User Guide
Chapters
Table of Contents
Decrypting a File

Encrypted File Formats

Encrypted File

Each file encrypted by QTCrypt is composed of three parts:

  1. Overhead. This is information written at the beginning of the file and which is necessary for decryption and to identify the file.
  2. Body of the file. This contains the encrypted file.
  3. Trailer information. This is information necessary to authenticate and/or verify the encrypted file.
Overhead

QTCrypt outputs overhead to identify certain knowledge about the file encrypted. The overhead contains the following information:

  1. if encrypted file is not armored, then output a QTCrypt signature line identifying the file as an encrypted file produced by QTCrypt.
  2. The major version number QTCrypt followed by the minor version number. The major and minor version number output was added in version 5.0 for Linux.
  3. a single byte flag with one of the following possible values:
    1. '\x00' - indicates that the file has been encrypted using a CD-ROM encryption key. The following five values are then output. These values are not included in the message digest of the encrypted file. They are encrypted using the Byte Shift Encryption, BSE. A Special Pass Phrase derived from a series of pseudorandom numbers is used for the encryption. The Pass Phrase was derived at the time the Encryption Key was created.
      1. Randomizer Unique ID. A Pseudorandom Number that has been assigned as the unique ID for the randomizer key derived from a specified CD-ROM. The ID is written "in the clear", i.e., unencrypted.
      2. random number - a pseudorandom number derived at the time of file encryption. The value is encrypted.
      3. Randomizer Line Number #1 - a Pseudorandom Number derived at the time of file encryption. Used as an index into the Encryption Key file table for the name of the first randomizer file byte stream.
      4. Randomizer Line Number #2 - a Pseudorandom Number derived at the time of file encryption. Used as an index into the Encryption Key file table for the name of the second randomizer file byte stream.
      5. Parameter Line Number - a Pseudorandom Number derived at the time of file encryption. Used as an index into the Encryption Key parameter table.
    2. '\x01' - indicates that the file has been encrypted using a pass phrase. A single byte is written to indicate the Secure Hash Algorithm used for encryption the file.
      1. '\x00' - use Secure Hash Algorithm, Federal Information Processing Standards Publication, 180-1, 1995 April 17
      2. '\x01' - use RIPEMD-160

  4. a pseudorandom number used to indicate whether the file is Signed or not. If the low order bit is set, the file is Signed otherwise it is not Signed.
  5. Forced Secure Hash Algorithm flag. Value included in file message digest. This is a byte stream terminated with a zero byte with the following values:
    1. '\x00' - Use Secure Hash Algorithm specified in Encryption Key parameter table
    2. '\x01' - Force the use of Federal Information Processing Standards Publication, 180-2, 2002 August 1, 160 bit hash.
    3. '\x02' -Force the use of Federal Information Processing Standards Publication, 180-2, 2002 August 1, 224 bit hash.
    4. '\x03' -Force the use of Federal Information Processing Standards Publication, 180-2, 2002 August 1, 256 bit hash.
    5. '\x04' -Force the use of Federal Information Processing Standards Publication, 180-2, 2002 August 1, 384 bit hash.
    6. '\x05' -Force the use of Federal Information Processing Standards Publication, 180-2, 2002 August 1, 512 bit hash.
    7. '\x06' - Force the use of the RMD 16- bit hash.
    8. '\x07' - Force the Whirlpool 512 bit hash.
    9. '\x08' - Force the Tiger 192 bit hash.
    Multiple secure hashes are used for each encrypted file.
  6. Original file size. If the file is compressed prior to encryption, this is the size of the encrypted file. The value is written twice. Upon decryption, if the two sizes do not agree, then the decryption mistake is caught early. Both values are included in the file message digests.
  7. Forced Encoding Scheme - overrides parameter file. Value not include in file message digests. This field has the following values:
    1. '\x00' - use encryption method specified in parameter table
    2. '\x01' - use Alternating Encryption, ALE,
    3. '\x02' - use Relative Offset Encryption, ROE,
    4. '\x03' - use Byte Shift Encryption, BSE,
    5. '\x04' - use Permutation Change Encryption, PCE,
    6. '\x05' - use Bit Mix Encryption, BME,
    7. '\x06' - use Byte Mix Encryption, BYE,
  8. Flag to indicate forcing decrypted output. Value not include in file message digests. This field has the following values:
    1. '\00' - use file specified at time of decryption
    2. '\01' - force decrypted output to filename the same as encryption input filename
    3. '\02' - force decrypted output to standard out file - usually the console. May be redirected.
  9. Input File Name length. Value included in file message digests.
  10. Input File Name. Value included in file message digests.
  11. Input file date as Julian Day Number. Value included in file message digests.
  12. Input file time as seconds since midnight. Value included in file message digests.
  13. Encryption date as Julian Day Number. Value included in file message digests.
  14. Encryption time as seconds since midnight. Value included in file message digests.
  15. If the encrypted file is Signed, then the following values are output:
    1. Group Key string length. Value included in file message digests.
    2. Group Key string. Value included in file message digests.
    3. Private Key string length. Value included in file message digests.
    4. Private Key string. Value included in file message digests.
  16. Single byte indicating whether the input file is compressed prior to encryption. Value not included in file message digests.
    1. '\x00' - file not compressed
    2. '\x01' - file compressed. When compressing the input file, the following values are included in the file overhead. All values are included in the file message digests.
      1. Uncompressed file size,
      2. rle run threshold
      3. Block size for compression in 100K byte blocks

The overhead will add a minimum of approximately 100 bytes to the length of the encrypted file.

Trailer Information

QTEncode writes the following information after the encrypted input file. All values are written encrypted.

  1. A single zero value. The value is included in the message digests.
  2. The size of the input file. If the input file was compressed by QTEncode, then this is the size of the compressed file. When the file is decrypted, the size decrypted here is compared with the file size decrypted in the header overhead to confirm proper decryption. The value is included in the message digests.
  3. If the input file has been compressed by QTEncode, then the original input file is added to the message digests at this time. Thus, for compressed files, both the compressed file and the uncompressed file forms are contained in the message digests.
  4. If the encrypted file is not signed, then the message digests are written to the output file. If the encrypted file is signed, then the Digital Signature Algorithm is used to derive the Secure Digital Signature for each message digest which are then written to the output file.
User Guide
Chapters
Table of Contents
Decrypting a File