arc.gif (193 bytes)

How to Use Encryption Keys

When you encrypt files with encryption key, you perform your interaction with the program through "Enter encryption key" dialog box. In this dialog box you can see the following information:

  • Current cipher – encryption algorithm, which is currently used;

  • Current mode – encryption mode, which is currently used;

  • Blocksize – the size of block of the current algorithm (the length of initial vector is always equal to Blocksize);

  • Size of key – shows minimal and maximal key length in bytes and step of the key (length of encryption key must be a multiple of step value). The length of the key may vary from min. to the max. number of bytes allowed by the current algorithm;

  • Key size in bytes – spin control with which user can set desired length of the encryption key which will be used for encryption. Key length will be automatically adjusted in accordance with the step value. For example, allowed lengths of the key for AES algorithm, which has step 8, include: 16, 24 and 32 bytes;

  • Hide key – check box with which user can hide or show key editor window. It is recommended to always keep key window hide unless key is being entered from keyboard;

  • Encryption key editor window – when encryption or decryption with a key takes place, the program uses as the encryption key the bytes shown in the "Encryption key" editor window. This window is divided into two parts: the hexadecimal part and ASCII part. These two areas are intended to view the same data in different ways. When you enter a key from keyboard or generate it, the bytes of the key are shown as hexadecimal values on the left side and as ASCII characters on the right side of the editor window.
    This program for encryption and decryption with the user-provided encryption key uses exactly the bytes that have been defined by user in this window without any further transformation (compared to encryption with password, where user-provided password is transformed in a rather complicated way into the encryption key). You can provide the encryption key from a file, input it from the keyboard or generate it.

  • Initial vector editor window – editor window for entering the initial vector. Initial vector is the byte sequence, which is used in CBC, CFB and OFB encryption modes. When user generates the encryption key, initial vector is always being generated together with key. If user enters key from keyboard, he also must always enter the initial vector. Though initial vector is not a secret information, user can consider it as a part of encryption key, because for decrypting data in modes mentioned above, user always must provide the initial vector which was used for encryption. When user saves encryption key in a file, initial vector automatically is saved in the same file.

 

Providing encryption key from a file

In fact, you can use as an encryption key any file whose size is more or equal to size of encryption key for the current algorithm. For example, if the AES algorithm is used for encryption and the length of the key was set equal to 32 bytes, then if you provide a file as an encryption key, the first 32 bytes of the file will be shown in the "Encryption key" editor window, the next 16 bytes will be shown in the "Initial vector" editor window, and all the rest file contents are ignored. In general, this can be stated in the following way: if "K" is the key length, then you must provide a file whose size is not less than "K + Blocksize" bytes. If the file size is less than K + Blocksize bytes, then the missing bytes in the encryption key and initial vector are padded with zeros.

You have take into account that contents of the absolute majority of files are not random and using such files as keys you may seriously compromise the security of encryption. Also it is not recommended to use as encryption keys files, which are located on your computer. Even if your hard disk contains hundreds of thousands files, it's a matter of several minutes (or several tens minutes) to test all of them as encryption keys. Also, it is not recommended to use as encryption keys files, whose content can be modified.

It is important to remember that if the length of the encryption key is less than the upper-range value, then it is necessary before decryption to set the length of the key that has been used for encryption. For example, if you encrypted the file with AES algorithm and 16 byte key, the for decryption you must set length of key to 16 bytes. Otherwise key will be read incorrectly. In order to avoid this and to provide a higher level of security encryption with the key of maximum length is recommended.

 

Inputting encryption key from the keyboard.

You can input encryption key and initial vector from the keyboard using both hexadecimal and ASCII areas of "Encryption key" editor window for inputting.

When entering values in the hexadecimal area you can use only hexadecimal digits: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F. Each byte in a hexadecimal area must be equal to the hexadecimal number from 00 to FF.

ASCII symbols representing hexadecimal values are shown to the right of the hexadecimal area. For example, the hexadecimal value 41 is equal to the letter "A" in the English alphabet. Some values do not have an ASCII equivalent, i.e. there is no symbol that represents them on the screen. Such values are shown in the ASCII area as dots. (But remember that "dot" itself has its own hexadecimal value 2E and "space" has the hexadecimal value 20).

 

Generating encryption key

All the bytes of the key must be random and equiprobable – this is one of the main requirements that encryption key has to meet. For example, if the user uses in key only alpha-numeric values of bytes then these values are not equiprobable with the other values of bytes, because the user uses only 26 lower-case English letters, 26 upper-case English letters and 10 numeric values out of 256 possible values for each byte in the key. In other words, only 62 values out of 256 possible values are used in the key. Therefore, the number of possible keys decreases significantly and the task of cryptanalysis of the ciphertext encrypted with such a key becomes easier.

With this program you can generate highly random encryption keys. 17 different random values such as current cursor position or current process ID are retrieved from your computer during the key generating. The values are hashed by the hash function SHA-1. Each subsequent value is added to the output of the hash function and the result is hashed again. This cycle is repeated 1000 times. Some added values are changing even during the cycle, for example, the number of milliseconds that elapsed since the Windows has started.

As a result, a highly random sequence of bytes is created and the encryption key and initial vector are formed from this sequence.

Press the "Generate" button in the "Enter encryption key" dialog box to generate new encryption key and initial vector.

Note: We recommend that you always save the encryption key immediately after generating. If the user generated the key and encrypted a file with this key without saving the key, then it is impossible to restore the key and to decrypt the file.

Read more about encryption keys:

[Home] [Screenshots] [About]  [Download] [References] [Contact] [Register]
Copyright ©2003 Crypto Systems Incorporated. All Rights reserved. Email: webmaster@securetask.net