MySecret Blowfish Encryption Utility

MySecret is a command-line freeware utility that can be used to encrypt and decrypt messages in an email-friendly manner. It works by encrypting or decrypting the contents of the clipboard. It can also work in file mode.

MySecret.exe is small - 50 kB - and quick. It uses the Blowfish algorithm to create base64-encoded text output that can be easily transmitted over the Internet or stored on any computer system. For more information on Blowfish see the web site of its inventor, Bruce Schneier and his references to Products that Use Blowfish.

Contents

• Introduction
• Download
• Terms and Conditions
• To install
• To use to encrypt a message in CLIPBOARD mode
• To use to decrypt a message
• Syntax
• Using the in-line password option
• To use to encrypt a file
• Using MySecret in Batch Files
• Remarks
• Security Considerations
• Using from web mail
• Examples in use
• Linux Version
• Acknowledgements
• The program
• Technical details
• Security Enhancements in Version 3
• Changes from Version 1

Introduction

I wrote the first version after I'd been travelling and needed a simple utility I could keep on a floppy that would enable me to create and receive encrypted emails from Internet cafes and friends' PCs. You can also use it in batch files to carry out automated encryption of backup files.

Version 3 has improvements including compression of data before encryption, random padding characters, and confirmation of the password when encrypting. Data encrypted with versions 1 and 2 can still be decrypted using version 3. There is an option to encrypt using the Version 2 algorithm, if needed.

But...

Download

Download the latest version of MySecret.zip (47 kB) from here.

The MySecret.exe file version 3.1.0.1 is 49,664 bytes, last modifed 2007/06/09 10:36:10 GMT, with an MD5 checksum of 83b7081b294ae4a412ad2b251533095b

Thanks to `Chris' for pointing a bug in version 3.1.0 with strings of a certain length (like "abc").

Terms and Conditions

MySecret is copyright (C) 2002-7 DI Management Services Pty Ltd, all rights reserved. MySecret is freeware. Install and use entirely at your own risk. This Program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. By using the Program YOU EXPRESSLY AGREE to these conditions. If you do not agree to these conditions, DO NOT USE THE PROGRAM.

To install

1. Copy the file MYSECRET.EXE into a directory on your PC's path, e.g. C:\Windows or C:\WINNT
2. That's it!

To use to encrypt a message in CLIPBOARD mode

1. Copy the text you want to encrypt into the clipboard. This might have been typed first into Notepad, for example, or be from the body of an email.
2. Open an Command Line window (In W9x: Start > Programs > MS-DOS Prompt) or (In NT/2K/XP: Start > Programs > Accessories > Command Prompt).
3. Type:

   MYSECRET
   

4. The contents of the clipboard will display (this is a useful check).
5. Enter a password when prompted. This is case-sensitive, so be careful. Your password can be any phrase with any normal characters including spaces and punctuation. The password is not displayed. Press Enter to finish. (New in Version 3) You will be asked to confirm the password, so type it again.
6. The encrypted message will display.
7. The encrypted message is now also in the clipboard. It can be pasted into an email or into a text editor.

To use to decrypt a message

1. A message created with MySecret looks like this:

   -----BEGIN MYSECRET-----
   TVn8APjdMOdLPUBQ2OWsEh7wWnihhKKOKf11Vj0oo4pM20BPwrRXJyL+nBOL
   dpxdc+PQQoQlr0Vz1n1Fv932HQ16DG712ui69T3O0jI3NfX8jRjtZkal/sFy
   Vu9JJEWPfZ2Ri1fkfOCqe9ZvFEmJ78BcUVmf37SYbgKi8UcAv4i1heHfJ05e
   nde6nFeiyDptYflT7SiIGHcO1cVya22b1OLHakAE2paS1OJqQrHYc+5wEAdo
   DU/0BmNvNNYOekmHZT19C1+cIwZFo3ACLRN44gZffx+KIng570UcoNYa7NWn
   hzt6gvQHXEp2jnE=
   -----END MYSECRET-----
   

2. Copy the message into the clipboard. Make sure you include the BEGIN and END lines, including the five dashes before the word BEGIN. It doesn't matter if there is other text before or after these lines; text outside will be ignored.
    
   
3. In an Command Prompt (MS-DOS) window type:

   MYSECRET
   

   or, to be sure you mean decrypt, type

   MYSECRET -d
   

   where -d means decrypt.
4. The contents of the clipboard will display as a check.
5. Enter the correct password (in the example above it is "abc").
6. If correct, the decrypted message will display on the screen.
7. The decrypted message will also be in the clipboard for you to paste into a text document.

Syntax

Usage: MySecret [OPTIONS] [-p password] [[-i] infile [[-o] outfile]]
OPTIONS:
-?|-h display this Help
-e|-d force Encrypt/Decrypt
-n do Not ask to confirm password
-w Warn before overwriting existing outfile
-2 use v2.0 algorithm (no compression)
-@ use stdin/stdout pipes if in/outfile not given
-L display licence conditions
EXAMPLES:
MySecret                (=clipboard-mode, prompts for password)
MySecret -p "my pass phrase"
MySecret infile outfile (=file-mode)
MySecret -@ infile      (output to stdout)
MySecret -@ -o outfile  (input from stdin)
MySecret -@             (input from stdin/output to stdout)

Using the in-line password option

The default mode is to prompt for a password which will not be displayed when typed. Alternatively, you can use the -p option to enter a password in the command line.

MYSECRET -p abc

will use the password "abc" to encrypt the contents of the clipboard.

To use a pass phrase with spaces or other punctuation characters in it, surround the pass phrase with double-quote characters, e.g.

MYSECRET -p "hello world#"

Note that a space is required between the "-p" and the password itself.

To use to encrypt a file

If you enter both an input and an output filename in the command line, you can encrypt or decrypt files. When encrypting. the output file will be an ordinary ANSI text file that can be viewed in any text editor, albeit in encrypted and base64 encoded form. The input file for encryption, however, may be a text or binary file of any type.

MYSECRET C:\mydrive\myfile.txt C:\mydrive\myfile.txt.mys

will create the encrypted file myfile.txt.mys. Alternatively

C:
CD \mydrive
MYSECRET myfile.txt myfile.txt.mys

To decrypt

MYSECRET -d myfile.txt.mys myfile.txt

If the name of the file or the folder contains spaces, enclose the name in double-quotes

MYSECRET "My Documents\myfile.txt" "My Documents\myfile.txt.mys"

Using MySecret in Batch Files

This example will allow you to do "automated" encryption of a particular file using a batch file.

1. Create a text file ENCR.BAT as follows:

   =====(cut)=====
   echo password is "%1"
   if "%1"=="" goto NOPASSWORD
   
   set mypwd=%1
   
   mysecret -p %mypwd% $backup.zip $backup.zip.mys
   if not errorlevel 1 del $backup.zip
   
   set mypwd=
   goto DONE
   :NOPASSWORD
   echo no password
   :DONE
   =====(cut)=====
   

2. Open a command prompt (MS-DOS) window in the relevant directory where your file is.
3. At the command prompt type

   ENCR password
   

   where "password" is your password.
4. The file in this example "$backup.zip" will be encrypted and the output will be the new file "$backup.zip.mys".

Remarks

• If you want to encrypt clipboard data or a file that actually contains the text "-----BEGIN MYSECRET", the program will automatically try to decrypt it. To prevent this include the -e option in the command line. For example:

  MYSECRET -e
  

  or

  MYSECRET -e myfile.txt myfile.txt.mys
  

• Use the "-n" option to avoid having to re-type the password.

  MYSECRET -n
  

• To encrypt or decrypt files, both the input and output filenames must be in the command line, or the program will default to clipboard mode. The default is to overwrite the output file without warning - you have been warned! To prevent this, use the -w option which will prompt if an existing file of the same name exists. The output filename may be the same as the input filename, in which case the original data will be overwritten.
   
  
• The program needs at least two times free memory as the size of the object you are encrypting or decrypting. So don't complain about your 1 GB file.

Security Considerations

MySecret is a software application that provides a method for encrypting data using the Blowfish block cipher algorithm. The security provided in theory is the lesser of 128-bits and the entropy provided by the user's password. No opinion is offered on the security of the Blowfish algorithm itself. It is the responsibility of the user to provide a password or pass phrase of sufficient strength and to protect the secrecy of that password, including protecting against exposure by malware or keystroke loggers on the user's computer.

Using from Web Mail

Peter Brown suggests emailing MySecret.exe as an e-mail attachment to each of your web-mail accounts. Simply double-clicking on the attachment runs the program in clipboard mode (depending on your browser security settings). In this way you can encrypt and decrypt from any computer in the world that can access the web. Thank you for an excellent suggestion, Peter.

Examples in Use

We use MySecret to pass confidential data to a web site for one of our clients. See http://www.chancellor.net.au/.

There is a demonstration VB6 project using CryptoSys API.

Linux Version

The file `MySecret' is an executable compiled using gcc version 2.91.66 on an i686 computer running Linux 2.4.30: MySecret-3.1.1.bin-i386.tbz (44 kB), MySecret-3.1.1.bin-i386.zip (43 kB). It is compiled from the same source code as the Windows version, but it only works in file-to-file mode. (Hint: You may find the -@ option useful.) If it works for you on your ix86 Linux system, please use it.

Acknowledgements

The source code used in MySecret is original code written by David Ireland except for the following:

• The Blowfish encryption functions use code placed in the public domain by Bruce Schneier as published in Applied Cryptography (second edition, John Wiley, 1996).
• The base64 encoding functions use code derived from work placed in the public domain by Carl M. Ellison in 1995.
• The CRC-24 function uses code derived from RFC 2440 OpenPGP Message Format, Callas et al, November 1998.
• The basic code implementing the RSA Data Security, Inc. MD5 Message-Digest Algorithm is derived from that published in RFC1321 and is covered by the following copyright:
  Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved. License to copy and use this software is granted provided that it is identified as the ``RSA Data Security, Inc. MD5 Message-Digest Algorithm'' in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as ``derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm'' in all material mentioning or referencing the derived work. RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided ``as is'' without express or implied warranty of any kind. These notices must be retained in any copies of any part of this documentation and/or software.
• The ZLIB data compression utilities use source code with permission from the 'zlib' general purpose compression library version 1.2.3 Copyright (C) 1995-2005 Jean-loup Gailly and Mark Adler.

The executable was compressed using UPX, the Ultimate Packer for eXecutables available from http://upx.sourceforge.net or http://www.oberhumer.com/opensource/upx/.

The Program

MySecret is written in ANSI C and has been compiled using Microsoft Visual C++ 5.0. The program is a Win32 executable that has been tested on Windows 95/98/NT4/2K/XP. There is also a version compiled on a Linux machine. The first version was published on 8 February 2002. Version 2 was released in June 2003. The current Version 3 was first released on 11 May 2007. MySecret is copyright © 2002-7 DI Management Services Pty Ltd. All rights reserved.

Technical details

For the technical minded, here's how it works in Version 2 and Version 3.

The program takes its input buffer from either the clipboard or the specified file. Unless the program is explicitly instructed to encrypt or decrypt with the -e or -d options in the command line, it will examine the input buffer for the "-----BEGIN MYSECRET" framing characters. If the framing is present, the program will attempt to decrypt the characters up to "-----END MYSECRET". In all other circumstances, it will encrypt the entire input buffer.

To encrypt, the program does the following:-

1. Checksum: Compute a 24-bit CRC checksum of the plaintext input buffer.
2. Generate an IV: Generate a 64-bit Initialisation Vector (IV) by making an MD5 hash of the current time and the CRC value computed above. Set the IV to be the first 8 bytes of the resulting message digest value.
3. Set key: Generate a 128-bit key by using the IV as a salt (s) and stretching the user's pass phrase (p) by hashing with MD5 repeatedly as follows:
   • Set X(1) = MD5 (p || s)
   • For i = 2 to 1024, set X(i) = MD5 (X(i-1) || p || s)
   • Set the key as the final value of X(i).
   where || denotes ordered concatenation of two strings.
4. Construct a padded encryption block:
   Version 2:
   1. Append the 3-byte CRC-24 checksum to the input buffer in big-endian order.
   2. Pad the result of the previous step by appending a padding string of between 1 and 8 bytes to make the total length of the encryption block an exact multiple of 8 bytes. The value of each byte of the padding string is set to the number of bytes added - i.e. 8 bytes of value 0x08, 7 bytes of value 0x07, ..., 2 bytes of 0x02, or one byte of value 0x01. This is the padding method recommended in RFC 2630, RFC 3370, RFC 1423, PKCS#5, and PKCS#7.
   
   Version 3:
   1. Compress the plaintext input using the ZLIB `compress' function.
   2. Prepend the compressed data with a 10-byte header:
      • a 2-byte signature ZS: 0x5A04 ('Z' + 0x04), plus
      • the compressed length CLEN as a 32-bit integer in big-endian order, plus
      • the original, uncompressed length ULEN as a 32-bit integer in big-endian order.
   3. Append the 3-byte CRC-24 checksum in big-endian order.
   4. Append a padding string of length NPAD between 9 and 72 bytes to make the total length of the encryption block an exact multiple of 8 bytes. This padding string consists of
      • a "guard" block of 8 bytes each of value equal to the length, NPAD, of the padding string; plus
      • a sequence of length 8*k of bytes each of random value [0,255] where k is a random integer between 0 and 7; plus
      • a final block of size [1,8] bytes of value NPAD.
5. Encrypt: Create the ciphertext by encrypting the encryption block using the Blowfish algorithm in Cipher Block Chaining (CBC) mode with the key and IV as generated above.
6. Add header: Prepend the ciphertext with a 12-byte header consisting of
   • A 4-byte signature: 0x4D59FC00 ('M' + 'Y' + 0xFC + 0x00) for Version 3, or 0x4D59FD00 ('M' + 'Y' + 0xFD + 0x00) for Version 2; plus
   • The 8-byte IV
7. Encode: Encode the resulting output using base64 encoding (RFC 2045 s6.8).
8. Frame: Add CR-LF characters every 60 characters and surround with BEGIN and END frames in a similar manner to that used in PGP (RFC 2440 s6.2) and in Privacy Enhanced Mail (RFC 1421 s4.4).

Version 2

                 +---------------+
                 | Input buffer  |
                 +---------------+
                 |               |
                 +---------------+--------+----------+
                 | Plaintext...  | CRC(3) | PAD(1-8) |
                 +---------------+--------+----------+
                 |<----------(encrypt this)--------->|
+------+---------+-----------------------------------+
|SIG(4)|  IV(8)  | Ciphertext...                     |
+------+---------+-----------------------------------+
|<-------------------(encode this)------------------>|
+----------------------------------------------------+
| Base64-encoded output...                           |
+----------------------------------------------------+

Version 3

                                     +-----------------------+
                                     | Plaintext...          |
                                     +-----------------------+
                                     |<----(compress this)-->|
                                     |                      /
                                     |                     /
               +-----+-------+-------+--------------------+------+---------+
               |ZS(2)|CLEN(4)|ULEN(4)| Compressed data... |CRC(3)|PAD(9-72)|
               +-----+-------+-------+--------------------+------+---------+
               |<----------------------(encrypt this)--------------------->|
+------+-------+-----------------------------------------------------------+
|SIG(4)| IV(8) | Ciphertext...                                             |
+------+-------+-----------------------------------------------------------+
|<-----------------------------(encode this)------------------------------>|
+--------------------------------------------------------------------------+
| Base64-encoded output...                                                 |
+--------------------------------------------------------------------------+

Decryption is the reverse process. The program will decode any base64-encoded data found between the framing characters. It will then look for and skip over the signature and extract the IV from the input before deciphering the remaining ciphertext using the key generated from the user's pass phrase and IV. If there is no signature, the program will assume that the ciphertext was created using MySecret Version 1 and decrypt accordingly.

After decryption, the program checks that decryption has been successful by examining the decrypted block.

Version 2: Working backwards from the end of the decrypted data, there should be between 1 and 8 padding bytes each of the same value between 0x01 and 0x08 preceded by a 3-byte CRC-24 checksum which should match a CRC checksum of the preceding plaintext data.

Version 3: Confirm that the first two bytes are 'Z' and 0x04. Convert the subsequent 8 bytes into the two 32-bit integers CLEN and ULEN. Check that the values of these integers are reasonable (not negative, not too large, CLEN < decrypted block size). Get the length NPAD of the padding string from the last byte in the block. Verify that the first 8 bytes of this padding string are all of value NPAD. Extract the 3-byte CRC-24 checksum immediately before the padding string, uncompress the compressed data to recover the original plaintext, compute the CRC-24 checksum of this, and make sure the two checksum values are equal.

If any of these checks fail, the program will indicate a "Decryption Error". Otherwise it will output the recovered plaintext either to the clipboard or to a file.

There is a VB6 project that demonstrates the algorithm available here.

Security Enhancements in Version 3

• Asking for confirmation of the password should eliminate typing errors.
• Compression of the plaintext before encryption adds to security by removing a lot of the structure in the data. For longer messages, it reduces the amount of data in the output. For shorter messages (where the `compression' algorithm actually outputs a longer string than the input), it helps to disguise the length of the message.
• Adding a small random number of random padding bytes helps to disguise the actual length of short messages. This makes the same message encrypted twice harder to identify.
• Confirmation of correct decryption is now confirmed by several overlapping checks:
  1. A two-byte (16-bit) signature
  2. An 8-byte (64-bit) "guard" block in the padding string
  3. A 32-bit length value in the header
  The chances of all these 112 bits accidentally decrypting to valid values with the wrong key is negligible.

Changes from Version 1 to Version 2

• In version 1, we used a fixed Initialisation Vector (IV) of 0x365c365c365c365c in CBC mode (pinching bytes from the HMAC algorithm). Using the same value potentially makes messages with the same first 8 bytes encrypted with the same key simpler to crack. In version 2, we eliminate this by using a pseudo-random 64-bit IV, which is stored with the encrypted output data.
• In version 1, the 128-bit Blowfish key was derived by simply making an MD5 hash of the user's pass phrase. While this gave us 128-bits, it did not increase the keyspace to be searched. Version 2 uses the pseudo-random IV to 'salt' the pass phrase and 'stretches' the phrase by repeatedly hashing it with MD5 along with the salt for 1024 iterations. This makes attempts to try all possible passwords an order of magnitude harder.
• In version 1 after decryption, we just checked the value of the final padding byte to make sure it was in the expected range between 0x01 and 0x08. If it wasn't, we'd flag an error. This simple test has approximately an 8/256 chance of indicating success when it shouldn't. Version 2 is much stricter: it appends an CRC-24 checksum of the plaintext to the input block before encrypting. When decrypting, all the decrypted padding bytes are checked as well as the checksum. Any discrepancy is flagged as an error. The chances of an unsuccessful decryption giving a false positive are negligible.
• In version 1, you had to include the -d option to decrypt data. In version 2, the program will by default attempt to decrypt data that appears to be already encrypted. (See the Remarks section for advice on what to do when you don't want this to happen.)

This page last updated 6 February 2008

For more information Contact DI Management.    Return to The Cryptography Page.    [Top]

Copyright © 2002-8 DI Management Services Pty Limited ABN 78 083 210 584 Sydney, Australia.
www.di-mgt.com.au. All rights reserved.

Home | What We Do | Services | Our Approach | About Us | Projects | Tips | Links | Cryptography | CryptoSys API | CryptoSys PKI | CryptoSys KeyExchange | DBXanalyzer | About This Site | Contact | Email Us