cpp pgp diamondd.sig diamond.dat pgp diamondh.sig diamond.h pgp diamondp.sig diamond.ps pgp diamondt.sig diamond.txt pgp dlocksun.sig dlock pgp dlockcpp.sig dlock.cpp pgp dlockexe.sig dlock.exe pgp dlocktxt.sig dlock.txt pgp makdlock.sig makdlock.bat pgp thesis.sig thesis.txt If you don't have a copy of PGP, you can buy a copy from Viacrypt or get the freeware version from numerous sites, including the Colorado Catacombs BBS (303-938-9654) or ftp, see ftp:csn.org//mpj/README.MPJ. THE US$271.82 CHALLENGE OK, US$271.82 is not enough to pay for the time it would take to do serious cryptanalysis of the Diamond Encryption Algorithm, but it is enough to prove that data encrypted with DLOCK is secure against the average hacker. The file CHALLENG.ENC was encrypted with DLOCK.EXE. If you are the first person to (1) decrypt CHALLENGE.ENC and (2) follow the instructions in the decrypted file to claim your prize before midnight UTC, 29 April 1997, then you will get US$271.82 of my hard-earned money. To claim this prize, you must reveal how you deciphered the ciphertext. You must also not break the law (including any currently valid export laws) in the process of earning this prize. If the ciphertext is not broken, I get to keep my money. The plain text that CHALLENGE.ENC was encoded from is plain, uncompressed, 7-bit ASCII with both CR and LF at the ends of lines. It contains English text, including instructions on how to claim the prize and contact the author. THE FAIR CHALLENGE The US$271.82 challenge given above is probably unfair, unless I really goofed badly in the implementation of DLOCK or the invention of the Diamond Encryption Algorithm. On the other hand, if you find what you think is a weakness or error in either DLOCK or Diamond (other than the disadvantages listed above), please let me know. There is no cash reward for such information, but I will use the information to help improve the encryption programs that I write. CONTACTING THE AUTHOR You can reach me by email at m.p.johnson@ieee.org, CompuServe 71331,2332, or at Mike Johnson, PO BOX 1151, LONGMONT CO 80502-1151, USA. Check for the latest version of this program on the Colorado Catacombs BBS, 303-938-9654, or for ftp from csn.org//mpj or ftp.netcom.com//pub/mpj. REGISTRATION This program is free, so registration is not required. However, if you would like to be added to my list of users to be notified of upgrades and related products, or if you would like to make a donation to advance the cause of free privacy protection software, feel free to contact me at the above address.