File Cryptographic Application


A user-friendly graphical front-end for cryptographic operations on files.

Introduction and License Agreement


The main purpose of this software is to provide individuals who have little or no knowledge of cryptography to be able to easily protect their own privacy via encryption. This software aims to provide an easy-to-use graphical interface for file encryption and decryption.

This software is free and open-source. If you have any comments or wishes to submit bug reports or patches, please send them to me at the email below. All constructive comments are welcome :). In addition, if you enjoy the use of this software, please let me know as well, any moral supports are welcome :)

The use of cryptography has been quite sensitive especially in the recent years. The author of this software does not condone the use of this software in a manner that will directly or indirectly cause harm to others. However, the goal of this software is to (hopefully) ensure that the rights of individuals to privacy are respected.

The implementations of the cryptographic algorithms are taken from BouncyCastle (http://www.bouncycastle.org). This software merely implements a user-friendly front-end GUI to these algorithms. Their licence is included at licenses/BC.LICENSE.html.

By downloading the software, you have agreed to include this README file as part of any distributions you make that includes this software. You also acknowledge that the author of this software is not liable for any damages that may be done to your files as a result of using this software.

Sincerely,

Herry.
Email: herry_personal at yahoo dot co dot uk
13/10/2003.

Download


For the binary and source files:
crypto_20031013_0313_bin.jar crypto_20031013_0313_bin.jar.MD5
crypto_20031013_0313_src.jar crypto_20031013_0313_src.jar.MD5

How to use


There are basically two types of files: the binary jar file and the source jar file. Binary jar files are for people who just want to use the software, source jar files are for Java developers who might want to 'tweak' the source codes.

If you have downloaded the binary distribution jar file, just type
java -jar [e|d] where you would type 'd' for decryption and 'e' for encryption.

For example, if the binary file you have downloaded is called crypto_2003_1012_1222.jar, for encryption, you would type:
java -jar crypto_2003_1012_1222.jar e

and for decryption
java -jar crypto_2003_1012_1222.jar d

If you have the source jar file, you will need to unjar it into a new directory. The source files can be built using Ant from (http://ant.apache.org). For building the binary jar file, type: ant dist It will create a jar file in the lib.dist directory.

For compilation of the source code (located at src folder), type: ant compile which will compile the source code and put the generated class files into the lib folder.

Encryption and Decryption


After encryption, this software will generate two files: the encrypted file and a property file with the same file name as the encrypted file but with '.props' appended to the end. The second file is the property file containing the actual key protected by the passphrase you've entered during encryption. The file also contains the name of the algorithm and the various other bits of information that will be required during decryption. For additional security, you can have the property file stored at a separate location from the encrypted file. I would like to stress that even though the key is stored in the property file, it is stored in an encrypted form, encrypted using the passphrase you have been prompted to enter during encryption. Therefore, the 'ultimate' key is the passphrase that resides in your head. As with any passwords you are advised not to write down the passphrase, but just memorise it. This software accepts passphrase of any lengths. It accepts alphanumeric characters as well as punctuation marks. For example, the list below contains perfectly legitimate passphrases:

islkjd$£"£%"$!£&^$k762*7kjs%$£"
&HSK872g*jfbwo((*2hu3^$23
kkjfg*9u72htowehpwao&^&^t8723iuout&Y23oi9o87uY^23i827^$R9o28T&"W^&£Ij(&"£I

From best security practices, you are advised to have a long passphrase (at least 8 characters long) mixing alphabets, numerals and punctuation marks to make it more difficult to guess. **Please** do **not** use your birthday, your family members' birthdays or any such familiar information as these can be guessed very easily.

During decryption, the software expects the property file to be in the same directory as the encrypted file. It will attempt to look for a file with the same name as the encrypted file, but with '.props' appended to the end of that. It will use that property file for decryption. That is why there is no need to enter all the information about the algorithm name, key length, and so on during decryption, but is required during encryption.

Crytographic Strengths and Export Limitation


Sun has limited the cryptographic strength of certain algorithms by default, so if you have downloaded only the Sun JDK, you will need to download the corresponding unlimited strength JCE policy files from Sun if you want to have unlimited strength crypto. You can get the files from (http://java.sun.com). If you do not, you can still use this software, but be aware that some of the algorithms you choose might result in a shorter keylength than what you have specified as a result of the export limitations imposed.

JDK Version


This software has been developed and tested with JDK v1.4.2. However, it should work with other versions from v1.3 as well since I don't think I am using any API proprietary to 1.4.2.