home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Business Master (4th Edition)
/
The Business Master - 4th Edition.iso
/
files
/
utilfile
/
enc
/
manual.doc
< prev
next >
Wrap
Text File
|
1993-11-12
|
54KB
|
1,199 lines
EEEEEEEE NN NN CCCCCC !!!!
EE NNN NN CCC CC !!!!
EE NNNN NN CC !!
EEEEEEEE NN NN NN CC !!
EE NN NNNN CC
EE NN NNN CCC CC !!!!
EEEEEEEE NN NN CCCCCC !!!!
Version 1.0
Published By
Apton Corporation
P.O.Box 34620
Chicago, IL 60634
USA
Tel: (312) 777-0282
Fax: (312) 777-2075
Program and documentation (c) 1993, Apton Corporation.
All rights reserved.
ENC! is a trademark of Apton Corporation.
Other product and company names are trademarks
of their respective owners.
======================================================================
IMPORTANT NOTES:
If you run Microsoft Windows in enhanced mode and you use EMM386
and SMARTDRV, you must read Chapter 4 [Section - running Windows in
enhanced mode]. If you use On-The-Fly compression programs such as
Stacker and Double space, you must read Chapter 4 [Section - working
with data compression programs].
======================================================================
ENC! 1.0 [10-12-93] MANUAL.DOC page 1
----------------------------------------------------------------------
CONTENTS
----------------------------------------------------------------------
Chapter 1 INSTALLATION
Prepare install checklist
Installing ENC!
Chapter 2 ABOUT ENC!
Welcome
Features of ENC!
Program limitations
Chapter 3 ENC! BASICS
Private and general access
Encryption modes
Encryption parameters
Transport files
DOS FCB system calls
Renaming files
Chapter 4 WORKING WITH ENC!
Loading ENC!
How to control ENC!
Controlling ENC! from Windows
Running Windows in enhanced mode
Changing and viewing encryption parameters
Working with application programs
Working with data compression programs
If you forget the passwords or encryption key
Chapter 5 WORKING WITH UTILITIES
Maintenance utilities
Manual encryption and decryption
Working with transport files
----------------------------------------------------------------------
Chapter 1 INSTALLATION
----------------------------------------------------------------------
PREPARE INSTALL CHECKLIST
ENC! needs to know a few things during installation. They are
primarily used as initial settings. You can always make changes after
you have installed ENC!. If you are uncertain of the terms used in the
checklist, please read the first three sections of Chapter 3.
1. Disk drive and directory you will like to install ENC!.
Pathname:___________________________________
2. For each local drive (disk drive that is physically in your
computer not from a network server), select the encryption mode
(details in Chapter 3 [Section - encryption modes]) you want to use
and list the file extensions of all the files you want to encrypt.
You can also select encrypt all files option instead of file
extensions. Wildcard characters * and ? are allowed in the file
extensions. If you select encrypt all files option for a drive, it
does not count as a file extension.
For this shareware version, you can only select 2 file extension/
disk drive combinations instead of 64 in registered version. But,
you can elect to encrypt all files on any number of local drives.
Drive A:
[ ] Encrypt all files [ ] Use secure mode
File extensions:
__________________________________________
__________________________________________
Drive B:
[ ] Encrypt all files [ ] Use secure mode
File extensions:
__________________________________________
__________________________________________
Drive C:
[ ] Encrypt all files [ ] Use secure mode
File extensions:
__________________________________________
__________________________________________
Drive D:
[ ] Encrypt all files [ ] Use secure mode
File extensions:
__________________________________________
__________________________________________
3. Do you want ENC! to check all executable files before they are
loaded? If you select to encrypt all files in any disk drive, we
strongly recommend to select this option. You can also select this
option if you just want to be sure. Details on this option are in
Chapter 3 [Section - encryption parameters].
[ ] Yes [ ] No
4. What will be the private password, the general password, and the
encryption key? Details on passwords and encrption keys are in
Chapter 3 [Section - private and general access]. The passwords
and encryption key can be any combination of printable characters
including space except double quote (") and back slash (\). The
length of the passwords and encryption key are at least 1 character
and at most 12 characters. Uppercase characters are treated as if
they were lowercase so that you do not have to worry above the
shift and caps lock keys.
Private password : __________________________
General password : __________________________
Encryption key : __________________________
5. Do you want the ENC! to modify your AUTOEXEC.BAT so that ENC! will
be automatically loaded when the computer is turned on? ENC! will
also include its program path into your original path so that you
can access ENC! utilities from any directory.
[ ] Yes [ ] No
To help you to determine the file extensions needed to be
encrypted, we have compiled a list of data file extensions for some
popular programs. This list is just a reference. Data file extensions
may change with different versions of the programs. To be sure, you
can check the file extensions of the actual files created by the
programs or consult your software vendors.
Ami Pro - sam
Autocad - dwg
Autosketch - skd
Corel draw - cdr, eps
Dac Easy - db
Dbase - dbf, ndx, ntx, mdx
Harvard graphics - hpg
Lotus 1-2-3 - wk?, pic
Lotus Freelance - pre
Microsoft Word - doc, dot
Microsoft Excel - xl?
Microsoft Access - mdb
Microsoft Powerpoint - ppt
Object vision - ovd
Org plus for Windows - opw
Paradox - db, px
Quattro pro - wq?
Quicken for Windows - qdi, qdt, qmt, qnx
Quicken for DOS - cdi, cdt, cmt, cnx
Quick book - sdi, sdt, smt, snx
Ventura publisher - chp, txt, cap, sty
Windows write - wri
Word perfect - wp?
Standard backup file - bak
Standard graphic file - tif, pcx, bmp, gif
Standard text file - txt
Windows temporary file - tmp
INSTALLING ENC!
ENC! installation is straight forward. Just insert ENC! program
disk into drive A (or drive B), reach for your keyboard and type:
a:install
Now, all you have to do is to follow the instructions of the
install program and answer a few questions. If you have prepared the
install checklist, just go down the list and the answers are all
there. If you are not sure about the settings of ENC!, use the
following default settings:
ENC! program directory = C:\ENC
Check executables = N [no]
Encrypt all files = N [no]
Use secure mode = N [no]
Modify AUTOEXEC.BAT = Y [yes]
After you have completed the installation, please record your
encryption key and store it in a safe place. The only time you will
use the encryption key again is when you forget your password.
Details on recovering from forgotten passwords are in Chapter 4
[Section - if you forget the passwords or encryption key].
Details about how to use ENC! are in Chapter 4 and Chapter 5.
Please read the file README.DOC in ENC! program directory. The file
contains additional information about ENC!. If ENC! has modified your
AUTOEXEC.BAT file, you can start using ENC! by rebooting the computer.
Otherwise, go to ENC! program directory and type:
encdrv
enc
If you want to immediately adjust all files in a drive to
encrypted files according to the encryption parameters you have just
entered, use your private password to gain private access, then type:
adjenc [drive]\*.* /s
Where [drive] is the drive letter such as c:.
----------------------------------------------------------------------
Chapter 2 ABOUT ENC!
----------------------------------------------------------------------
WELCOME
Welcome to Apton ENC!, the first and only universal real time
encryption system for desktop computers. In today's business world,
security of confidential files stored in desktop computer is a major
concern. Anyone can turn on your computer and read anything he
desires. What he reads may be some confidential files that will
compromise yourself and your company.
Traditionally, data security is achieved by controlling access to
a computer. Users must enter a password to access the computer.
However, this does not actually secure the underlying data in
sensitive data files and it can be bypassed too. It cannot protect
data that are stored in a diskette which may be laying around and
falls in the wrong hands. There are programs that will encrypt their
data files. But these programs only encrypt their own data and
everytime the user wants to access the data, he must enter a password.
The operation is cumbersome and it does not benefit the data generated
by other programs.
ENC! offers a simple solution to the data security problem. In
fact, the most complex operation is to install ENC! into your computer
and it is straight forward. After ENC! is installed, all you have to
do is to enter a password when you turn on your computer. ENC! will
take over and automatically encrypt and decrypt your data. ENC! is
fast. ENC! uses a proprietary method to achieve lightning speed
encryption and decryption. You will not even notice ENC!'s existence.
ENC! is secure. If you happen to look at a file encrypted by ENC!, all
you see is an unintelligible mess. No one can make head or tail out of
it and certainly your programs cannot process it for unauthorized
people to read.
FEATURES OF ENC!
ENC! is a state of the art real time encryption system. It is
designed to be totally transparent to the user. After it is loaded,
you will not aware of its existence. One thing you can be sure is
that the data files you instruct ENC! to encrypt will be encrypted.
ENC! works seamlessly with all types of programs; word processors,
spreadsheets, accounting softwares, databases, presentation graphics,
CADs, etc, etc. It works great with Microsoft Windows too.
Once ENC! is loaded, only authorized person can access encrypted
files. Of course, when you are not in your office, an unauthorized
person can always stop the loading of ENC!. Don't worry, when he looks
at your encrypted data files, all he sees are files of unintelligible
data. There is one important feature of ENC!. If ENC! is not loaded
and the unauthorized person is persistent enough to make a copy of
your encrypted files, what he gets is a damaged copy. The original is
perfectly safe. When you are using secure encryption mode and he later
returns the damaged copy to you, even you cannot read it. If you are
using the recoverable encryption mode, you are the only person who can
recover the damaged copy.
Imagine you are out of town and someone in your office
desperately needs one of your confidential files for an important
meeting. Should you give him your password? You do not want to be
used as an excuse for his performance in the meeting. Certainly you
will not like the idea that he can go through all your privates files.
ENC! has solved this dilemma. ENC! has a built in two levels encrypted
file access control. You can tell ENC! a certain file is private
confidential file and another file is general confidential file. Both
files will be encrypted. However, only you who know the private
password can access both files. You can tell another person the
general password and he can only access the general file.
Most programs that have encryption capabilities work with file
encryption on a one by one basis. If you want to encrypt ten files,
you have to tell the program to encrypt file ten times and enter
password ten times. This is cumbersome and error prone. ENC! works
with files on an application basis. All you have to tell ENC! is the
file extensions of the files and the disk drive they are located and
ENC! will automatically encrypt all the files with those file
extensions which are located on that disk drive. For example, you want
to encrypt your Lotus 1-2-3 files in drive C. All you have to do is to
instruct ENC! to encrypt files with WK1 file extension (or WK* if you
want to encrypt all versions of Lotus 1-2-3 files) in drive C. That's
it. If you desire to dedicate a drive to store encrypted files, you
simply instruct ENC! to encrypt all file extensions in that drive.
If you want to know more about different features of ENC!, please
spare some of your precious time to read chapter 3 - ENC! basics. We
strongly recommend you to read it. It will help you understand how
ENC! works and to make decisions when installing and using ENC!.
WARNING - PROGRAM LIMITATIONS
ENC! does have a few limitations. Following is a short list of
the limitations:
1. ENC! currently only supports MS-DOS 3.1 and above or its fully
compatible equivalents such PC-DOS. It does not support other
operating systems such as DR-DOS, OS/2, or Windows-NT.
2. ENC! does not support FCB system calls of MS-DOS. FCB system calls
are remnants of MS-DOS 1.x versions. Practically no program has use
these system calls for years. We do not want to unnecessarily waste
your precious conventional memory in your computer by increase the
size of ENC! resident encryption engine to support the obsoleted
FCB system calls.
3. ENC! only supports local drives. It does not support remote drives
connected to your computer by means of a local area network. You
will not want to store your confidential files in a public area
anyway.
4. ENC! only supports drives with a maximum of 1024 bytes per sector.
Generally, disk drives are formatted to 512 bytes per sector.
Before MS-DOS 4.0, a partition in a disk drive is limited to a
maximum of 32 megabytes. Some disk management programs and OEM
versions of MS-DOS attempt to overcome this limit by formatting the
disk drive to 1024 bytes per sector. There are also some optical
drives that use 1024 bytes per sector. We do not know of anyone
using sector size larger than 1024 bytes. We just want you to aware
of this limitation.
5. ENC! does not support programs that bypass MS-DOS to access data in
the disk drives. There is a class of programs such as Norton
Utility that bypasses the operating system to perform low level
disk maintenance. ENC! will not interfere with their operations.
These programs will not interfere with ENC! operations either.
Whatever is encrypted stays encrypted and whatever is unencrypted
stays unencrypted. This will not compromise the security of your
data.
6. Due to the apparently random nature of encrypted files, On-The-Fly
data compression programs such as Stacker, Superstor, Double space,
and Double drive will yield a low compression ratio when
compressing encrypted files. This is not something particular to
ENC!. This happens with all encrypted files. ENC! has an advantage.
Regular data compression programs such as Pkzip will not be
affected. They will maintain the usual compression ratio under
ENC!.
----------------------------------------------------------------------
Chapter 3 ENC! BASICS
----------------------------------------------------------------------
PRIVATE AND GENERAL ACCESS
There are files that are for your eyes only. There are files that
you allow someone you trust to access. There are also files that you
do not care who can access them. ENC! features a multiple access
control system that can limit file access according to your
specifications.
ENC! divides files into three access levels, namely, private
files, general files, and unrestricted files. Private files can only
be accessed by a person who knows a private password. Generally, you
are the only person who knows it. Private files may be your personal
files that you do not want anyone to access. General files can be
accessed by anyone who knows either the private password or a general
password. Generally, you will give the general password to a person
who will handle your confidential documents when you are not in your
office. Say, your secretary. General files can be some confidential
company files that others in your company may occassionally need to
access. Unrestricted files can be accessed by anyone. These are files
that pose no security hazard.
When you have private access privilege, you can create and access
private files. ENC! provides you with a simple way to designate a file
as private. If the first character of the filename is the character &,
the file is a private file. When someone with general access privilege
creates a file using & as the first character of the filename, the
file is a general file.
Do you have the uneasy feelings when someone is across
your desk while you are typing a password to access a confidential
file? I do. You can change the password after the person is gone.
But, if you have a hundred confidential files, you will not enjoy
changing password for each file a hundred times. I assume you can
remember which hundred files you need to change. ENC! has a simple
solution to this unpleasant problem.
Traditionally, program with encryption capabilities uses the
password as an encryption key to encrypt your files. The encryption
key dictates how a file is being encypted. If the encryption key is
changed, the file has to be decrypted with the old encryption key and
re-encrypted with the new encryption key. This is why you have to
change the password for all the hundred files mentioned above. It is
slow and cumbersome. ENC! separates the password from the encryption
key. The private password and general password are used only to
establish the access privilege. They have no bearing on how your files
are encrypted. When you change the passwords, there is no effect on
your encrypted files. You can change the passwords for all encrypted
files in seconds. Since you do not need to enter the encryption key
again after installation, no one will know what it is.
"But I can easily forget my password. I am screwed, am I?". No,
you are not. When you install ENC!, it is important to write down your
encryption key and store it in a safe place. When you forget your
password, just go and get your encryption key. You can reestablish the
passwords in minutes, that's it! Your encrypted files will be back
online. Details are in Chapter 4.
ENC! allows you to change the encryption key too. However, this
process is more involved and time consuming. You have to decrypt all
the encrypted files before you can change the encryption key. After
you change the encryption key, you have to re-encrypt the files.
Don't worry, ENC! comes with utilities to ease the pain. Details are
in chapter 4.
ENCRYPTION MODES
ENC! will not allow unauthorized person to access encrypted
files. However, it is possible for him to interrupt ENC! loading
process. This will not be a problem since the encrypted files are in
unintelligible form. The unauthorized person can read the files but
he cannot understand what are in them. However, on the safe side, ENC!
adds in a feature to safeguard from unauthorized copying of encrypted
files. Any copying of encrypted files short of using diskcopy while
ENC! resident encryption engine is not loaded will produce a damaged
copy. The original is perfectly safe. This feature is particularly
effective if encrypted files are stored in hard disk since they cannot
be duplicated by means of diskcopy.
You may worry about getting damaged copies if you happen to
forget to load the ENC! resident encryption engine. This is quite
unlikely. ENC! installation will place the command to load ENC!
resident encryption engine in your AUTOEXEC.BAT file so that the
engine will be automatically loaded when the computer is turned on.
Nevertheless, ENC! offers an option to ease the your mind. You select
the encryption mode.
There are two encryption modes ENC! can use to encrypt data
files. Namely, the recoverable mode (default setting) and the secure
mode. As mentioned above, unauthorized copying of ENC! encrypted file
will produce a damaged copy. If ENC! uses recoverable mode to encrypt
a data file, the damaged copy can be repaired by an ENC! utility
called FIXENC. The utility requires private access privilege to
operate and it repairs the damaged copy according to your encryption
key. You are the only person who can repair the damaged copy. If ENC!
uses secure mode to encrypt a data file, the damaged copy is
irreparable. The selection of encryption mode is on a drive by drive
basis. You can change the encryption mode anytime you like. ENC! will
automatically recognize the encryption mode used by an encrypted file
and processes it accordingly.
There are differences between the two encryption modes. They
concern the security of your encrypted files. When files are encrypted
in recoverable mode, it is possible for a computer expert who knows
your general password and is knowledgeable with the internal working
of ENC! to read your private files. If your private files are
encrypted in secure mode, they are virtually impossible for anyone but
yourself to read. When two identical files are encrypted in
recoverable mode, the two files will contain identical encryption
pattern. When two identical files are encrypted in secure mode, the
two files will contain totally different encryption pattern which
makes the encryption even more secure.
For a person without knowledge of your private and general
passwords, encrypted files generated by either encryption modes are
virtually impossible to break. When ultimate data security is your
goal, secure encryption mode is the better method. Generally, the
recoverable encryption mode is secure enough. The choice is yours.
ENCRYPTION PARAMETERS
Traditionally, program with encryption capabilities works with
encryption on a file by file basis. Each time you create a new
encrypted file, you have to instruct the program to encrypt the file.
ENC! uses a different approach.
Generally, data files of a certain program will most likely
contain confidential information. They may be your word processor,
spreadsheet, or database files. Files of the same program have one
thing in common, they have the same file extension. ENC! takes
advantage of this trend. It uses file extension and the disk drive
where a file is located to determine whether a file should be
encrypted. You only have to inform ENC! what file extension and at
what drive needs to be encrypted and ENC! will do the rest. You do not
have to decide whether to encrypt when you create a file. This method
may encrypt files that do not warrant the security. We do not think
you will mind to overly secure your files in exchange for the
convenience. If you are uncomfortable with securing files that do not
warrant the security, you can create the files in another drive that
does not use the file extension for encryption.
During ENC! installation, the install program will request you
to enter selections of this file extension and disk drive combination.
You can make a maximum of 64 selections with ENC! registered version.
You are only allow 2 selections with ENC! shareware version.
Alternatively, you can instruct ENC! to encrypt all files in a disk
drive. This does not count as a selection. If you have a lot of file
extension/disk drive combinations, you could consider dedicating a
disk drive to store encrypted files. It should be noted that a disk
drive does not mean a physical disk drive. Rather, it means a logical
drive created by DOS. Even though you may have only one hard disk
drive in your computer, DOS can create multiple logical drives using
different drive letters such as drive C, drive D, etc.
ENC! will not encrypt files with EXE, COM, SYS, BAT, OVL, and
DLL file extensions. They are executable files and encrypting these
files will cause problem with their loading. There are some programs
that use overlay files but do not follow the OVL file extension
convention. If you instruct ENC! to encrypt all files in a disk drive
then you install one of these programs into the disk drive, ENC!
cannot distinguish data files from these overlay files. The overlay
files will be encrypted and they will not work. To counter this
problem, ENC! can optionally check all executable files before they
are loaded. If ENC! finds an encrypted executable file, it will be
decrypted. There is a slight speed penalty to enable this option.
Normally, this speed penalty is not noticeable.
When you want to change the encryption parameters, you can use
the SETUP utility to make the change. It should be noted that when you
change the encryption parameters, the encryption status of existing
files will not change. The reason for ENC! to maintain the existing
files encryption status is that sometimes you may want to have
temporary change in encryption parameters. If ENC! adjusts the
encryption status of all the files in your computer whenever you
change the encryption parameters, it will waste a lot of your precious
time. In any case, ENC! will automatically keep track of the
encryption status of your files and you do not have to concern about
the encryption status of your files.
If you have to adjust the encryption status of your files such
as right after you have completed the installation process, ENC!
provides you with the tools. You can use ADJENC utility to adjust the
encryption status of any or all the files in a disk drive according
to the encryption parameters. You can use ENCRYPT utility to encrypt
any or all the files in a disk drive. You can also use DECRYPT utility
to decrypt any or all the files in a disk drive. After you adjust the
encryption status of your files, you may want to make sure they are
adjusted. CHKENC utility will show you the encryption status of any or
all files in a disk drive. Details about these utilities will be
discussed in chapter 5.
TRANSPORT FILES
You may need to send a diskette containing confidential files to
some client across town. How can you be sure no one has looked at or
copied the confidential file before it reaches the desk of the
intended person? This is the reason ENC! provides you with transport
file. A transport file is an encrypted file that has the same nature
as the encrypted files in your computer. The content is unintelligible
and any copying of the file short of using diskcopy will produce a
damaged copy but the original is perfectly safe. There is one
difference, you can specify any encryption key to generate the
transport file. Before you send a person your file, you can make
arrangement with the person as to what encryption key to use. After
you decide what encryption key to use, you can use ENCRPYTK utility
to convert existing files into transport files.
Transport files are always encrypted in secure mode. Even if
someone intercepts the files and makes an unauthorized copy using
diskcopy, the encryption is virtually unbreakable. Once a transport
file is created, even you cannot read it or copy it. A transport file
can only be decrypted by the DECRYPTK utility. The decryption process
will not alter the transport file. It will only create a decrypted
copy of the transport file. This is to prevent the other person from
accidentally using the wrong encryption key to decrypt the transport
file and damages the transport file. If file extension of the copy is
set to be encrypted, the decryption will be followed by encryption of
the copy.
DOS FCB SYSTEM CALLS
ENC! does not support DOS FCB system functions except the FCB
rename file and FCB delete file functions. FCB system functions are
obsoleted since DOS 2.0. They are only used by some antique programs
that are designed to work with DOS 1.x. We do not want to increase the
size of ENC! resident encryption engine to accommodate something that
nobody will use. If you are using programs that use FCB system
functions, there will not be any problem. The only limitations are
that ENC! will not encrypt data files created and used by these
programs and these programs cannot access any encrypted files. Care
should be taken to ensure the file extensions of the data files used
by these programs are not included in the encryption parameters.
If you are not certain whether a program uses FCB system
functions to access data files, you can easily find out using the
following steps:
1. Use the program to create a test file and then exit the program.
2. Encrypt the test file using ENCRYPT utility. Assuming the name of
the test file is test.tst, type:
encrypt test.tst
3. Run the program and open the test file. If the program does not
recognize the test file exists, the program is using DOS FCB system
functions to access data files.
RENAMING FILES
Encryption status of a file will automatically be adjusted after
the file is renamed. If you rename an encrypted file to a name with
unencrypted file extension, the file will be decrypted. The same
holds true with private files. If you have private access privilege
and you rename a private file to a general filename (that is, the
first character of the filename is not the character &), the file will
become a general file.
When ENC! is loaded, person with lower access privilege cannot
rename a higher privilege file. If you do not enter a valid password,
you cannot rename any encrypted file. If you have general access
privilege, you cannot rename a private file.
Programs such as word processors usually use temporary work file.
When you modify a document, the program will copy the original file to
a temporary work file. All your modifications will be made on this
temporary work file. When you have completed your modifications, the
program will copy the original file to a backup file. The original
file will be deleted and the temporary work file will then be renamed
with the original filename. If there is a discrepancy between the
encryption parameters and the encryption status of your file, this
type of operation may affect the encryption status of your file.
Example, you have created an encrypted file and then removed the
file extension of the file from the encryption parameters. The file
will stay encrypted. If you later use a program that uses temporary
work file to modify the file, the renaming process of the program will
change the file to an unencrypted file. Generally, most word processor
programs use temporary work file and most database programs do not.
----------------------------------------------------------------------
Chapter 4 WORKING WITH ENC!
----------------------------------------------------------------------
LOADING ENC!
ENC! provides real time encryption with two programs. ENCDRV.EXE
is a resident encryption engine for performing all the real time
encryption operations. ENC.EXE is the control program which verifies
the passwords and controls the operation of the resident encryption
engine. Normally, the install program will modify your AUTOEXEC.BAT to
load the two programs automatically. However, if you want to load them
manually, load ENCDRV.EXE first then load ENC.EXE.
We strongly recommend to include both programs in your
AUTOEXEC.BAT. If this is not desirable, at least include ENCDRV.EXE so
that ENC! has control of your encrypted files and you can run ENC.EXE
later. You can manually modify AUTOEXEC.BAT by adding the follows:
1. The path of ENC! program directory.
2. If you have a monochrome display, add SET enc=mono.
3. ENCDRV.EXE
4. ENC.EXE
HOW TO CONTROL ENC!
ENC.EXE controls the operation of ENC!. It verifies the
passwords, it allows you to temporarily disable and then re-enable
the encryption. It also allows you to reset ENC! so that you can
change access privilege with another password. It further allows you
to change the passwords and the encryption key.
After you use ENC.EXE to gain private access privilege with the
private password, the next time you run it, it will display the
following options:
F2 Reset
This will reset the resident encryption engine. Next time you
use ENC.EXE, it will require you to enter a password. If you are
away from your office and you do not want to turn off your
computer, use this option.
F3 Disable encryption
This will temporarily disable the resident encryption engine. Next
time you use ENC.EXE, it becomes enable encryption. This option
will toggle between temporary disable and re-enable the resident
encryption engine.
F4 Change private password
F5 Change general password
F6 Change encryption key
Use this option to change encryption key. Before selecting this
option, you should use DECRYPT utility to decrypt all encrypted
files in your computer. Otherwise, you will have files with
different encryption keys and ENC! will only process one
encryption key at a time. Details are in Chapter 4.
If you have general access privilege, only option F2 and option
F3 are available. When you have private access privilege and you
want to designate a file as private, use the character & as the first
character of the filename. This is all you have to know to control
ENC!. Details about using ENC! utilities are in Chapter 5.
If you have a monochrome display, ENC! installation will modify
AUTOEXEC.BAT to inform ENC.EXE. However, if ENC.EXE cannot get this
information and display in color mode, you can add /M after the
command.
Example: enc /m
CONTROLLING ENC! FROM WINDOWS
If you want to run ENC.EXE from Windows, you can either use
File|Run option in program manager or create an icon for ENC.EXE so
that you can run it by double click the icon. Following is the
procedure to create an icon for ENC.EXE:
1. While in program manager, make the program group you want to place
ENC! icon active by double click on the group icon or click on the
group window.
2. Choose File|New option of program manager.
3. Select the [add program item] box and click OK.
4. On [description] box type ENC! 1.0 Control. Click browse and select
ENC! program directory. Select ENC.PIF then click OK. Make sure
[run minimize] box is not selected. Click change icon.
5. Click OK when informed that there is no icon associated with the
file. Click browse and select ENC! program directory. Select
ENC.ICO or ENC2.ICO then click OK until returning to program
manager.
ENC.PIF is setup to run ENC.EXE in full screen mode. If you want
to run ENC.EXE in a window, you can use the Pif Editor to change
ENC.PIF setting to window mode. You must run Windows in enhanced mode
to use this setting.
RUNNING WINDOWS IN ENHANCED MODE
When ENC! resident encryption engine is loaded, if EMM386 and
SMARTDRV are also loaded, running Windows 3.x in enhanced mode will
cause Windows to lock up during initialization. If either EMM386 or
SMARTDRV is not loaded, there will be no problem. If you are not sure
whether EMM386 and SMARTDRV are loaded in your computer, you can look
at the CONFIG.SYS file in the root directory of the boot drive. If you
find a line:
device=[path]emm386.exe
EMM386 is loaded. If you find a line in CONFIG.SYS file:
device=[path]smartdrv.sys
or, device=[path]smartdrv.exe
or, if you find a line in AUTOEXEC.BAT file:
[path]smartdrv.exe
SMARTDRV is loaded. In all cases, [path] is the path where the drivers
are located such as c:\dos\.
The reason for the problem is that when EMM386 and SMARTDRV are
loaded and Windows runs its enhanced mode initialization, they are not
completely compatible with MS-DOS. During this moment, if some of the
MS-DOS system functions are executed, they will crash the system. ENC!
happens to use one of the functions. To get around this problem, you
can use one of the following options:
1. If your programs do not need expanded memory and you do not load
TSRs into high memory, eliminate EMM386 by deleting the line in
CONFIG.SYS file that loads EMM386.EXE.
2. Use other disk cache program instead of SMARTDRV. We only
experience problem with SMARTDRV. Other excellent disk cache
program such as PC-CACHE that comes with PCTOOLS or QCACHE that
comes with 386MAX all works well with ENC!. If you need to load a
lot of TSRs into high memory, QCACHE with 386MAX is the better
choice since 386MAX manages memory much more efficient than MS-DOS.
3. If you must use EMM386 and SMARTDRV, you can run Windows in
standard mode using win /s option.
4. If you must run Windows in enhanced mode with EMM386 and SMARTDRV,
you can use ENC! utility to suspend ENC! operations during Windows
enhanced mode initialization. Details will be discussed below.
ENC! utility SUSENC can be used to suspend all ENC! operations as
if ENC! is not loaded. It has to be run before starting Windows. ENC!
will automatically resume its operations after Windows initialization
is completed.
Care must be taken to use this option. You must make sure files
needed for Windows enhanced mode initialization are not encrypted
since ENC! is suspended and it cannot decrypt any files. Do not use
encrypt all files option for the drive that contains Windows system
directory. The following will show you how to setup and use the
utility:
1. Go into ENC! program directory and insert ENC! program disk into
drive A (or drive B) then type:
copywin a:
this command will copy all the necessary files from ENC! program
disk into ENC! program directory.
2. Whenever you want to run Windows, type:
wine
You can use any Windows options such as /s with this command.
If you do not like to use the command WINE, you can rename the
file WINE.BAT in ENC! program directory to whatever name you desire as
long as there is no conflict with other program. Do not change the
name to WIN.BAT unless you rename WIN.COM in Windows directory and
make the corresponding change in WINE.BAT. Example:
1. Rename WIN.COM to WIN31.COM
2. Use a text editor to change WINE.BAT in ENC! program directory:
from win %1 %2 %3 %4 %5
to win31 %1 %2 %3 %4 %5
3. Rename WINE.BAT to WIN.BAT
4. When you want to run Windows, type:
win
CHANGING AND VIEWING ENCRYPTION PARAMETERS
You can use SETUP utility to change the encryption parameters any
time you like. The procedure is the same as what you have done during
ENC! installation. If you have a monochrome display, ENC! installation
program will modify AUTOEXEC.BAT to inform SETUP. However, if for some
reason the program cannot obtain this information and display in color
mode, you can add /M after you enter the program name. Example:
setup /m
You can run SETUP only when you have private access privilege.
After you have completed the changes, you have to run ENC.EXE and use
F2 to reset ENC! and then enter your private password. ENC! will
inform you that ENC.SYS has been changed. Type P to instruct ENC! to
proceed with the new encryption parameters. These procedures are to
prevent unauthorized changes in encryption parameters.
If you want to view the encryption parameters setting, you can
run SETUP and select to use existing parameters. When you finish
viewing the encryption parameters, type F10. SETUP will ask you
whether you want to save the encryption parameters, type N to exit.
WORKING WITH APPLICATION PROGRAMS
When installing programs into a drive that encrypts all files and
you have not selected the check all executable files option, always
run ENC.EXE and use F3 to temporary disable encryption before you
install the programs. After you finish installing the programs, run
ENC.EXE again and use F3 to enable encryption. This is to prevent ENC!
from encrypting overlay files that use unconventional file extensions.
Most programs will generate backup files after you have modified
the data files. If you want to keep your data confidential, do not
forget to include the file extension of the backup files along with
the regular files in the encryption parameters. Usually, the file
extension of backup files is [bak]. However, some software vendors may
use a different file extension. If you are not sure, consult your
software vendors.
Most Windows programs use temporary files to temporarily hold
the data files they are working with. These temporary files will be
erased when you exit the programs. However, the erase process does
not actually erase the data in a temporary file. It just mark the
file as being erased and the disk space previously occupied by the
file is opened for other files. If the disk space is not used by other
files, someone can use some undelete utilities to recover the data in
the temporary file. The recovered data may be your confidential data.
Windows always use the file extension [tmp] for temporary files. If
you want to guard against others from undelete the Windows temporary
files and look at the data in them, just add tmp file extension along
with the regular file extension to the encryption parameters.
WORKING WITH DATA COMPRESSION PROGRAMS
If you use On-The-Fly data compression programs such as Stacker,
Superstor, Double Disk, or Double space (comes with MS-DOS 6.x) to
create a compressed drive and there are ENC! encrypted files in the
original dirve, always gain private access privilege before you create
the compressed drive. The reason is that the create compressed drive
process will copy existing files into the newly created compressed
drive. If you only have general access privilege and there are private
files in the drive, the copying of private files will fail. Worse yet,
if ENC! resident encryption engine is not loaded, the copying process
will damage ENC! encrypted files. Normally you will use your private
password when you are working with your computer so this will not
cause any inconvenience.
Data compression programs cannot effectively compress any type of
encrypted files including ENC! encrypted files due to the apparently
random pattern of the data in these files. For this reason, it does
not make much sense to store any encrypted files in a compressed
drive.
ENC! has a feature that other programs with encryption
capabilities cannot match. If you use any regular data compression
program such as Pkzip to compress encrypted data files generated by
other programs, the compression ratio is dismally low. With ENC!, the
compression ratio is the same as if the files were not encrypted. The
reason for this advantage is that ENC! automatically decrypt ENC!
encrypted files when the data compression program is reading them. The
program will only see the regular data. When the program writes the
compressed file to the disk, ENC! automatically encrypt the compressed
file.
However, you have to remember to include the file extension of
the compressed file into the encryption parameters. If you forget to
do it, the ENC! encrypted files in the compressed file will no longer
be encrypted.
You can use one file extension for regular compressed files and
another file extension for encrypted compressed files. Assuming you
are using Pkzip, you can use the standard ZIP file extension for
unencrypted zip files and ZEN file extension for encrypted zip files.
Use SETUP to include ZEN in the encryption parameters. Example, when
you want to compress files without encryption, type:
pkzip -a abc.zip *.*
when you want to compress files with encryption, type:
pkzip -a abc.zen *.*
When you decompress the compressed file, the encryption status of
the decompressed files will be adjusted according to the encryption
parameters.
IF YOU FORGET THE PASSWORDS OR ENCRYPTION KEY
If you forget the general password, you can simply change the
general password using ENC.EXE. Following are the steps to do it:
1. Use your private password to gain private access privilege.
2. Run ENC.EXE and use F5 to enter a new general password.
When you forget the private password, you can recover from it by
re-establish new passwords provided you know the encryption key. You
should record your encryption key and store it in a safe place. To
re-establish new passwords, simply follow the steps below:
1. Go into ENC! program directory and insert ENC! program disk into
drive A (or drive B).
2. Type:
copy a:enc.enc enc.exe
3. Run ENC.EXE. It will ask you to enter the private password, general
password, and the encryption key similar to ENC! installation.
Simply enter a new private password and a new general password.
Enter the same encryption key as you have recorded.
Even though you have written down your encryption key and store
it in a safe place, there is a chance you will forget where you have
placed it. You can change the encryption key as long as you still
remember the private password. Simply follow the steps below:
1. Use ENC.EXE to obtain private access privilege using the private
password.
2. For every hard disk drive that contains encrypted files, type:
decrypt [drive]\*.* /s
where [drive] is the drive letter such as c:
3. If you have any floppy diskette that contains encrypted files,
insert it into the floppy drive and type
decrypt [drive]\*.* /s
where [drive] is the drive letter of the floppy drive such as a:
4. Run ENC.EXE and choose F6 change encryption key option. It will
remind you to decrypted all encrypted files which you have just
done. Type P to proceed with the option and enter a new encryption
key.
5. After you have change the encryption key, you can use ADJENC
utility to re-encrypt your files by typing:
adjenc [drive]\*.* /s
where [drive] is the drive letter such as c:.
----------------------------------------------------------------------
Chapter 5 WORKING WITH UTILITIES
----------------------------------------------------------------------
MAINTENANCE UTILITIES
All utilities discussed in the following sections require private
access privilege to operate. Wildcard characters * and ? are allowed
in filenames. ENC! has provided you with three utilities to maintain
the encryption system:
CHKENC allows you to find out the encryption status of files in a
directory and its subdirectories. It also searches for encrypted
files. Usage:
CHKENC [path][file] [/s] [/l]
path = optional pathname
file = optional filename
/s = optional check files in subdirectories
/l = optional list encrypted files only
If CHKENC finds an encrypted file, it will show the file's
encryption status as filename [pgsrt],
p = private file
g = general file
s = secure mode encryption
r = recoverable mode encryption
t = transport file
ADJENC will automatically encrypt and decrypt files in a
directory and its subdirectories according to the encryption
parameters. It is primarily used to adjust encryption status of all
files in a disk drive after ENC! installation or changing of
encryption key. Usage:
ADJENC [path]file [/s]
path = optional pathname
file = filename
/s = optional adjust files in subdirectories
FIXENC will fix encrypted files damaged by unauthorized copying.
The files must be encrypted using recoverable encryption mode. It will
fix files in a directory and its subdirectories. Care should be taken
not to use FIXENC on unencrypted files. It will lead ENC! to consider
the files encrypted and try to decrypt them when they are accessed.
This will give you unintelligible data. If this happens, you can use
/r option to remove the fix. Usage:
FIXENC [path]file [/s] [/r]
path = optional pathname
file = filename
/s = optional fix files in subdirectories
/r = optional remove fix
MANUAL ENCRYPTION AND DECRYPTION
You can encrypt and decrypt files regardless of the encryption
parameters setting with two utilities.
ENCRYPT will encrypt files in a directory and its subdirectories
regardless of the encryption parameters. It is primarily used to force
files to become encrypted. Usage:
ENCRYPT [path]file [/s]
path = optional pathname
file = filename
/s = optional encrypt files in subdirectories
DECRYPT will decrypt files in a directory and its subdirectories
regardless of the encryption parameters. It is primarily used for one
step decryption of a large number of files. Usage:
DECRYPT [path]file [/s]
path = optional pathname
file = filename
/s = optional decrypt files in subdirectories
WORKING WITH TRANSPORT FILES
You can convert files into transport files and decrypt transport
files with two utilities.
ENCRYPTK will convert files in a directory into transport files.
The original files will not be altered. Usage:
ENCRYPTK "key" [path]source [path]target
key = encryption key for the conversion. The key
should be enclosed by double quotes and
spaces are allowed in the key.
path = optional pathname
source = original file filename
target = transport file filename
Once a transport file is created, even you cannot read or copy
it. Always convert the file you want to send into the intended
storage medium such as a diskette. Example, if you want to send a file
test.org in drive C as file test.trn using a diskette in drive A with
an encryption key of key, do not use the command:
encryptk "key" c:test.org c:test.trn
and then try to copy test.trn to the diskette in drive A. The copying
will fail. Use the following command instead:
encryptk "key" c:test.org a:test.trn
After the command is executed, test.trn will be on the diskette in
drive A and ready to send out.
DECRYPTK will use the transport files in a directory to generate
a copy of normal files. The transport files will not be altered.
Usage:
DECRYPTK "key" [path]source [path]target
key = encryption key for the conversion. The key
should be enclosed by double quotes and
spaces are allowed in the key.
path = optional pathname
source = transport file filename
target = normal file filename
Even though the encryption key should be enclosed by double
quotes, it is only the general case that will work with all
encryption key combinations. If the encryption key consists of all
alphanumeric characters (1,2,3,...,A,B,C,...) without any space
character, the double quotes can be omitted.
----------------------------------------------------------------------
END
----------------------------------------------------------------------
