QTKey

The QTKey program has four main functions:

Designate and Maintain Master Key Rings,
Create and Maintain Encryption Keys,
Create and Maintain Signature Keys,
Sign documents without encrypting them.

Master Key Ring

QTCrypt uses one key ring, the Master Key Ring, containing two types of keys: Encryption Keys, also called Randomizer Keys, and Signature Keys.

The Master Key Ring maintains pointers to the Encryption Keys and the Signature Keys associated with the Master Key Ring. A user may have more than one Master Key Ring. Each Master Key Ring may contain only one Signature Keys and multiple Encryption Keys. Each Master Key Ring is maintained encrypted on mass storage. The encryption is determined by a "pass phrase". The pass phrase is entered by the user when the Master Key Ring is first created. Each time QTKey is started, the pass phrase for the Master Key Ring to be used must be entered in order to open and correctly read the Master Key Ring. If an incorrect pass phrase is entered for the Master Key Ring, QTKey issues an error message and halts.

Pass Phrases are used in conjunction with the text to be encrypted and the encrypted text to derive a stream of pseudorandom number bytes based on a Secure Hash Algorithm. The pass phrase used should be a minimum of eight characters in length to ensure adequate security. If the pass phrase begins with the '@' character, then the pass phrase is assumed to a filename. The file is opened and the file contents are used as the pass phrase. If a file is used for a pass phrase in this manner, be sure to chose a file which will not change. If the file contents change in any way, the Master Key Ring is rendered unreadable. It is a good idea to always chose a pass phrase file on read-only media such as a CD-ROM to ensure that the pass phrase file cannot change.

Never forget the pass phrase for the Master Key Ring. The Master Key Ring is rendered totally useless without the pass phrase.

The pass phrase for the current Master Key Ring may be changed at any time via an option on the main QTKey menu.

Encryption Key (Randomizer Key)

Each Encryption Key is maintained as a separate file by QTKey. All Signature Keys are can be maintained in the same file as the Master Key or in a separate file by QTKey. All Encryption Key files and the Signature Key file are encrypted by QTKey with pass phrases generated randomly. The pass phrases used are a minimum of 1,000 bytes in length and a maximum of 100,000 bytes in length. The actual values used for minimum and maximum key lengths can be set in the configuration file. If no values are set in the configuration file a minimum of 1,000 bytes and a maximum of 10,000 bytes will be used.

QTCrypt key files may be written as binary files or they may be armored. How they are written is determined by a setting in the configuration file.

An Encryption Key is used by QTCrypt to encrypt a file. An Encryption Key is created by QTKey and contains a File Table and a Parameter Table. A full description of the creation and format of the Encryption Key is contained in Encryption Key Generation.

In order to encrypt a file, the user needs to run QTKey and create a Master Key Ring with at least one Encryption Key. In order to sign a file, whether encrypted or not, at least one Signature Key with a Private Key must be created.

Signature Key

If running QTKey with no Master Key Ring, QTKey will prompt for the name of a Master Key Ring to create. Enter the name of file desired. QTKey will create the Master Key Ring with a three common Group Signature Keys. The first common Group Signature Key is provided so that all QTCrypt users start with a Group in common. The second Group is provided and used as the group for signing all Encryption Keys. This does not reduce the security of the keys in any way and is used strictly for signing the keys, not encrypting the keys. This is done so that all users can start using QTCrypt immediately. Since it can take many, many minutes to derive a set of Group Keys, I decided to provide a pre-computed set. The third Group keys are the Group Keys for Quik Trim, my own organiztion. All users are thus provided with this basic set of Group Keys. Using the QTKey program, qtkeys, a set of private/public keys under any of the Group Keys may be computed and/or a new set of Group Keys may be computed.

Creating more Signature Keys is simply a matter of running QTKey, choosing the proper options from the menus presented and entering the Identifier Strings, IDs, of the Signature Keys generated. Generating a Signature Key has two parts:

Generating or importing one or more Group Keys if none already exist. You may have obtained files exported by other QTCrypt users and which contain their Group Keys and associated Public Keys. If so, then you need merely to import the files into QTCrypt. If you are starting your own Group, then you will have to generate a unique Group Key for the group.
Generating Public Keys and Private Keys for each Group Key for which you desire to sign documents. The Public Keys may be exported, along with the appropriate Group Key, into a file which is then sent to each member of the group.

In order to create an Encryption Key you will need a CD-ROM and a pass phrase.

User Guide

Chapters

Table of Contents

Quick Start

Encrypting a File