\today long world
\outlen 72
\foot "                                          printed: " TODAY
\poff 6
\new
\box
\space 12
\center on
CRYPT

FILE ENCRYPTION PROGRAM

and

CIPHER

FILE ENCRYPTION TACL MACRO


























GreenHouse Software & Consulting 1999,2001
\center off
\box
\new
\head "CRYPT and CIPHER"

\ov 1
    ____________
1.0 Introduction

    Why should one encrypt data?

    "Just because you're paranoid doesn't mean they aren't
     out to get you"
                           -- anonymous

\need on
\ov 1
    _____________________________
2.0 CRYPT File Encryption Program

    CRYPT is a program which encrypts and decrypts files using
    the Data Encryption Algorithm (DEA a.k.a. DES).


\need off;need on
\ov 1
    __________
    INVOCATION

    CRYPT  for help

    CRYPT /IN <infile>, OUT <outfile>/ [[$]<phrase>[!]]

    where   <phrase> = 5 to 80 character phrase (blanks allowed)
                   $ = Shared Access
                   ! = Batch Mode (from TACL, etc.)

    <infile> may NOT = <outfile> and <outfile> CANNOT exist.

    ************************* WARNINGS ***************************
    *                                                            *
    * (1) If you forget the phrase used to encrypt a file,       *
    *     there is no computationally feasible way to decrypt    *
    *     the file.                                              *
    *                                                            *
    * (2) If your user id changes, you will be unable to decrypt *
    *     files unless they were encrypted with the $ option.    *
    *                                                            *
    ************************* WARNINGS ***************************


\need off;need on
\ov 1
    _______
    OPTIONS

    $ - Shared Access

    If you wish to send an encrypted file to another user,
    use the $<phrase> option, indicating shared access.
    Since a file encrypted with the $ option is slightly less
    secure, recipients of such a file are advised to decrypt
    the file and reencrypt it with a new phrase.  There is,
    however, no indication in the encrypted file that it was
    encrypted with the $ option, thus preventing the unscrupu-
    lous from searching for such files on a system and doing
    a dictionary attack.

    No provision is made for transmitting the phrase to the
    ultimate destination.  This may be done by phone, secure
    mail, etc.

    ! - Batch Mode

    This mode is provided to enable CRYPT to be invoked from
    TACL macros, etc.  "!" signals CRYPT to not recheck the
    phrase.


\need off;need on
\ov 1
    ____________
    INSTALLATION

    CRYPT must reside on $SYSTEM.SYSTEM.


\need off;need on
\ov 1
    __________
    FILE TYPES

    CRYPT encrypts any file type to an Entry-Sequenced file of
    Code 18248.

\need off;need on
\ov 1
    _________________
    SECURITY SETTINGS

    Security settings are replicated.  i.e. the security setting
    of the output file is identical to that of the input file.


\need off;need on
\ov 1
    ________________________
    FILE ACCESS RESTRICTIONS

    Access restrictions to files are enforced by Guardian or
    Safeguard, whichever is active.  Thus you can encrypt
    any file for which you have read access.

\need off;need on
\ov 1
    _________________________________
3.0 CIPHER File Encryption TACL Macro

    CIPHER is an example of a TACL macro to drive CRYPT to
    encrypt/decrypt a file in place.

    It resides on \FOXII.$SYSTEM.SYSTEM.


\need off;need on
\ov 1
    __________
    INVOCATION

    CIPHER     for help

    CIPHER <file> [[$]<phrase>]


\need off;need on
\ov 1
    ______
    BEWARE

    Since there are a few more security problems with TACL macros
    than there are with programs, one should be prudent and copy
    CIPHER into one's default volume or clearly understand the
    implications of one's PMSEARCHLIST.

    (Beware of gifts bearing Greeks.)


\need off;need on
\ov 1
    _____________________
    THOUGHTS FOR THE USER

    It would be easy to build similar macros to do such things as:

      - reencrypt all encrypted files in a subvolume
      - encrypt all unencrypted files in a subvolume
      - decrypt all encrypted files in a subvolume
      - encrypt all edit type files in a subvolume
      - all of the above with a template

\need off
\ov 1
    ____________
    CIPHER macro:

?tacl macro
=====================================================================
==                             CIPHER                              ==
==                                                                 ==
==    CIPHER <file> [[$]<phrase>]                                  ==
==                                                                 ==
==    An example TACL macro to encrypt/decrypt a file in place.    ==
==                                                                 ==
== Note: There are security problems with this macro because       ==
==       the user cannot be sure that there are no Trojan Horses.  ==
==       (Beware of gifts bearing Greeks).                         ==
==                                                                 ==
==       To be safe, a copy should also reside in the user's       ==
==       default subvolume to cover PMSEARCHLIST variations.       ==
=====================================================================
#frame
#push infile     == name of file to encrypt/decrypt
#push outfile    == output file for crypt
#push phrase     == phrase
#push phrase_sz  == length(phrase) in bytes
#push pcheck     == phrase check (used if encrypting)
#push pcheck_sz  == length(pcheck) in bytes
=====================================================================
[#def get_phrase_sz delta |body|
   Gphrase$      == get phrase
   ZJ -1D        == get rid of EOL
   ZUphrase_sz$  == save length of phrase in phrase_sz
]{end_def}
=====================================================================
[#def get_pcheck_sz delta |body|
   Gpcheck$      == get pcheck
   ZJ -1D        == get rid of EOL
   ZUpcheck_sz$  == save length of pcheck in pcheck_sz
]{end_def}
=====================================================================
[#def check_phrase delta |body| {results in 0 (false) or 1 (true)}
   Gphrase$      == get the phrase (expected)
   ZJ -1D        == get rid of EOL
   ZFUl$         == save length of phrase
   Gpcheck$      == append the phrase check string to end of buffer
   0J            == start at beginning of buffer
   I1$           == assume result will be true
   Ql$ <         == compare 1st half to 2nd half
     1+Ql$A FUc$ == save 1st char of actual in 'c'
     A-Qc$ ?N    == if 1st of expected <> 1st of actual,
       0J I0$    ==   set false
       0@;       ==   & exit compare loop
       '         == end of single character compare
     FOc$        == get rid of the temporary variable
     1C          == point to next character in expected
     >           == end of compare loop
   1,ZK          == result is in the first character
   FOl$          == get rid of the temporary variable
]{end_def}
====================================================================
#set outfile cf
[#loop |while| [#fileinfo/existence/ [outfile]] |do|
   #set outfile [outfile]x
   [#if [#match cfxxxxxx [outfile]] |then|
      #output Unable to generate outfile name
      #return
   ]
]
#set infile %1%
[#if [#emptyv infile] |then|
   #output ******************************************************
   #output *  No file specified.                                *
   #output *  Form is:  cipher filename <<$>phrase>             *
   #output *    where   <> = optional parameters                *
   #output *             $ = shared access                      *
   #output ********************** WARNINGS **********************
   #output *                                                    *
   #output *  If you forget the phrase used to encrypt a file,  *
   #output *  there is no computationally feasible way to       *
   #output *  decrypt the file.                                 *
   #output *                                                    *
   #output *  If your user id changes, you will be unable to    *
   #output *  decrypt files unless they were encrypted with     *
   #output *  the $ option.                                     *
   #output *                                                    *
   #output ********************** WARNINGS **********************
|else|
   [#if [#fileinfo/existence/ [infile]] |then|
      #set phrase %2% %3% %4% %5% %6% %7% %8% %9% %10%
      [#if [#emptyv phrase] |then|
         #set phrase [#input /noecho/ Enter Phrase: ]
      ]
      [#if [#compute 549 <> [#fileinfo/code/ [infile]]] |then|
         #set pcheck [#input /noecho/ Reenter Phrase: ]
         sink [#delta /commands get_phrase_sz/]
         sink [#delta /commands get_pcheck_sz/]
         [#if [#compute [phrase_sz] <> [pcheck_sz]
         or [#delta /commands check_phrase/] = 0] |then|
            #output Phrase does not match
         |else|
            $SYSTEM.SYSTEM.CRYPT /in [infile], out [outfile]/ [phrase]!
            [#if [#fileinfo/existence/ [outfile]] |then|
               sink [#purge [infile]]
               RENAME [outfile],[infile]
               #output [infile] encrypted
            |else|
               #output Encryption Failure
            ]
         ]
      |else|
         $SYSTEM.SYSTEM.CRYPT /in [infile], out [outfile]/ [phrase]!
         [#if [#fileinfo/existence/ [outfile]] |then|
            sink [#purge [infile]]
            RENAME [outfile],[infile]
            #output [infile] decrypted
         |else|
            #output Decryption Failure
         ]
      ]
   |else|
      #output [infile] does not exist
   ]
]
#unframe
