Click here to Skip to main content
15,888,610 members
Search within:


Articles / Desktop Programming / ATL
 
Article

File Encryption Utility

Rate me:
Please Sign up or sign in to vote.
4.70/5 (21 votes)
22 Sep 2002GPL33 min read 280.9K   13.4K   90   81
File Encryption Utility based on Blowfish Encryption Algorithm.

Sample Image - FileEncryption.jpg

Introduction<o:p>

After a long search for a simple and secure file encryption utility, that is simple and intuitive to use I've decided to write something of my own.<o:p>

File Encryption utility is a simple tool for encrypting both text and binary files using the blowfish encryption algorithm.<o:p>

The utility can create a self extracting encrypted file. For a deep view of how to create a self extracted executable check my other article: Creating Self-Extracted Executable .<o:p>

Features<o:p>

File Encryption Utility Has the following features:<o:p>

  • Fast & Quick File Encryption/Decryption.<o:p>
  • Internal File Wiping Utility.<o:p>
  • Creating Self-Extracting Encrypted File.<o:p>
  • Explorer Integration (through Configuration Dialog).<o:p>
  • Command Line Parameters.<o:p>

Language<o:p>

The File Encryption utility is writen in native C++ using ATL only for windowing classing.<o:p>

The usage of ATL is minimal so anyone who is not familiar with the library should be able to understand the code as well.<o:p>

Overview<o:p>

File Encryption Utility is divided to few small projects:<o:p>

  • FileEnc – The UI of the file encryption utility, also containing the Processing class which is also used by SelfExtract and it is responsible for reading/writing files.<o:p>
  • Enc_Blowfish – Blowfish encryption implementation (based upon Bruce Schneier and Jim Conger implementation).<o:p>
  • SelfExtract – Self Extracting executable "header".<o:p>
  • GenLib – Small Library holding all commonly used items in other project parts.<o:p>
  • Builder – Small Console utility for creating the final File Encryption Executable.<o:p>

GenLib – The General Library<o:p>

In order to save time and to have a central point for all general purpose classes I'm working with a static library called GenLib.<o:p>

A stripped version of the GenLib is available with the File Encryption Utility. In this version you can see the following general purpose classes:<o:p>

  • GenFiles – Openning OpenFile/SaveFile and OpenDirectory Dialog Boxes.<o:p>
  • SelfExtract – Creating Self-Extracting Executable.<o:p>
  • Thread – Implementation of a parent class for classes who want to execute code in separate thread (more information can be seen in the header – thread.h).<o:p>
  • FileWipe – Wiping a File from Hard Drive.<o:p>

All those classes are under the GenLib namespace.<o:p>

Additional Encryptions<o:p>

Inside the FileEnc project there's an interface called EncryptionInterface – implementing this interface can allow you to easily change the encryption the utility uses.<o:p>

Implementing this interface requires only stream cipher implementation and saves all the overhead of working with files.<o:p>

Blowfish implementation is statically linked to the utility in order to avoid hacking by changing the dll. With a few minutes of work the utility can support a number of encryption dlls that can be loaded at runtime based on the users decision.<o:p>

Security<o:p>

In order to make the utility the most secure I can I've tried wiping information from memory when the application closes.<o:p>

When looking at the source, you can see that I've used ZeroMemory API and few others APIs to delete information from memory (like the password used).<o:p>

When encrypting a file you can mark the 'Wipe Source After Process' checkbox and by that insure that the file you're encrypting is not accessible.<o:p>

Remarks<o:p>

Decryption does NOT verify password correctness (information is being encrypted without adding any information about the file). As a result when decrypting with the wrong password you will receive a file with junk inside - this is not a bug.<o:p>

The file encryption is based upon the password length - larger passwords equal better security.<o:p>

Although I believe that the file wiping method is very secure, to be 100% sure you should use a product dedicated to that purpose.<o:p>

Reference<o:p>

Blowfish encryption algorithm - http://www.schneier.com/paper-blowfish-fse.html

Revision History

23 Sep 2002 - Initial Revision

License

This article, along with any associated source code and files, is licensed under The GNU General Public License (GPLv3)


Written By
Nir Dremer
Product Manager
Israel Israel
Nir is a Product Manager from Israel with past Software Engineering Experience.

You're welcome to visit his photography site:
http://www.dremer.net/

Comments and Discussions

 
FirstPrev Next
GeneralHello... A request... Pin
lighttrainmedia11-Dec-02 5:54
lighttrainmedia11-Dec-02 5:54 
GeneralRe: Hello... A request... Pin
Nir Dremer13-Dec-02 0:02
Nir Dremer13-Dec-02 0:02 
QuestionIs EFS not good enough? Pin
Andreas Saurwein24-Sep-02 23:31
Andreas Saurwein24-Sep-02 23:31 
AnswerRe: Is EFS not good enough? Pin
Nir Dremer25-Sep-02 0:08
Nir Dremer25-Sep-02 0:08 
GeneralRe: Is EFS not good enough? Pin
Andreas Saurwein11-Dec-02 6:10
Andreas Saurwein11-Dec-02 6:10 
GeneralRe: Is EFS not good enough? Pin
Nir Dremer13-Dec-02 0:15
Nir Dremer13-Dec-02 0:15 
GeneralRe: Is EFS not good enough? Pin
Andreas Saurwein13-Dec-02 4:11
Andreas Saurwein13-Dec-02 4:11 
GeneralRe: Is EFS not good enough? Pin
supersuper26-Apr-04 10:27
supersuper26-Apr-04 10:27 
Andreas Saurwein wrote:
Nay, still no way to agree

>Nir Dremer wrote:
>1. EFS requires windows 2000 and above (except XP home).
>2. EFS requires NTFS5 file system.
>
>Fine, and? If you need security you wont do it under Win9x, but use NT instead.

So basically you're saying run NT or forget having secure communications and files? So now you've limited yourself to share encrypted data with someone one NT or above AND they have to be in your active directory. What about the other 5billion people in the world?


>4. Unknown cipher algorithms (at least i haven't found any details).
>
>Since it is based on the Window CryptAPI it can only use whatever cypher you have installed >there. Lookup the installed cyphers and their usage.

Acutally, the EFS is using the DESX algorithm plus RSA public/private keys. So you've selected an encrytption system that is just as vulnerable to linear and differentials attacks as standard DES with slightly higher brute force key attack strength. Not even close to BlowFish, not even as good as DES3. Simply put, I don't think EFS is used by the security community, it looks like more of an administrative headache.

>5. Close Source.
>
>And? how many applications that you use every day are closed source? Does that matter?

You need do some research into encryption first dude. Security through obscurity never works. In fact the US government cryptography standard when through a very extensive public process in order to determine which algorithm would provide the highest level of security. It's the same as exposing a server to the net and offering a prize to anyone who can hack it. You get a better system by allowing others every advantage possible to defeat it. Closed source is about profits and protecting intellectual property that gives a competative advantage. Don't you think that if MicroSoft had a better system they would want the US to adopt it as the defacto standard, a lot more money in that.

>On the other side, Windows includes also recovery mechanisms for encrypted files.
>This is definitely an advantage.

Hmm, well from what i've read on Sysinternals (you should check it out) this "falesafe" recovery mechanisms can be used to fairly easily defeat the system. The whole point of encrypting something is that you need the key to access it. If you can "recover" the key then your system is only as good as the key recovery mechanism. A chain is only as good as it's weakest link.

I think before you trash someone elses work you should look at the big picture, I can think of tons of uses for this.


But to the author of this app, looks like a great little util, i would have prefered if you had used AES instead of blowfish but its really clean and usable. The self extracting is great, and the integration with the context menu is slick too.
GeneralRe: Is EFS not good enough? Pin
Andreas Saurwein26-Apr-04 11:49
Andreas Saurwein26-Apr-04 11:49 
GeneralRe: Is EFS not good enough? Pin
supersuper2-May-04 7:08
supersuper2-May-04 7:08 
AnswerRe: Is EFS not good enough? Pin
Anonymous1-Mar-04 0:33
Anonymous1-Mar-04 0:33 
GeneralRe: Is EFS not good enough? Pin
Andreas Saurwein1-Mar-04 4:21
Andreas Saurwein1-Mar-04 4:21 
GeneralBlowfish vs Twofish Pin
Anonymous23-Sep-02 12:06
Anonymous23-Sep-02 12:06 
GeneralRe: Blowfish vs Twofish Pin
Nir Dremer23-Sep-02 22:15
Nir Dremer23-Sep-02 22:15 
Last Visit: 31-Dec-99 18:00     Last Update: 29-Apr-24 19:10Refreshᐊ Prev1234

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 19 Sep 2002

Article Copyright 2002 by Nir Dremer
Everything else Copyright © CodeProject, 1999-2024

Web02 2.8:2024-04-02:1