Penknife Features (original) (raw)

A data security program with key management for e-mail, for use under Microsoft Windows or DOS.

Contents

• Overview
• Operation
• Examples of Commands
• Features
• Key Management

Overview

Penknife takes any secret key phrase, and transforms or_enciphers_ files into lines of jumbled ASCII text. The original file contents can be recovered from the jumble only by_deciphering_ with exactly the same key. Files thus protected can be saved locally, archived off-site, or sent by e-mail without exposing their contents.

Penknife can automatically skip e-mail headers and signatures when deciphering, minimizing the need for manual "fix up." Enciphered alias files hold secret keys and allow them to be selected by public aliases, thus minimizing the impact of secrecy on ordinary users. Keys can be updated while users can continue to use exactly the same alias in exactly the same way. Dated alias allow access to old archived ciphertext protected by outdated keys.

Now available in Advanced, Commercial Demo, Decipher-Only and Corporate versions for DOS and Microsoft Windows. Not for export.

Operation

For greatest ease and security, the user should have an_alias file_. An alias file is an enciphered file of public aliases and related secret keys. The user can thus select one of many secret keys by supplying the key to the alias file plus the public alias for the desired key.

In normal operation, the user supplies the input filename, output filename (if different), the alias, and selects encipher or decipher. The program requests entry of the alias-file key, once. The program then finds the "closest" alias file, deciphers it in memory only, finds the indicated alias, then uses the secret key associated with that alias to cipher data.

The "generate" function in the advanced version automatically creates or adds to a local alias file, and will encipher the new key in a different file for transport. The transport file can be used as a beginning alias file, or added to an existing alias file, without deciphering the alias file.

Examples of Commands

• Encipher Multiple .TXT Files Using Alias "fred"
  penknife *.txt *.pen /e /a fred
• Decipher Multiple .PEN Files In-Place Using Alias "fred"
  penknife *.pen /d /a fred
• Decipher Using Key Active on Dec. 15, 1993
  penknife file1.pen file1.res /d /a fred /m 93-12-15
• Change Key to Alias File
  penknife penknife.mgt /d (Enter Old Key)
  penknife penknife.mgt /e (Enter New Key)
• Encipher Particular Files into Ciphertext Archive
  penknife file1.txt+file2.txt+file3.txt arch1.pen /e

Features

• Easy to use under Microsoft Windows or DOS.
• Fast: About 80K bytes/sec (on a 486DX2/50).
• Strong: Uses a 63-bit internal key, with a random 32-bit line key on each ciphertext line.
• Small: Under 50K including on-line help.
• Enciphers any file of any sort and recovers the original data without loss. CRC error-detection checks each deciphered file. CRC also detects the use of a wrong deciphering key.
• No "wrong" operating mode: produces only network-transportable ASCII ciphertext.
• Transparently handles DOS or Unix text lines.
• Will ignore e-mail "headers" or ".sigs" or optionally pass them through to keep with the deciphered text.
• Can limit output files to under 48K for Internet transmission.
• **Optionally overwrites the original file,**thus (providing DOS cooperates) hiding the original data, even from file-recovery programs.
• Ciphers one file, multiple files, or an entire disk with a single command. Filenames being selected can be simply displayed without ciphering.
• Supports enciphered batch files of commands.
• Ciphertext can be concatenated in secure archives.
• A limited commercial demo can be distributed for corporate evaluation or individual use.
• The straightforward secret key cipher is much like using house keys or car keys.
• Uses patented Dynamic Substitution technology. Does not infringe any known patents.

Key Management

• Enciphered alias files for each user hold and protect their secret keys.
• A public alias for each key selects that key from among all others in the alias file.
• A user need only remember one key for their alias file, instead of remembering every key they use.
• Aliases support the use of large random keys for better security.
• Dated aliases support access to old ciphertext.
• Aliases can be kept on a floppy and personally retained when not in use.
• A key-generation mode constructs a long random key for a given alias. Groups can be given a single key for all members to use with each other.
• Generated keys are automatically added to the local alias file.
• Generated keys are also placed in a separate enciphered file for transport to the far end or for distribution to other members of the group.
• New keys can be added to an alias file without deciphering the file and thus exposing the keys inside.
• Key updates restore security periodically, or when individuals leave a group.
• Painless key-update: The user continues to use exactly the same alias to select a new key.
• **Key-updates can be programmed in advance,**to support automatic company-wide shifts to new keys on a given date.
• Corporate version supports corporate key control.

Terry Ritter, hiscurrent address, and his top page.

Last updated: 1995-08-07