                        NetDrive Cipher plugin.
                             Demo Version.

  Introduction. 
  -------------
 
  One day I realised that I need to hide some of my data from strangers. That 
doesn't mean I have an access to X-Files, but everybody has something "for his 
eyes only". That's getting more important in case have your own business. 
Nobody yet has disabled the market competition. I've searched the Hobbes 
archive and other Internet sites for an application that would allow me to 
encrypt my data. Most of found links are dead, some developers had moved to 
Windows or Linux. Nevertheless I've found some useful products. Unfortunately 
they use old encryption algorithms such as DES. I thought that there must be 
an application with stronger encryption, and I was right, because there was 
the Cipher plugin for NetDrive for OS/2.

  What is the Cipher plugin ? 
  ---------------------------

  Cipher plugin is a dynamic loadable library that used by NetDrive for OS/2 
for transparent data encryption/decryption. Like all NetDrive plugins the 
Cipher is a part of the IFS (installable file system) called NDFS (NetDrive 
File System). It works imperceptibly and quietly, but provides strong 
encryption and as a result good privacy for your data.

  What can and can't the Cipher plugin do ? 
  -----------------------------------------

  Cipher plugin allows you to create protected disks and folders within 
NetDrive File System and to use the data stored on those disks and folders as 
if it was ordinary data on an ordinary OS/2 storage device. Cipher protects 
selected part of files on your disk or diskette, in addition Cipher hides the 
file date/time and size. Cipher can't encrypt neither your e-mail messages 
sending via cables nor any traffic in wires. For those purposes you can use 
other products, for example PGP for e-mail, IBM firewall for private networks.

  Cipher plugin can use different cryptography methods (algorithms). At the 
moment the following methods are ready to use:

Blowfish, key length 1-56 bytes;
Cast 256, 1-32 bytes;
GOST (the encryption standard in Russia), 32 bytes;
Loki97, 1-32 bytes;
Mars, 4-56 bytes;
RC6, 1-255 bytes;
Rijndael, 1-32 bytes;
Safer Plus, 1-32 bytes;
Serpent, 4, 8, 12 ... 32 bytes;
Tripple Des, 24 bytes;
Twofish, with 16, 24, 32 bytes keys long.

  How to install ? 
  ----------------

  Plugin installations is very easy with the NetDrive 2.0 version. Cipher 
plugin distributed in archive ndpcphr.zip. You have to unzip it into an empty 
directory. Then run instlpl.cmd from the directory. You do not have to reboot 
the system.

  How to work with Cipher plugin ? 
  --------------------------------

  Create a directory somewhere on your hard disk or diskette (of course it can 
be a root directory). Inside this directory you will store crypted data. Decide
which crypt-algorithm is preferable for your aims and what will be the key 
length. We don't provide any information about that, because data protection 
is rather complicated field and it is better to find good expert. You can read 
about algorithms those used in the plugin at the sources listed in Bibliography.

  As every NetDrive resource, Cipher has to be mounted before accessing. 
  Note. There is a sample sequence of commands for mounting Cipher resource :
  ----

nd attach u:
nd createmp u:\Secret
nd mount chipher u:\Secret ;name=blowfish.dll;root=D:\Secret;round=1;key=C:\NDFS\key w

  At first you create a new NetDrive drive letter.
  Second line creates a mount point for mounting Cipher resource.
  Third line mounts Cipher resource into the created mount point.

  There are four parameters for the Cipher plugin :

   name - name of the dynamic link library that implements encryption method 
          you selected, all those libraries are in ndplugs\cipher sub-directory.
          If you use different cipher or cipher library is placed in another 
          directory, you should enter full path to this library. There is no 
          default value for this parameter.

   root - the name of the directory we've created to save protected data to. 
          There is no default value for this parameter.

  round - number between 1 and 10, the number of encoding iterations (default -
          1). Note. More iterations provides stronger encryption but less speed.

    key - full name for the file where your key (key is a sequence of 
          hexadecimal digits) is saved. There is no default value for this 
          parameter.

  Note. Cipher plugin needs your key only during mounting, after that you can 
  ----  (have to ?) remove the diskette with a key and put it in safe place. 
        ATTENTION. YOU HAVE TO KEEP YOUR KEYS IN THE SAFE PLACE !!! Don't 
        spread keys around your disks, write them into diskette, make a copy 
        and keep both copies separated somewhere physically protected.

  You can also use NetDrive Control Panel to mount Cipher resource. Look at 
the screen shot Cipher1.gif.

  Attach new drive and create mount point by pressing a few buttons. Then 
select the created mount point and press 'Mount' button. Choose 'cipher' type 
form the list and to fill in the form with values described earlier. In the 
Control Panel you can save all your adjustments and then restore whenever you 
need.

  After mounting, Cipher resource is ready to use. All files copied or created
in the mount point will be encrypted and saved in cipher. Plugin doesn't keep 
your key in memory, so that fact decreases the probability of its unfolding. To
close the access to your encrypted data you should unmount Cipher:

nd unmount u:\Secret 0

  This action is also performed on the Control Panel by selecting the Cipher 
resource and pressing "Unmount" button.

  You can also use more secure and convenient way for unmounting resource - 
install one of the hot-key popup managers (for example Win95key, Keyboard Plus,
Keymaster Pro, Mkey etc.) and assign unmount action (nd.exe unmount ...) to one
of the hot-keys. I installed "Keyboard Plus" taken from Hobbes archive. And now
Ctrl-Alt-F12 closes access to my private data.

  Key generation. 
  ---------------

  There is another important thing you should know - key generation. Special 
Rexx command file for key generation cipherkey.cmd is included in the plugin 
distribution package and is placed into the NetDrive directory (usually C:\NDFS). 
Cipherkey.cmd is designed as a command line utility in an expectation of a very
seldom usage. Key generator has three parameters:

cipherkey.cmd <cipher name> <key length> <key file name>

  Known ciphers are:

blowfish - valid key lengths are 1 - 56 bytes
cast256 - valid key lengths are 1 - 32 bytes
gost - valid key length is 32 bytes
loki97 - valid key lengths are 1 - 32 bytes
gost - valid key length is 32 bytes
mars - valid key length are 4 - 56 bytes
rc6 - valid key length are 1 - 255 bytes
rijndael - valid key length are 1 - 32 bytes
serpent - valid key length are 4 - 32 bytes by 4 bytes
tripdes - valid key length is 24 bytes
twofish - valid key length is 16, 24, 32 bytes

  Where:

  cipher name - one of the listed above cipher methods;
   key length - in bytes, a number from the listed above valid key boundaries 
                for selected method;
key file name - file name to save generated key to.

  For example you can create a key with the following command line :

C:\NDFS>cipherkey.cmd rijndael 16 A:\mykey

  In case you use cipher not included into the plugin package you can use for 
key generation the utility cryptkey.exe which you'll find in the plugin 
distribution. It has only one parameters, a number - length for generated key 
in bits (not bytes !). For example I need a key with a length 128 bit (16 bytes
long) for my algorithm:

C:\NDFS>cryptkey.exe 128 >A:\mykey

  Note. Keys are random numbers. It's impossible to restore key if you've lost 
        it. Key generator never produces two equal keys.

  Long names support. 
  -------------------

  Cipher plugin supports long names for both files and directories and has one 
side effect - if you mount FAT disk or diskette as a secure resource you will 
be able to save files and directories with long names there despite they aren't
supported by such file systems.

  Emergency cases. 
  ----------------

  There is one extra useful utility in the plugin package - ciphrest.exe. It is
designed for emergency restoring crypted data - for example broken hard drive 
or you haven't NetDrive installed on the computer you want to read that crypted
data. This is the command line utility too. It has five mandatory arguments :

ciphrest.exe <cipher> <key> <round> <source path> <dest. path>

Where:

     cipher - is the name or full path to cipher library (will be searched in 
             .\ndplugs\ciphers and LIBPATH)
        key - full path to the key file which data was crypted with;
      round - the number of crypting rounds (1 - 10), of course should be the 
              same value data was crypted with;
source path - full path to the directory where the crypted data is located (see
              parameter root for mounting);
 dest. path - full path to the directory where the data will be decoded to.

  For example I haven't NetDrive installed, but need to read files from crypted
ZIP-diskette, that could be done with the next command line:

C:\NDFS>ciphrest.exe rijndael A:\mykey 1 F:\Secret C:\WorkDir

  Usage Example. 
  --------------

  I want to illustrate the Cipher plugin usage. Imagine a firm with several 
computers. Firm's staff have to keep an electronic archive and from time to 
time have to exchange data on removable media (for example ZIP-diskette). 
They've got NetDrive and Cipher plugin installed. All removable media on those 
computers mounted through Cipher plugin. In such conditions if any diskette 
would be stolen, burglar never read even a word from your data.

  Demo Version Limitation.  
  ------------------------

  The demo version of Cipher plugin is limited to use only one fixed key, that 
included in package, regardless of using cipher. Full version of the plugin can
be ordered at  http://www.blueprintsoftware.com/netdrive

  Notes. 
  ------

  Author does not warrant that Cipher plugin will meet all your requirements, 
that operation of Cipher plugin will  be uninterrupted or error-free, or that 
all Cipher plugin errors will be  corrected. The author is not responsible for 
problems  caused by changes in the operating characteristics of computer 
hardware  or computer operating systems that are made after the release of  
Cipher plugin nor for problems in the interaction of this plugin with other  
software. The author has no responsibility to replace or refund the fee of and 
media or license damaged by accident, abuse or misapplication.

  If you have bug report or suggestions, you are welcome.

  Bibliography, used algorithm's references:

http://cnscenter.future.co.kr/crypto/algorithm/block.html
http://csrc.nist.gov/encryption/aes/round1/round1.htm#algorithms

Cipher plugin (C) 2001 Nickk <nickk9@nettaxi.com>

NetDrive (C) 2000-2001 Blueprint Software Works. http://www.blueprintsoftware.com/netdrive

Documentation copyright (C) 2001 Andrei A. Porodko <porro@cbs-edu.chel.su>

