Encryption – what it is and what it is not.

Encryption is the process of converting readable plain text into cipher text that is unreadable/meaningless. The goal of doing so is to avoid unauthorized access to data.In order to access the encrypted data, one must ‘decypt’ data. Decryption is the process of converting cipher text into readable plain text. Decryption of encrypted data is expected to be done by authorized people. In order to decrypt data, keys are used; So that only authorized people have the key and they can only decrypt.

However some people have the misconception that hash functions are used for encryption. Hash functions are one way – the message digest obtained cannot be reversed (One cannot go back to the original value for a given hash value). Whereas in encryption, one can go back to the original value by decrypting. Therefore hashing is used for saving passwords in databases and checking if a file has been modified or not. Encryption is needed when you need to hide information from unauthorized parties. Some applications of encryption : handling credit card information, communicating confidential information, websites using https protocol etc.

Encryption – Symmetric vs Asymmetric

Symmetric encryption algorithms are the encryption algorithms that use the same key for both and decryption of data. As opposed to symmetric, asymmetric encryption algorithms use two keys – one for encryption and one for decryption.

Some examples for well known Symmetric Algorithms : DES, Triple DES and AES.
Some examples for well known Asymmetric Algorithms : RSA, DSA.

Symmetric Encryption – Block cipher vs Stream cipher

Symmetric Encryption algorithms are further classified into stream ciphers and block ciphers. Stream ciphers are ciphers are algorithms that encrypt data byte byte (One byte at a time) and Block ciphers are algorithms that encrypt data block-wise (Blocks can have 1 byte or more).

Block ciphers – Modes of operation.

Depending on the order and procedure how block ciphers encrypt blocks of data we can classify them into several categories. Electronic Code Book (ECB), Cipher Block Chaining (CBC), Output Feedback(OBF) and Cipher Feedback (CFB) are some of them.

ECB

refers to algorithms that encrypts one block of data using a key and then goes on to encrypt the other blocks using the same key. When we use ECB, if the bytes of two blocks are the same then the ciphers of those blocks will also be the same as the key used to encrypt each block is the same. Hence there could be patterns in the final cipher text and therefore this mode of operation is not the best to use.

CBC

refers to algorithms that XOR outputs of previous blocks along with the plain text blocks and then encrypt the resulting data using a key. Since there is no output to XOR for the first block of data, an Initialization Vector(IV) is used. Therefore the output of 2 similar blocks will be most likely different and hence these algorithms are more secure than ECB as there is very less chance of seeing patterns in the resulting cipher. For this reason I have used cbc based encryption in every possible scenario in this tool that is developed by me.

[1]

CFB

algorithms are quite similar to CBC algorithms. The difference is that, CFB algorithms encrypt the resulting ciphertext of the previous block using the key and then XOR it to the plain text to get the output. These algorithms use an initialization vector as well.

[2]

OFB

algorithm is similar to CFB algorithms. The difference is, the fact that they take the output of the previous encryption prior to being XOR-ed with the plaintext as the input to be encrypted of the current block. They too have an initialization vector.

[3]

Since output blocks (String of bits) are fed back into the encryption algorithm continuously, both CFB and OFB converts block cipher into stream cipher. Thereby offering benefits of stream cipher as well.

IhsansEncryptor – Features

The tool I have developed to encrypt and decrypt files and directories is known as IhsansEncryptor and it could be found at : https://github.com/ihsanizwer/Ihsans-Encryptor

These are the features that it has to offer.

• Encrypting  and decrypting data using symmetric encryption algorithms such as : Blowfish, RC2, RC4, DES, 3DES, AES-128, AES-256
• Generating RSA Public and Private keys.
• Encrypting and decrypting data using RSA asymmetric algorithm.
• Signing and verifying data using RSA.
• Generating hash values for files.
• Compressing directories up to 4 times of the original size upon encryption.
• User guided mode – for users with less or no knowledge of encryption.
• Command line argument based usage for quicker operation.

In order to run this tool, you need a system with capabilities of executing bash scripts and must have openssl installed.

IhsanEncryptor – Usage

Lets say we have a folder named ‘EncryptMe’ and it needs to be encrypted. To do this we run ./IhsansEncryptor.sh as follows.

Then we enter the details. Make sure you enter a password and verify. It will not work without a password.

Now we have an encrypted file. Make sure to remember the name of the encrypted file, password you gave and the algorithm you used. Those are needed for decryption.

Now similarly, you can do the decryption, by choosing option ‘Decrypt an Encrypted file’. Then choose whether symmetric or asymmetric. Here since we encrypted in symmetric, we will be decrypting in symmetric. Give the path to the encrypted file.

Then the password, and it will decrypt the encrypted file into a new directory in the same working directory.

IhsansEncryptor – Troubleshooting.

The following are some known issues when it comes to troubleshooting. If you experience any problem other than this then, please inform me regarding it.

• Make sure you have privileges to write to the current working directory. Otherwise, Generated encrypted/ decrypted files cannot be saved in the current working directory, causing it to fail.
• Pay attention to what input : sometimes you are required to enter a path to a file. Sometimes its a path to a directory. If you don’t specify a valid path then there will always be a problem.
• When it comes to symmetric encryption, you must provide a password to the encrypted file. Otherwise it will not work. The passwords you give should match.
• When it comes to decryption, you must specify the algorithm used in encryption. Otherwise it would not work. Specifying a different algorithm doesn’t work.
• Make sure you provide the name of the correct directory/ file. Since the filename of the encrypted/decrypted directory or file are mostly numbers. So make sure you remember it well.
• When it comes to assymetric encryption, pay attention to what inputs it require. If you give the public key where the private key is required/ you give the private key where public is required, then it will not work.

References

[1]”Cbc_encryption.png”, Upload.wikimedia.org, 2017. [Online]. Available: https://upload.wikimedia.org/wikipedia/commons/d/d3/Cbc_encryption.png. [Accessed: 17- Apr- 2017].