with the strongest line of data file and message encryption software available.
GK-Crypt Data Security Package Version 03
User Manual - March 12, 2024

          1. GK-CRYPT

               GK-Crypt keeps your computer files secret and private.  It
          keeps them secure against any snooping, industrial espionage, or
          intrusion via the Internet.  Even if your computer or your data
          disks were stolen, and even if they had the GK-Crypt software on
          them, nobody could read your data.

               GK-Crypt is far stronger than any other commercial file
          encryption product in the world, and stronger than nearly all of
          the world's diplomatic and military encryption packages, whether
          software, microchip, electro-mechanical, or any combination.
          GK-Crypt is strong enough so that governments could use it for
          their most sensitive data.

               GK-Crypt could insure the privacy of your computer files
          even if an opponent had available all of the computing power in
          the entire world.  And, your files will stay private for decades
          to come.  Even if computers increased in power over the next 50
          years by the same factor that they improved over the past 50
          years, your files would still remain secure.

               The 128-bit encryption products now in use will become
          obsolete in 10 to 15 years.  The 256-bit products that are
          designed to replace them will become obsolete in 20 to 30 years.
          But files encrypted with 640-bit GK-Crypt will still be secure
          even 50 years from now.

               GK-Crypt is easy to use.  You can encrypt hundreds of files
          with a single command.  You don't need to choose and remember any
          of the file keys.  GK-Crypt will generate a secure 640-bit key
          for each file, and remember all the keys for you.

               GK-Crypt is also the safest privacy product you can buy.  It
          is loaded with safety features to prevent loss of data and other
          problems that are common with lesser data security packages.  You
          cannot decrypt a file with the wrong key, or encrypt a file that
          is already encrypted.


          1. GK-CRYPT
            1.1. GK-Crypt Version 03
            1.2. GK-Crypt Version 02
            1.3. What is encryption?
            1.4. Who needs encryption?

          2. USING GK-CRYPT
            2.1. A GK-Crypt session
            2.2. Sample session
            2.3. Decrypting files
            2.4. Setting shortcuts
            2.5. Listing the encrypted files

          3. FILES
            3.1. Identifying files
            3.2. File groups and wildcards
            3.3. Defining shortcuts
            3.4. Using shortcuts
            3.5. Group overlap

          4. KEYS
            4.1. Key Do's and Don'ts
            4.2. Letters, digits and punctuation
            4.3. Key blocks
            4.4. Pronounceable keys
            4.5. Patterns
            4.6. Secretaries and clerks
            4.7. Key strength
            4.8. Summary: Picking a key

            5.1. Copying the GK-Crypt files
            5.2. Multiple copies of GK-Crypt
            5.3. Installation
            5.4. Practice

          6. SAFETY FEATURES
            6.1. Lost keys
            6.2. Strong Master Key
            6.3. Unauthorized users
            6.4. Double encryption
            6.5. Double copies
            6.6. Partial encryption
            6.7. Master and cache
            6.8. Adding and renaming files
            6.9. Backup and recovery

            7.1. The GK-Crypt algorithm
            7.2. AES Advanced Encryption Standard
            7.3. RSA public key cryptography
            7.4. Quantum cryptography
              7.4.1. Photon cryptography
              7.4.2. Quantum entanglement

          Appendix A. DOS BASICS
            A.1. Starting DOS
            A.2. Sizing the DOS window
            A.3. Directories
            A.4. Current directory
            A.5. Working with directories
            A.6. Identifying files
            A.7. Long names
            A.8. File operations
            A.9. Batch files

          1.1. GK-Crypt Version 03

               GK-Crypt Version 03 is easier and safer to use than Version

          (1) You no longer need to remember which files are encrypted, or
          to type the names of the files you want to decrypt.  GK-Crypt 03
          displays the list of files, and you just point to the ones you
          want to decrypt.

          (2) You can create shortcuts to reduce the task of typing long
          file names.  For example, you could let




          (3) The methods for choosing random file keys have been improved.

          (4) Only one copy of GK-Crypt is needed.  It may be run from
          anywhere on your computer.

          (5) Every file is identified with its full path.  This prevents
          problems when there are files with the same name in two or more
          different directories.

          1.2. GK-Crypt Version 02

               GK-Crypt Version 02 offers several improvements over the
          original Version 01.

          (1) The encryption has been made even stronger, with no
          significant loss of speed.

          (2) The operation is now fully automatic.  There are no options
          to choose.  You get the highest level of security for every file.

          (3) You can now change the Master Key without needing to decrypt
          and re-encrypt any files.

          (4) The new version automatically detects files encrypted with
          the old version and converts them to use the new, stronger,

          (5) After a file has been encrypted, the old copy is now shredded
          3 times.

          1.3. What is encryption?

               Encryption is the process that keeps your data secure.  The
          GK-Crypt program takes your data file and transforms it into a
          form that nobody can read without the key.  The encrypted file
          looks perfectly random and totally meaningless.  Even the most
          sensitive and sophisticated statistical tests cannot detect any
          difference between your encrypted file and a pure random file.

               The reverse process, which is called decryption, takes the
          garbled, unreadable data file and transforms it back into the
          original data.  The decryption process requires full knowledge of
          the key in order to reconstruct the original data.  Only you, and
          anyone to whom you give the key, can retrieve and read the data
          file.  For an unauthorized person who does not have the key there
          is no possibility whatsoever of reversing the process and reading
          your file.

               You can think of encryption and decryption as locking and
          unlocking your data files.  The key is just like the combination
          for a safe or vault.  Without the combination the vault cannot be
          opened.  Without the key your data file cannot be read.  But,
          unlike a safe or vault, there is no other way in.  The snooper
          cannot cut through the walls or manipulate the tumblers with
          magnets.  The key is the only way in.

          1.4. Who needs encryption?

               You need encryption whenever you have both of the following

          (1) You have data that you need to keep private or confidential,

          (2) Someone has access, or could possibly have access to your
          computer, or to any external media where your data is stored, or
          to any channel over which you transmit your data.

               Here are some kinds of data that you might want to keep

          Private individuals

               Bank account numbers          Health information
               Book or play manuscripts      Inventions
               Brokerage account numbers     Journals or diaries
               Computer passwords            Photos, movies or videos
               Credit card numbers           Private letters and emails
               Downloaded files              Spreadsheets
               Financial records


               Ad campaign plans        Merger plans
               Claims data              Orders
               Client records           Organization charts
               Commissions              Patient records
               Compliance data          Product specifications
               Contract terms           Recipes
               Credit histories         Real estate plans
               Customer accounts        Research findings
               Expansion plans          Revenue projections
               Employee health data     Salaries
               Interfaces               Sales records
               Inventory                Settlement records
               Letters and memos        Supplier data
               Mailing lists            Tax information
               Marketing plans          Yields


               Armaments              Resupply schedules
               Attack plans           Ship movements
               Contracts              Supply levels
               Defense plans          Targets
               Emplacements           Trajectories
               Munitions depot        Troop movements
               Radar frequencies      Troop strength
               Radar locations        Unit readiness
               Research reports       Weapons capabilities

               For some types of data, you may have a legal obligation to
          safeguard its privacy.  For example, the Gram-Leach-Bliley Act
          (GLBA) which Congress passed in November 1999 requires that
          companies protect the security and confidentiality of their
          customers' private information.  Financial institutions and other
          businesses must assure that their customers' data is kept private
          and confidential.

               Similarly, since April 2005, nearly all healthcare
          institutions need to comply with the security requirements of the
          Health Insurance Portability and Accountability Act (HIPAA).

               If you take your legal obligations seriously, then you
          should use the strongest encryption product available, the
          GK-Crypt package.

               Your data could be vulnerable because clients, or
          unauthorized employees, may be able to enter an area where your
          computer is located, or where another computer or terminal on the
          same local network is located.  Sometimes a careless employee or
          family member may leave a computer unattended where someone might
          use it to find sensitive files.

               Sometimes a disgruntled employee, or even an angry family
          member, may copy data files in order to harm you or your company,
          or to sell the data for profit.  The employee could make a disk
          or print out a file and take it home.  An employee who works from
          home, or someone else in that household, may be able to dial into
          your computer and obtain access to sensitive files.

               Access to your data might be gained while your computer is
          connected to the Internet by using spyware or a computer virus.
          Files transmitted on the Internet are not secure at all.

               It is also possible that your computer or data disks or
          tapes will be stolen, or obtained from the trash.  A thief who
          breaks into a safe looking for valuables may take backup disks
          containing your sensitive data and later discover what they

          2. USING GK-CRYPT

               Each time you use GK-Crypt is called a session.  During each
          session you can encrypt files (lock them to make them secure),
          decrypt files (unlock them to use them), or get a list of the
          encrypted files.  You may encrypt or decrypt as many files as you
          like during each session.  You can even encrypt and decrypt the
          same files in a session, should you wish.

               You start each session by typing the GK command.  This
          starts the GK-Crypt program.  You start a session by typing


          and pressing Enter.  After GK-Crypt is started it will tell you
          exactly what to do at every step.  Everything is clearly
          explained as you go.  (But you should still read this manual and
          the Installation Guide before you begin.)

          2.1. A GK-Crypt session

               The first thing GK-Crypt will need is your Master Key.  This
          is the key that opens the Master File which is required to run
          the GK-Crypt Data Security Package.  It is absolutely essential
          that you choose a very strong Master Key.  If the Master Key is
          weak, or only moderately strong, then your security will be

               Using an ultra-strong encryption algorithm like GK-Crypt and
          then choosing a short or weak key is like building a bank vault
          from the strongest thickest steel available, and then locking it
          with a flimsy padlock.  Several sections of this manual will be
          devoted to choosing keys that are both strong and easy to

          2.2. Sample session

               Before getting into the full details of a session, let's
          take a quick look at a sample session.  You start GK-Crypt by
          typing the command


          The first thing GK-Crypt needs is your Master Key.  GK-Crypt will
          prompt you to enter the Master Key by displaying

               Please enter the Master Key

          You type your Master Key exactly the way you entered it when you
          installed GK-Crypt, for example,

               Key: KXWVT 39463 HMCTU 90413 GSVIF 85721

          Remember that the Master Key is case-sensitive, so KXWVT and
          kxwvt are different keys.  If the Master Key is correct, the
          session can begin.

               GK-Crypt will next need to know which files you want to
          encrypt (lock) or decrypt (unlock).  It will first ask what
          operation you want to perform, like this,

                 E - Encrypt a file.  Make it unreadable to protect it.
                 D - Decrypt a file.  Make it readable to use it.
                 S - Create shortcuts.
                 L - List the encrypted files.
                 M - Change your Master Key.
                 Q - Quit.
               Type your choice (E, D, S, L, M or Q):

          You may encrypt and decrypt as many files as you wish during a
          session.  After each operation you will be returned to this menu
          until you type Q to quit.
               Suppose that you want to encrypt a file.  You type E to
          select encryption.  GK-Crypt will then need to know the name of
          the file, or the group of files that you want to encrypt.  It
          will prompt you for the name,

               Enter the name of the file group to be encrypted,
               or type Q to quit.
               File group name:

          Suppose that you want to encrypt the group of files in the
          directory patent that start with the name motor.  You would
          respond by typing \patent\motor*, like this

               File group name: \patent\motor*

          GK-Crypt will ask you to verify your choice, so that you don't
          accidentally encrypt the wrong group of files.  It will ask

               Is (\patent\motor*) the correct file group? (Y or N):

          You would type Y to indicate that it is correct.  GK-Crypt will
          then generate a strong encryption key for each of the files,
          encrypt each file with its key, and record the keys so that the
          files can be decrypted when you need them.

               This sample should give you a good sense of how a GK-Crypt
          session will proceed.  At every step GK-Crypt will instruct you
          on what information you need to enter.  Now let's look at some of
          these items in detail.

          2.3. Decrypting files

               Decrypting (unlocking) files is very easy in GK-Crypt
          Version 03.  You no longer need to remember which files are
          encrypted, and you no longer need to type the file names.  When
          you select D on the main menu to decrypt files, you will be shown
          a list of the encrypted files, like this

               > C:\MEDICAL\CHART\SMITH.XML

               Use arrows to move cursor, D to decrypt file, Q to quit: ');

          You can use the up arrow, down arrow, PgUp and PgDown keys on the
          numeric keypad to move the > cursor to the file you want to
          decrypt.  When the cursor is pointing at the right file, press D
          to decrypt the file.

          2.4. Setting shortcuts

               Press S on the main menu to define or change a shortcut.
          You will see

               Shortcut name:

          Type in the name you want to call the shortcut.  If you type the
          name of an existing shortcut, then you can edit that shortcut,
          change its name, change its text, or delete the name to delete
          the shortcut.

          2.5. Listing the encrypted files

               Press L on the main GK-Crypt menu to get a list of all of
          the encrypted files.  The list will be written to the file
          GKCRYPT.LST.  You can use this list, for example, to check
          whether all of the files that you want to keep private have been

               You could keep a separate file containing the complete list,
          and compare GKCRYPT.LST to this file using the Comp utility.  The
          Comp utility is a handy and inexpensive tool available from
          Master Software Corporation (www.mastersoftware.biz).

          3. FILES

               In order to use GK-Crypt you will need to tell it which
          files to protect.  On your computer the files are organized into
          directories or folders.  Directories and folders are two names
          for the same thing.  When you are in Windows, the computer will
          show you lists of files organized as folders.  When you are in
          DOS, the computer will show you lists of those same files in
          directories.  Directories and folders are equivalent.

               You need to identify which files contain your private data.
          These are the files that you need to encrypt.  Often these files
          will be in directories that are named for the program that
          created them.  For example, if you create drawings using a
          program called EZ-Draw, then the drawings are likely to be in a
          directory with a name such as


          or in a subdirectory of these directories, say


               It is generally safe, but not necessary, to encrypt the
          application program and the files that it uses along with the
          files you created.  For example, it is safe to encrypt word
          processors, spreadsheet programs, or graphics programs.  Of
          course you must decrypt them before you try to use them.  This
          may take some time, but it may be easier for you to encrypt the
          entire directory, along with all of its subdirectories, than for
          you to try to identify all of your data files individually.

               WARNING!!  You must never encrypt a system file.  You must
          never encrypt any file that is part of the operating system on
          your computer, such as Windows, Unix or Linux.  If you encrypt a
          system file, your computer will be unable to use that file, and
          therefore may not be able to function correctly.  If you simply
          went ahead and encrypted every file, your computer would stop
          running, and you would not be able to restart or reboot it, so
          you would not be able to fix the problem.  Similarly, if you
          encrypted any of the GK-Crypt files, such as GK.EXE, GKMASTER.1,
          or GKCACHE.1, then you would not be able to use the GK-Crypt
          package to decrypt them, so all of your encrypted files would be
          permanently lost.

               You should always give your data files and folders names
          that clearly identify what they contain.  That way, you will know
          which files are yours, and which files you want to protect.  You
          can find all of the files on your computer by clicking the "My
          Computer" icon on the Windows desktop.  Equivalently, you can
          find all of your files by using the DIR command in DOS.

          3.1. Identifying files

               Each time you encrypt files you must identify those files to
          GK-Crypt.  GK-Crypt will prompt you for the file identifier at
          the appropriate time.  You identify files to GK-Crypt the same
          way that you identify files to DOS, namely by specifying the
          drive, path, filename and extension.  (If you already know DOS,
          you can skip or just skim this section.)

               drive     is the device where your file is stored, usually C
                         for your hard drive, A or B for a floppy drive,
                         D or E for a CDROM drive.

               path      is the directory on your drive where the file is

               filename  is the name that you gave your file.  The name
                         indicates the contents or purpose of the file.

               extension is a suffix that indicates the kind of file, such
                         TXT for a text file, JPEG for a picture file, EXE
                         for an executable file, etc.

          A full file identifier might look like this,


               In this example, c: identifies that your file is on the C
          drive, which is your hard drive.  \company\mydepartment\2005\ is
          the path to your data.  It shows that the data file is located in
          the 2005 folder, which is inside the mydepartment folder, in the
          company folder.  So the path consists of nested folders, or a
          list of directories.  sales.wp is the file with the data.  The
          filename is sales, and the extension is wp, which indicates that
          it is a WordPerfect document.

               In a file identifier all of the fields except the filename
          are optional.

               drive      can be omitted if the file is on the current
                          that is, the drive where you are now working.

               path       can be omitted if the file is on the current
                          of the drive.

               extension  can be omitted if the file does not have an
                          on its name.  For example, if the file is just
                          oldstuff then no extension is needed.

          Here are some examples of valid file identifiers:

                    identifies the file budget in the current directory
                    of the A drive.

                    identifies the file commissions in the \jones directory
                    on the current drive.

                    identifies the file requests.txt in the late
                    subdirectory of the current directory.

          3.2. File groups and wildcards

               GK-Crypt allows you to encrypt or decrypt groups of files
          with a single command.  There are two ways to do this.  The first
          method is to use wildcards when you give the filename or the
          extension.  Instead of giving the entire filename or extension,
          you give the first few characters, and then type * asterisk.  The
          file operation will be applied to all files whose names or
          extensions begin with the letters you gave.  Here are some

               TAX*        specifies any file in the current directory
                           name begins with TAX.  For instance this would
                           include TAX, TAXES and TAX2005 but not TAXES.WP.

               T\*.DOC     specifies any file in the T subdirectory of the
                           current directory, whose extension is DOC.  For
                           instance this would include T\SALES.DOC and

               \A\PR*.S*   specifies any file in the A directory of the
                           current drive whose filename starts with PR and
                           whose extension starts with S.  For instance
                           this would include \A\PROFIT.S and \A\PRICE.SET.

               The second method for specifying a group of files is to give
          the path with no filename or extension.  In this case, the file
          operation will be applied to all of the files in the current
          directory, and all of its subdirectories.  For example

               \MENU\   specifies all of the files in the MENU directory of
                        the current drive, and all of its subdirectories.
                        For instance it would include \MENU\TODAY.TXT,
                        \MENU\BEEF\RECIPES and \MENU\LAYOUT\PIX\SALAD.JPG.

               Any time you are prompted to give a file group you may give
          either a single file, a set of files using wildcards, or a

          3.3. Defining shortcuts

               Some of the files you wish to keep private may be in deeply
          nested directories, such as


          It would be tedious to continually type these long names when you
          encrypt these files, especially if you do this often.

               Starting with GK-Crypt Version 03 you can define shortcuts
          to make this task easier.  To define a shortcut you choose S on
          the GK-Crypt main menu.  You will then see

               Enter the name of the shortcut.  The name may be
               1 to 12 letters and digits, for example  Plan10X
               Type = to show the list of shortcuts, or type Q to quit.

               Shortcut name:

          Type a suitable short name for your shortcut, for example plato.

               You will then be prompted to enter the text of the shortcut.
          This text can be all or part of the directory path and/or the
          file name.  You will see

               Enter the text of the shortcut or type Q to quit.
               The text may be any portion of a directory path or file name
               such as  \MyStuff\drawings\bridge.jpg

               Shortcut text:

          You then type the text of the shortcut.  The shortcut will stand
          for whatever text you enter.  In this case, suitable text might


          since this occurs in all three of the file names.

          3.4. Using shortcuts

               To use a shortcut when you are telling GK-Crypt which file
          to encrypt, you type an equal sign = and then the name of the
          shortcut, plus the rest of the file group name.  For example, you
          could enter the file name as =plato\cover.jpg like this

               File group name: =plato\cover.jpg

          This would cause the file
          \programs\artshop\drawings\plato\cover.jpg to be encrypted.

               If the name of the shortcut is not followed by a delimiter,
          such as . or \ then leave a blank after the shortcut name.  The
          blank will be removed when the shortcut name is replaced by the
          shortcut text.  For example, if dime were a shortcut for
          \coins\catalog\dimes\ then

               File group name: dime 1952

          would cause \coins\catalog\dimes\1952 to be encrypted.

               You can use more than one shortcut in a file group name, and
          you can use one shortcut in another shortcut.  For example,
          suppose that you want to encrypt the files


          You could define a shortcut draw to represent
          \programs\artshop\drawings and then you could define two more
          shortcuts plato and homer using the draw shortcut.

               plato  as  =draw\plato
               homer  as  =draw\odyssey

               If you now wanted to encrypt the file
          \programs\artshop\drawings\odyssey\cyclops.jpg you could simply
          enter the name as =homer\cyclops.jpg like this

               File group name: =homer\cyclops.jpg

          and the correct file would be encrypted.

          3.5. Group overlap

               It would be dangerous to encrypt two groups of files that
          could potentially overlap.  For example, if you were to encrypt
          the group TOP*.D* and then encrypt the group TO*.DOC the file
          TOPIC.DOC would get encrypted twice.  If you then decrypted those
          two groups in the same order, the file TOPIC.DOC would get
          hopelessly garbled.  It could never be recovered, because the
          keys would no longer be in the cache.

               To prevent this sort of catastrophe, GK-Crypt detects
          possible overlaps of file groups, and prevents you from
          encrypting such overlapping groups.  This is one of the many
          safety features built into GK-Crypt.

          4. KEYS

               Choosing the keys for encrypting your files is one of the
          most critical steps in using the GK-Crypt package.  If you choose
          a short or weak key, it may be easy to remember and easy to type
          each time you need it, but your data will not be secure.  It is a
          serious mistake to think that you can use a weak key simply
          because you are using such a strong encryption package.  A strong
          safe with a weak lock is not secure.

               If you choose a long strong key your data will be more
          secure, but it will be harder for you to remember it and to type
          it accurately each time it is needed.  This chapter will describe
          techniques for choosing keys that are both secure and easy to
          remember and to type accurately.

          4.1. Key Do's and Don'ts

               Many people try to take shortcuts in order to have keys that
          are easy for them to remember.  You need to assume that any
          opponent will also be aware of the same shortcuts.  Here are some
          simple rules that can help prevent a costly error.

               When you choose a key, do not base the key on your personal
          information.  Assume that your opponent knows all of your
          personal data.

          DO NOT base your key on 

               Your birthday
               Your telephone number
               Your Social Security number
               Your license plate number
               Your spouse's, child's, parent's, sibling's or even
                 your pet's name, birthday, phone number, etc.

          DO NOT base your key on commonplace phrases 

               Nursery rhymes
               Song titles or lyrics
               Folk sayings
               Names of famous people, groups, places or events
               Names of books, plays or TV shows
               Punchlines from jokes
               Well-known dates
               Tongue twisters
               Words or phrases in other languages

          DO NOT use data widely known within your specialized field 

               Digits of pi or e
               Names of bones, nerves, or organs
               Names of stars, minerals, geological features, bacteria,
                 ancient cultures, alloys, proteins, theorems, etc.
               Names of people, schools, companies, places, etc.
               The speed of light, Avogadro's number, the Golden Ratio,

          DO NOT choose sequences of consecutive letters from the alphabet
          or from the keyboard, whether forwards, backwards or diagonally.

          DO NOT use the keys that appear in this manual.  Always assume
          that your opponent has read it, too.

          DO use a long key.

          DO try to make your key as random as possible.

          DO read this entire chapter on picking keys.

          DO evaluate the strength of your key according to the principles
          in the following sections.

          DO make your Master Key extra long and strong.

          4.2. Letters, digits and punctuation

               If there are several people who need access to the data, and
          who are trusted with the keys, then the problem of recording or
          memorizing the keys becomes multiplied.  Some people have the
          capacity to memorize long strings of random-looking letters
          and/or digits, but most people cannot do this.  The safest course
          is to write down your key, and keep it in a secure place, such as
          a locked safe.  Other techniques will be discussed in a later
          section.  It is advisable to have several copies, in case one
          copy gets lost, stolen or destroyed.

               The strength of an encryption key is measured in bits, the
          binary digits that are used by your computer's hardware.  Here is
          a rough guide to how many bits you get from each character in an
          encryption key when the characters are chosen randomly.  

               Table 1.  Strength of each character in a key.

               Decimal digits = 3.3 bits
               Single case letters = 4.7 bits
               Mixed case letters = 5.7 bits
               Mixed letters and digits = 5.9 bits
               Mixed letters, digits and punctuation = 6.3 bits

          Based on this chart, here is the strength of some sample
          10-character keys 

               Table 2.  Strength of 10-character blocks.

               5835701483 = 33 bits   Decimal digits
               CIWMRPTNZX = 47 bits   Upper case letters
               tyuhbivxks = 47 bits   Lower case letters
               DmbHaqREkV = 57 bits   Mixed case letters
               ku8Je94Lg7 = 59 bits   Mixed letters and digits
               g"p5WZc4%F = 63 bits   Mixed letters, digits, punctuation

               As you can see, the strength of the key increases when you
          choose randomly from a larger set of characters.  However, the
          difficulty of memorizing the keys and typing them accurately
          becomes much greater as the keys get more random.

               Note that all of the keys illustrated above are too short to
          be considered secure.

          4.3. Key blocks

               There are several methods for producing keys that are
          secure, yet easier for people to manage.  The first technique is
          to break your keys into blocks.  It has been a common practice
          for many years to break coded messages into blocks of 5
          characters each so that they can be transcribed more accurately.
          The same idea works for keys, too.  Notice how the key 


          becomes much easier to read when it is broken into groups of 5


               For longer keys it may be advisable to use additional
          punctuation to organize the blocks into groups of blocks.  For

               48591-04528-16392, 35207-31654-74925, 09482-71653-42570


               The second technique is to use groups that have the same
          structure.  Here are some examples, and the strength of each key

               91486 61872 94373   16 bits per block   5 digits
               T3708 D6204 F5193   18 bits per block   1 letter, 4 digits
               GS437 BR092 LX528   19 bits per block   2 letters, 3 digits
               UHM15 XTN63 MYA74   21 bits per block   3 letters, 2 digits
               QRILC PJRMS OVDZK   23 bits per block   5 letters

          The strength remains the same when the letters are placed in
          different positions.  For example, all of the following keys have
          the same strength, namely 2 letters and 3 digits 

               GS437 BR092 LX528   Letters at the start of each block
               943KP 471GQ 205YL   Letters at the end of each block
               V107J X219C F738L   Letters at both ends of each block
               6WF52 9TU48 7JN13   Letters in the middle of each block

               One advantage of using key blocks that always have the same
          structure is that there is no confusion between letters and
          digits.  Some letters and digits that may get confused are 

               Letters   B G I l O S T Z
               Digits    8 6 1 1 0 5 7 2

          Its position in the block tells you whether the character is a
          letter or a digit, so there is no need to avoid these characters
          when you use blocks with a fixed structure.

               Another variation on this idea is to make each key block
          uniform, but to vary the types of blocks randomly.  Here are two
          30-character keys with uniform blocks.  Each block consists of
          all digits, or all uppercase letters, or all lowercase letters.  

               KNUHW 50258 fewrz 39274 gyakf obqnk

               doztc 81463 69917 AGNDL rdefo PUIZH


          4.4. Pronounceable keys

               Another technique that can be used to produce keys which are
          secure, yet easy to remember, is to make the keys pronounceable.
          That is, you would use pronounceable combinations of vowels and
          consonants to form syllables, and combine these syllables to form
          artificial words.  This method may be valuable in situations
          where it is unsafe to write down the keys, and they must be
          memorized.  Here are some examples.  

               shambu dilp prelec oltu domex sarbuti shum obior

               Yotz doruc flean jadmek pra kerazi, Lagatu limbrazon.

               You can burn the key into your memory by starting with just
          a few artificial words, say DOZEK ULM HAPLICO, and repeat these
          to yourself for a day or two.  Then add another few words, say
          DOZEK ULM HAPLICO GRUX ANTIAM, and repeat those in your head for
          a few more days.  You can add some more words the following day.

               dozek ulm haplico grux antiam ludovesk gur amesqi

               You can complete the process by adding capitalization and
          punctuation, like 

               Dozek ulm Haplico "Grux Antiam" ludo-vesk gur a'mesqi.

          Using mixed-case letters and punctuation increases the strength
          of your key.

               You can imagine the key to be a saying in some private
          language, and make up a translation, in order to fix it more
          firmly in your mind.  For example, 

               Wise king Haplico "Lion of Antioch" out-witted a sorcerer.

               In a pronounceable key each letter has a strength of about
          3.3 bits if the words are fairly uniform in length, and about 3.5
          bits if the words are more variable in length.  For example, the
          first key below is fairly uniform in length, while the second is
          more variable.  

               panek dilbap greho drung fasdop ulben bukty crivan

               lobykar elb dixiat glem urbiqeo dhorsh uz vilagump


          4.5. Patterns

               When choosing a key, avoid creating any patterns, such as
          repeated letters or syllables.  Patterns weaken the keys by
          making them easier to guess.  Here are some examples of keys with

               BBXXTT KKUUVV WWYYCC      The letters are all in pairs.
               aaa3gg5yyyy9ccc7uu2       There are runs of equal letters.
               10704 20906 50803         The second and fourth digit in
                                         each group is zero.
               51615 38183 29092         Each group has an ABCBA pattern.
               zampana reveske flogoto   The vowels in each group are all
                                         the same.
               tuntam memescu saksoli    The first and second syllable
                                         start with the same letter.
               debendik devogi delakt    Every group starts with de.
               ABC ghi LMN def XYZ       Each group has 3 consecutive
                                         letters of the alphabet.
               500XD 711TJ 822GN         The second and third digits in
                                         each group are the same.
               31734 23839 30376         Every group has two 3's.
               dobaku levoti wafigo      Consonants and vowels alternate.
               vgy7 2wdc zse4 7ujm       Has diagonal runs on the keyboard.
               KAZ VEK CIF ZOP HUQ       The vowels run in order AEIOU.

               Once you have chosen a key, inspect it for patterns, and
          change it to remove them.  If your key is a long string of
          letters or digits, look to see if there are any letters or digits
          that are used too often, or that are missing.  You may want to
          make some changes.  However, don't overdo it.  If you use every
          letter or every digit exactly the same number of times, or if all
          the letters and digits in each block of your keys are always
          different, those are also patterns which weaken the key.

          4.6. Secretaries and clerks

               Sometimes lower-echelon employees will not safeguard file
          keys as zealously as other workers.  It is common for these
          employees to write down keys in places that are easily
          accessible, such as on the computer itself, on their desk pads or
          wall calendars, or on slips of paper on a bulletin board.
          Anybody could see the keys and write them down.  It is absurd for
          the company president to keep the Master Key in a locked box
          inside a walk-in vault, and for the secretary's assistant to
          write the Master Key on a gummed label on the wall next to the

               The employee might assume that nobody will ever guess that
          those cryptic letters and digits are actually the Master Key that
          unlocks all of the company's secret files.  The employee might
          assume incorrectly.  If these employees must be trusted with the
          keys then it is essential that they be educated to avoid such
          security breaches.

               Keys should never be written or pasted on the computer
          itself, the computer desk, a desk pad or calendar, the cover of a
          notebook or steno pad, the bottom of a stapler, telephone or
          flowerpot, the back of a clipboard, letter tray or desk
          organizer, or any similar place.  Intruders know to look in such
          places.  Don't make their job easy.

          4.7. Key strength

               The following table is a guide to how long a key must be in
          order to achieve various levels of security.  For example, if you
          want a key strength of 200 bits, and you use a decimal key, then
          you need 60 digits.  With the speed of current computers 100 bits
          is the lowest level of security that can be considered safe.

               The table assumes that the letters or digits of the key are
          chosen completely randomly.  If the letters or digits follow some
          pattern then your key needs to be longer.  For example, a key
          such as 

               TC174 JF296 BH583 KD629

          would be measured as 8 single-case letters and 12 digits, for a
          total strength of 77 bits.  Because of the LLDDD pattern it would
          not be considered to be 20 mixed letters and digits, which would
          have a strength of 118 bits.  

          Table 3.  For each type of key, this table shows how long to make
                    the key in order to achieve the desired strength.

                                   Desired key strength measured in bits
          Type of key             100   125   150   200   250   300   400
          Decimal digits           30    38    45    60    75    90   120
          Single-case letters      21    27    32    43    53    64    85
          Mixed-case letters       18    22    26    35    44    53    70
          S-C letters + digits     19    24    29    39    48    58    77
          M-C letters + digits     17    21    25    34    42    50    67
          Letters, digits, punc    16    20    24    32    40    47    63
          Uniform blocks           22    27    33    44    55    66    88
          Pronounceable, uniform   30    38    45    60    75    90   120
          Pronounceable, variable  29    36    43    57    71    86   114

          For example, if you wanted a decimal key you would read across
          the top row of this table.  If you wanted the decimal key to have
          a strength of 125 bits, you would look at the second column in
          the top row to find that you would need 38 decimal digits.  If
          you wanted a key of mixed-case letters and digits with a strength
          of 250 bits, you would need 42 letters and digits.

               Note that the longest input line you can enter is 126
          characters.  (This is a limitation of DOS, not a limit set by
          GK-Crypt.)  So if you wanted 400 bits of strength, and you chose
          to have a decimal key which requires 120 digits, then you would
          have only 6 characters left to separate the blocks.  Your blocks
          would need to average over 17 characters each.  (A pattern of 17,
          17, 17, 17, 17, 17, 18 would fit.)

          4.8. Summary: Picking a key

          The best way to pick a key is to follow these steps.

          (1) Decide how strong you want your key to be, say 200 bits.
          (2) Choose the type of key, say blocks of letters and digits.
          (3) Use the tables above to determine the key length.
          (4) Randomly choose a key of the required length.
          (5) Inspect the key for patterns.
          (6) Adjust the key to remove or reduce the patterns.
          (7) If you will need the key again, write down the key and keep
                  a copy in a secure place.
          (8) Type the key when GK-Crypt asks for it.


               The key to using GK-Crypt effectively is planning.  Before
          you install GK-Crypt on your computer, you should determine which
          files you need to protect.  The list of sensitive data in the
          first chapter can provide a starting point.

          5.1. Copying the GK-Crypt files

               The first step in installing GK-Crypt is to copy the
          GK-Crypt files from the distribution disk onto your computer's
          hard disk.  Suppose that you have inserted the distribution disk
          into the d drive on your computer, and that you want to install
          GK-Crypt in a directory called GK on your c drive.  You would
          copy the files by issuing the command

               copy d:* c:\gk\

          This is a good way to get started.  After you have been using
          GK-Crypt for a while, you may wish to install additional copies
          on your computer so that you have less typing of file names.

          5.2. Multiple copies of GK-Crypt

               Earlier versions of GK-Crypt suggested that users could
          install multiple copies of GK-Crypt on their computers.  These
          copies would be placed in the same directories that contained the
          data to be encrypted.  This would save typing of long data paths.
          However, it also created the potential for errors, since the same
          file could get encrypted using two different copies of GK-Crypt.
          The error would not be detected because each copy of GK-Crypt
          would have its own cache file.

               GK-Crypt Version 03 has been redesigned to eliminate this
          problem.  You should have only one copy of GK-Crypt on your
          computer.  This copy will have one cache that will keep track of
          all the encrypted files on your computer, and prevent such errors
          as encrypting the same file twice, or decrypting a file with the
          wrong key.  This is not only safer, but it saves the extra disk
          space needed for multiple copies.

               To access GK-Crypt from other directories you create a batch
          file named gk.bat.  Suppose that you have placed the GK-Crypt
          program into the \myprogs\security\gkcrypt directory.  Then the
          gk.bat file should contain the single line


          You would place a copy of gk.bat in each directory where you
          normally work with sensitive files that you may wish to encrypt.

          5.3. Installation

               The first time you run GK-Crypt the program will install
          itself.  You run GK-Crypt by typing the command


          and pressing Enter.  During the installation you will choose your
          Master Key.  You need to choose the Master Key carefully so that
          you do not forget it.  We suggest that you read the chapter on
          choosing keys before you start the installation.

               The first thing GK-Crypt will need is the installation
          password.  You will find this password enclosed with the GK-Crypt
          installation disk, unless you have made specific arrangements to
          have it mailed separately.  The password is not case-sensitive.
          You can type it in either upper or lower case.

               The installation password is not related to any encryption
          key used by GK-Crypt.  Knowledge of the installation password
          will not enable, or even help, anyone to read your data files.

               After you have entered the password, you will be asked to
          accept the GK-Crypt Software License.  GK-Crypt can be used only
          under the terms of the Software License.

               The next installation step is to enter your Master Key.  It
          is essential that you choose a long and strong Master Key.  The
          types of passwords that are used for logging onto websites are
          not nearly strong enough to provide any real data security.  See
          the Keys chapter of this manual to learn how to choose a suitable
          Master Key.  Be certain that you write down your Master Key and
          keep several copies in secure places, such as locked in a safe,
          and off-site in a bank safe deposit box.

               However, just to get started, you could use a simple key at
          first, and change to a more secure Master Key later.  Some people
          find it easier to build up a secure key by adding one element at
          a time.  Maybe they start with their childhood pet's name, say
          Fido.  The next time they run GK-Crypt they add another layer,
          say #Fido#.  After a few more runs they add a prefix, maybe
          zIx-#Fido#.  When they have that securely committed to memory,
          they add another bit, perhaps zIx-#Fido#-Q?4.  When they reach 5
          or 6 such elements, they will have a secure Master Key.  Just
          remember that each time you change the Master Key you need to
          replace the copies you have made.

               After setting the Master Key, and verifying that you have
          typed it correctly, GK-Crypt will start your first session.  The
          only key that you must remember is the Master Key.  All other
          keys are generated and recorded for you by GK-Crypt.

          5.4. Practice

               Before you use GK-Crypt on valuable data, it's a good idea
          to make some practice runs.  Create a few small temporary files
          and encrypt them.  Take a look at the encrypted files.  Then
          decrypt the files and look at them again.  Verify that the files
          are back to their original contents.

               It looks miraculous.  The encrypted files are complete
          chaos, total gibberish.  Not even the most sophisticated
          statistical tests can distinguish them from true random data.
          But GK-Crypt restores them to their original form.

               Try encrypting a group of files starting with the same
          letters, such as GKTEST1, GKTEST2 and GKTEST3.  Encrypt and
          decrypt the group as GKTEST*.  Try creating a directory and a
          subdirectory, such as \GKSAMPLE and \GKSAMPLE\SUB.  Put some test
          files in both directories.  Then encrypt and decrypt the whole
          group of files as \GKSAMPLE\.

               You might also want to try a few mistakes, just to see what
          happens.  Try typing your Master Key incorrectly.  Try encrypting
          a file that does not exist.  Try encrypting a file that is
          already encrypted.  You will see that GK-Crypt protects you
          against these types of errors.

               Once you have gotten the hang of it, you are ready to try
          encrypting some real files.  For your own peace of mind, you
          should back up the files first.

               After you have been using GK-Crypt for a while, and you have
          gained confidence in your ability to use it correctly, you may
          want to take all of your old backups, the ones where the data
          files are not encrypted, and destroy them.  Don't just toss them
          away.  Cut the tapes into shreds.  Chop the disks into shards.
          Don't discard all of the bits in the same place.

               From this point on, all of your backups will contain your
          sensitive files only in encrypted form, along with the
          corresponding GK-Crypt Master File and cache.

          6. SAFETY FEATURES

               The GK-Crypt data security package is designed with
          safeguards against all of the common problems that plague other
          data encryption programs.  It is therefore the safest, as well as
          the strongest, data encryption package you can get.

          6.1. Lost keys

               The most frequent problem with encryption occurs when the
          user forgets or loses a file key.  The GK-Crypt package has two
          safeguards against this problem.  The first safety feature is the
          cache.  GK-Crypt records all of the file keys in the cache.  You
          never need to remember or record any of your file keys in order
          to decrypt your data.  The only key you need to record and
          remember is your Master Key.  GK-Crypt remembers all of the other
          file keys for you.

               The second feature that safeguards against loss of keys is
          GK-Crypt's automatic key generation.  GK-Crypt generates all of
          your file keys for you, so you never have to remember file keys,
          or type file keys, or even see any file keys.  GK-Crypt takes
          care of all that work for you.  It also means that the file keys
          can be much stronger than user-selected keys.  The file keys can
          be long and completely random, since they never need to be typed
          or remembered.

          6.2. Strong Master Key

               Some other encryption packages generate all of the keys, not
          just the file keys, but the Master Key and the cache key, too.
          The user does not have to remember any keys at all.

               This is convenient, but it is not safe or secure.  Anyone
          who gets access to your computer can use the program to decrypt
          your files.  Anyone who gets one of your data disks can buy a
          copy of that program and read your files.

               Other packages use strong file keys, but require only a
          simple password to operate the program.  This means that anyone
          who can guess the password can read your files.  It is possible
          to use a program to generate and try millions of passwords per
          second, so it is fairly easy for somebody to get at your data.

               GK-Crypt lets you use strong Master Keys, up to 126
          characters long.  If you follow the guidelines in the chapter on
          choosing keys, then nobody can guess your Master Key, not with
          all the computing power on earth.

          6.3. Unauthorized users

               Suppose that a malicious person obtained access to your
          computer, and tried to disrupt your business by encrypting some
          of your files with an unknown key.  That person might try to
          ransom your data, and ask for a large fee to supply the key to
          recover your data.

               Even if this person, perhaps a disgruntled employee or
          business partner, possessed the Master Key you would still be
          safe.  The cache protects you.  The cache records the key, so you
          can recover the data even under those difficult circumstances.

          6.4. Double encryption

               Another large source of problems with other data security
          packages is double encryption, or double decryption.  This
          happens when the user forgets whether a file is encrypted or not.
          The user might encrypt a file that has already been encrypted, or
          decrypt a file that has not been encrypted, or that has already
          been decrypted.

               Suppose that the user of some lesser security package
          encrypts a file with key 1, and then encrypts it again with key
          2.  After the user decrypts the file with key 2, the file is
          still encrypted with key 1, and therefore unreadable.  If the
          user does not figure this out, and decrypts again with key 2,
          then the data is lost.

               Now, suppose that the user of this other program has
          encrypted the file first with key 1 and then with key 2.  Suppose
          that the user did this intentionally to get extra security
          because the other program was not as strong as GK-Crypt.  If the
          user then decrypted the file with key 1, and then with key 2, the
          file would be completely garbled.  Unless the user could figure
          out what had happened, and then unravel all of the steps, the
          data would be lost.  (To recover the data, the user would need to
          encrypt the data with key 2, encrypt it with key 1, decrypt it
          with key 2 and finally decrypt it with key 1.  Any other sequence
          of steps would garble the file even further.)

               These types of problems cannot happen with GK-Crypt.
          GK-Crypt uses the cache to prevent all such problems.  It will
          not let you encrypt a file twice, or decrypt a file that is not
          encrypted.  It will not let you encrypt a file with one key and
          decrypt it with a different key.

          6.5. Double copies

               Another problem with other data privacy packages is that
          they may make multiple copies of a file.  They encrypt a file by
          reading the file one section at a time, encrypting that portion,
          and writing the encrypted data to a new file.  After they finish
          they delete the original file.  This leaves two copies of the
          file on your disk, the original file and the encrypted file.

               Even though your original file has been deleted, the data is
          still there on your disk, and someone could read it.  There are
          well-known utility programs widely available for this purpose.
          Files often get erased accidentally, so utility programs have
          been written that can recover the data from an erased file.

               This problem is insidious, because the user may never know
          that it has happened.  The file looks fine when it is decrypted.
          The file looks totally random when it is encrypted.  The user may
          never realize that copies of the original file are still right
          there on the hard disk where anyone with a simple utility program
          can read them.

               GK-Crypt eliminates this problem by writing random gibberish
          over the old file before it gets deleted.  This is called
          shredding the file.  Starting with GK-Crypt Version 02, the old
          file is shredded 3 times.

          6.6. Partial encryption

               Some other data security packages use an alternate approach
          to prevent your original data from remaining on your disk.  They
          write the encrypted data on top of your original file.  The
          problem with this solution is if the power should go down, or
          even flicker for a fraction of a second, you will be left with a
          partially encrypted file.  (A surge protector may get you a few
          seconds, but any longer interruption will shut down your computer
          right in the middle of whatever it happened to be doing.)  It may
          be possible to recover the data, if the key is known, but it will
          take a great deal of work to figure out the exact spot where the
          encrypted portion ends and the original data starts.

               GK-Crypt takes a different, safer approach to encrypting a
          file.  If the power goes down during encrypting a file, your
          original file will be untouched.  You will not need to perform a
          data recovery process.  You can proceed as if the power failure
          never happened.

          6.7. Master and cache

               The same safety features that are used for your data files
          are also used for the Master File and the cache file.  The new
          Master File or cache is always written to your disk before the
          old one is deleted.

          6.8. Adding and renaming files

               Although GK-Crypt takes every possible safety precaution
          with the operations under its control, it is still possible for
          problems to occur because of things that the user does outside of

               The first problem occurs if a user renames a file within a
          group of encrypted files.  GK-Crypt bases the key for each file
          within a file group on its file name.  If you renamed the file,
          or moved it to another directory, GK-Crypt would be unable to
          decrypt it correctly.  You should never rename a file while it is
          encrypted.  Only decrypted files can be renamed or moved.

               Likewise, if you restore an encrypted file from a backup
          disk, it must be restored with the same name and to the same
          directory.  If the file has not been encrypted or decrypted since
          the backup was made, then simply copying the backup file to its
          old location is sufficient.  But, if the file has been decrypted
          and then encrypted again since the backup was made, then its
          encryption key on the hard drive, and its encryption key on the
          backup disk will be different.  There are specific steps that
          must be taken in order to make sure that the file is decrypted
          with the correct key, without affecting the decryption of other
          files.  See the section "Backup and recovery" for full details.

               If this problem happens, you can still recover the file if
          you have a backup that also contains the Master File and the
          cache.  The need to make frequent backups is always important,
          but it is doubly important when you are using encryption.

               The second problem occurs if you add a new file within a
          group of files that has been encrypted.  Suppose that you have
          encrypted the file group *.JPG and then you add a new picture,
          SHEEP.JPG to the group.  When you decrypt the group, the file
          SHEEP.JPG will be decrypted along with all of the other picture
          files.  This will leave SHEEP.JPG garbled, because it had not
          been encrypted.

               If this happens, get a new copy of SHEEP.JPG from the
          original source, or from a backup.  This is perfectly safe when
          the file and the group are not encrypted.

               Files operations, such as creating new files, deleting old
          files, and renaming files, should be done only when the files are

          6.9. Backup and recovery

               There are a number of situations where you may need to
          restore your data from a backup disk.  The most serious is when
          your hard disk fails completely.  In this situation, you need to
          install a new hard drive, and reinstall the Windows operating
          system before you can even address the issue of your data files.

               Once your computer is up and running, you can restore your
          data files.  If you have included the GK-Crypt Master File and
          cache on your backup disk, then encrypted files can be restored
          right along with your other files.  They do not require any
          special measures or treatment.  Once you have recovered your
          files, your data will be in the same state as it was when you
          made your backup.

               The other, more common situation, is when you decide that
          you want to restore a specific file to an earlier state.  Suppose
          that you have an encrypted file \novel\chapter6.wp that you wish
          to restore.  Let's assume the worst case, namely that you have
          many encrypted files, and that you have decrypted some, changed
          some, re-encrypted some, added and deleted files, and so forth.
          You want to restore only the file \novel\chapter6.wp and none

               This can be done, but it requires care.  You have to decrypt
          your file with the same key that was used to encrypt it, but
          without altering the encrption keys for any other file.  Begin by
          decrypting the current version of the file.  This removes the
          file name from the cache.  Now, save the current Master File and
          cache in a new directory.  To be extra safe, also copy the
          current version of \novel\chapter6.wp to that directory.  Then
          you can safely copy the old Master File, cache and the encrypted
          file from the backup disk to their former places on your hard
          disk.  Decrypt \novel\chapter6.wp using the old master and cache.
          Finally, copy the current Master File and cache back from where
          you saved them to the GK directory.

               This process is harder than a normal recovery, but with most
          other encryption programs it is not possible at all.


               In the first chapter of this manual it states that GK-Crypt
          is far stronger than any other commercial file encryption
          product.  This is a bold claim.  In this chapter the claim will
          be justified by comparing GK-Crypt to some other encryption
          algorithms (methods) that are in widespread use today.

          7.1. The GK-Crypt algorithm

               In order to explain why GK-Crypt is so much stronger than
          other encryption algorithms, it will be helpful to explain some
          of the technical details of its algorithm.

               GK-Crypt is a secret-key algorithm.  Its strength depends on
          secret keys which are known to the legitimate user, but not to an
          eavesdropper or intruder.  These secret keys are the Master Key,
          the cache key, the shortcut key and the key for each encrypted

               There are two basic kinds of secret-key algorithms, block
          ciphers and stream ciphers.  In a block cipher each block of
          message characters is subjected to a sequence of substitution,
          permutation, and combination steps in order to produce a new
          block of thoroughly scrambled text.  The algorithm combines each
          block of the original message with some part of the key in a
          fixed way.

               In a stream cipher there is some method of extending the
          original key to generate a stream of key characters as long as
          the message.  Each character of the message is combined with the
          corresponding character of the key to produce one character of
          the encrypted message.  In very strong stream ciphers the next
          character of the key will depend on both the original key, and
          the contents of the message.

               GK-Crypt combines both of these methods.  It uses a very
          strong block cipher and a very strong stream cipher.  Either of
          these encryption methods taken alone would be much stronger than
          any current commercial encryption method.  Combined, they become
          stronger than nearly all military and diplomatic encryption
          methods as well.

               GK-Crypt treats the contents of your data file as a sequence
          of blocks that vary from 16 characters to 32 characters, or 128
          bits to 256 bits long.  Each block is encrypted using a block
          cipher.  The block cipher has a 690-character, or 5520-bit key.
          The original key, which is kept in the cache, is 80 characters,
          or 640 bits.  This is expanded into the 690-character, or
          5520-bit block key.  The expansion uses non-linear functions, so
          that the expanded key has no linear relationship with the
          original key.

               The block cipher uses 9 rounds of substitutions in which
          each character of the block is combined with one character of the
          expanded key.  Then each character of the block is combined with
          another character of the block.  These character pairs are
          combined using three independent strongly non-linear functions.
          This means that the bits of the output are not correlated to the
          bits of the input.

               After each round of substitutions the 16 to 32 character
          block is thoroughly mixed using a key-dependent permutation.  The
          9 rounds insure that every character of the encrypted block
          depends on every character of the file block, and every character
          of the original key.

               After each block is encrypted a new key block is generated,
          so that every block of the file is encrypted with a completely
          different key block.  The new key is also generated using 9
          rounds of non-linear character combination and key-dependent
          permutation.  This results in an ultra-strong stream cipher that
          combines 16 to 32 character data blocks with 690-character key
          blocks to produce 16 to 32 character encrypted blocks.

               At every stage in the design of GK-Crypt care was taken to
          make each element of the encryption as strong as possible.  The
          substitution tables were constructed to be as non-linear as
          possible.  The substitution and permutation portions of the block
          cipher use independent keys in each round.  The generation of the
          next block key is done using yet a third independent key.  This
          was done so that if any information about any part of these keys
          can be learned by an opponent, that does not reveal anything
          about the other parts.  Additional safeguards assure that even if
          an opponent somehow knew all of the substitution keys and all of
          the permutation keys for some block, it would still be impossible
          to determine the keys for any other block.

               There is no revolutionary breakthrough here.  GK-Crypt is
          just a solidly engineered process combining powerful encryption
          techniques that have proved reliable for centuries.  For every
          conceivable attack on the encryption, counter-measures have been
          designed and incorporated.

          7.2. AES Advanced Encryption Standard

               AES is an encryption method which was adopted for widespread
          use after a lengthy evaluation of some 35 different proposed
          cryptographic algorithms.  This might lead people to believe that
          AES is therefore the strongest available cryptographic algorithm.
          This is not true.

               The selection process for AES was based on several criteria
          including strength, speed, size, and ease of implementation.  The
          algorithm that was chosen, called Rijndael, was judged to have
          only medium strength.  3 of the 5 finalists in the selection
          process (called Mars, Serpent and Twofish) were judged to be
          stronger.  They were not chosen because they were slower, more
          complex, or required more storage.  The GK-Crypt algorithm is far
          stronger than all 5 of the AES finalists.

               There are several more reasons why GK-Crypt is much stronger
          than the AES algorithm.  GK-Crypt was developed several years
          after AES was made public.  This means that all the features of
          AES which made it secure were known when GK-Crypt was developed.
          All of the secure features of AES were used in GK-Crypt, and
          several new features were added to make GK-Crypt vastly stronger
          than AES.  GK-Crypt versions 02 and higher use variable block
          size and other features that make it even stronger.

               AES was necessarily a compromise.  It had to be small and
          simple in order to be suitable for use in a broad range of
          applications, including tiny low-cost chips imbedded in credit
          cards, passports, medical ID bracelets, military ID tags, and so
          forth.  In the future, even smaller AES chips may be imbedded in,
          or printed directly onto banknotes (paper currency), checks,
          stock certificates, and similar documents.  Such chips have very
          limited storage and computing power, so AES had to be limited in
          size to make it fit.  It also had to be kept simple because it
          was going to be implemented many times by many different
          programmers and chip designers, most of whom have no expertise in

               GK-Crypt was designed solely for use on computers.  It did
          not have to meet stringent constraints on key size and program
          size.  So GK-Crypt can use more storage, take more steps, and use
          longer keys than AES.  It was implemented by an expert computer
          programmer who is also an experienced cryptographer with several
          published papers on cryptography, so it did not need to be small
          and simple.  (Some of the papers are available online.  Links to
          these papers can be found at
          http://www.mastersoftware.biz/gkcrypt.htm.)  The absence of these
          size and complexity constraints allow GK-Crypt to be far stronger
          than AES.

               In terms of key size and number of steps, GK-Crypt is
          roughly equivalent to encrypting 4 times with AES using 4
          independent keys.  AES uses 128-bit keys that are expanded
          internally to 1024-bit keys.  GK-Crypt uses 640-bit keys that are
          expanded internally to 5520-bit keys.  However, GK-Crypt has some
          features that make it much stronger than 4 times AES.  For
          example, GK-Crypt uses a new key for every block of data.  This
          means that an opponent cannot accumulate a large number of data
          blocks that are all encrypted with the same key.  Many
          cryptographic systems have been broken by using a large number of
          messages encrypted with the same key.  AES is vulnerable to such
          an attack, but GK-Crypt is not.

          7.3. RSA public key cryptography

               The security of the RSA public key algorithm rests solely on
          the fact that it is difficult to factor large numbers.  If you
          are given two numbers, say 1511 and 1747 it is easy to find their
          product, 2639717.  It is much more difficult to go the other way,
          given a large number to find the numbers that were multiplied to
          produce it.  These numbers are called its factors, hence the
          factors of 2639717 are 1511 and 1747.  The difficulty grows the
          larger the factors get.  When the factors get up to 100 decimal
          digits or more, it takes a great deal of sophisticated
          mathematics and computing time to factor the number.

               The problem with RSA public key cryptography is that it is
          subject to advances in mathematics.  A few years ago
          mathematicians learned how to use elliptic curves to factor large
          numbers.  Suddenly many public keys that seemed totally secure
          could now be broken, and all of the messages sent using those
          keys could now be read.

               The users of public key cryptography had to develop new keys
          that were larger than the old keys.  But, for some, it was too
          late.  Their secret messages and private files had already been

          7.4. Quantum cryptography

               The newest development in secret communications is quantum
          cryptography.  There are two separate forms of quantum
          cryptography, which may be called "photon cryptography" and
          "quantum entanglement."

          7.4.1. Photon cryptography

               Photon cryptography uses a beam of light in which each
          individual photon, or light particle, has been put into one of
          two different quantum states.  Each photon, therefore, carries
          one bit of the encrypted message.  So photon cryptography is
          basically ordinary cryptography, except that a beam of photons is
          being used to transmit the message, rather than a wire or radio

               The advantage of photon cryptography is that anybody trying
          to eavesdrop, and determine the state of the photons, would
          change their state.  Therefore eavesdropping could easily be
          detected.  That may be true, but the end result is that the
          eavesdropper would receive the message, while the intended
          receiver would not.

               A more sophisticated approach would be for the eavesdropper
          to read the message, and then generate a new photon beam with the
          same quantum states.  The receiver would never know that the
          photons are not the originals.

          7.4.2. Quantum entanglement

               This method is not available to the public, may never be
          available outside of government, and may still be years away from
          practical use.  We discuss it here because it has the potential
          to become an extremely strong cryptographic method.

               The basic idea in quantum entanglement is that the sender
          and the legitimate receiver of a message each have a set of
          quantum particles that are synchronized, or "entangled" with each
          other.  That is, the particles are always in the same quantum
          state, even though they may be many miles apart.  A change to one
          particle causes the same change to its mate.

               The method has a great advantage, which may also be a fatal
          flaw.  Any attempt by an outsider to determine the state of
          either particle can change its state, and thus alert the parties
          that there is an eavesdropper.  However, this property means that
          an opponent can completely disrupt communications simply by
          listening in.  The receiver cannot know if a change in the
          particle is a message from the sender or an attempt by someone
          else to listen in.  This property, therefore, may doom quantum
          entanglement cryptography.

          Appendix A. DOS BASICS

               GK-Crypt runs under DOS, not under Windows.  DOS was the
          primary operating system for personal computers from about 1975
          to 1995.  Older versions of Windows, prior to the introduction of
          Windows 95, ran as tasks under DOS.  Since 1995 the situation has
          reversed, and DOS now runs as a task under Windows.  Every
          computer user before 1995 knew DOS well.  However, newer computer
          users may not be familiar with DOS, so that a little basic
          orientation may be helpful.

          A.1. Starting DOS

               On newer computers it may be difficult even to find DOS in
          order to use it.  There are two methods for running DOS.  The
          first method is to click on a DOS icon from your desktop, or from
          a taskbar at the top or bottom edge of the desktop.  The icon may
          say DOS, or MSDOS, or possibly CMD or COMMAND.  Clicking any one
          of these icons will start DOS.  If there is a DOS icon on your
          desktop or in a taskbar, you can skip the rest of this section.

               If there is no DOS icon on your desktop or taskbar you may
          find one elsewhere.  Start by clicking on "Start" in the corner
          of the screen.  This will bring up a menu listing various
          programs and options.  If there is a DOS icon there, you can use
          it directly, or you could drag it onto the desktop for future
          use.  If it is not there, click on "Programs" or "All Programs."
          This will bring up a long list of various programs that are on
          your computer.  If one of these is DOS, you can click it, or you
          can drag it to the desktop.

               If you still don't see a DOS or CMD icon, put your mouse on
          each of the icons that you see.  Don't click, just let the mouse
          cursor rest on the icon.  This will often bring up another list
          of programs, and DOS may be among them.

               If DOS still is not there, don't give up.  You just need to
          search deeper.  In the list of All Programs there will be some
          folders with names such as "Applications" or "System Utilities."
          Click to open each of these folders.  In those folders you may
          find DOS or CMD.  Or, you may find more folders.  Again, rest the
          mouse on the names of programs, and click on folders to find even
          more well-hidden programs and folders.

               Once you find the DOS icon, drag it to the desktop.  Put the
          mouse cursor on the DOS icon and hold down the left button.  Move
          the mouse to drag the cursor onto the desktop, and then release
          it to drop the icon on the desktop.  Click the desktop to close
          all of the other windows.  Then drag the DOS icon to wherever you
          want it on the desktop.

               If all of this fails, it is time to try the second method.
          Go back to the desktop, and click on "Start" again.  In the list
          of options click on "Run" or "Run Program."  This will open a
          small window with a box where you can type the name of a program
          that you wish to run.  Type CMD in this box, and then press
          Enter.  This will open a DOS window.

          A.2. Sizing the DOS window

               The DOS window will often be a small window in the middle of
          the screen, probably off-center.  It is easier to work with DOS
          in full-screen mode, with no distracting windows or borders.  To
          do this, right click on the top border of the DOS window, and
          select "Properties" from the pop-up window that appears.  Use the
          various options to select full-screen mode.  This may take
          several tries before it works, so don't get frustrated if the
          next time you use DOS you get the same small window, and need to
          resize it again.

               When you do get the full screen mode, the screen is likely
          to be set to 50-line mode.  This makes the characters small and
          crudely formed.  You may be more comfortable using 25-line mode.
          To switch, you can type the command

               mode con lines=25

          This will double the size of the characters and make them easier
          to read.

          A.3. Directories

               In DOS your computer's hard disk is organized into
          directories.  All of the files on your computer are in
          directories.  These correspond to the folders in Windows.
          Directories and folders are the same thing.  A directory or a
          folder can contain files and more directories or folders, so that
          the folders or directories are nested one inside the other in a

               The top of the hierarchy is called the "root directory."
          Typically the root directory does not contain any files.  Rather,
          it contains all of the principal directories on the computer,
          such as

               \Program Files
               \Documents and Settings

          and so forth.  The backslash \ in front of these directory names
          shows that they are directories within the root directory.

               A directory within another directory is sometimes called a
          subdirectory.  In the example above the directory Windows would
          be a subdirectory of the root directory.

          A.4. Current directory

               Files are identified in DOS by using a path, a filename and
          a filetype.  For example,


          Here the path is direc1\direc2, the filename is file1 and the
          filetype is doc.  The path consists of the sequence of nested
          directories which contain the desired file.

               If the path starts with a \ backslash, then the sequence of
          directories start from the root directory.  If the backslash is
          omitted, then the path starts from the current directory.  For
          example, if the current directory is Windows, then the file
          identifier direc1\direc2\file1.doc would refer to the file

               By setting the current directory you can shorten the names
          of programs and files that you must type.  For example, if you
          want to use the program


          to process the data files


          you could type

              \direc1\direc2\prog1 \direc1\direc2\file1.dat

          If you changed the current directory to \direc1\direc2 then this
          could be shortened to

              prog1 file1.dat file2.dat

              The command to change the current directory is cd.  To change
          the current directory to \direc1\direc2 you would type

               cd \direc1\direc2\

          If you later wanted to change the current directory to
          \direc1\direc2\direc3 it is sufficient to type

               cd direc3

          since you were already in the directory \direc1\direc2.

          A.5. Working with directories

               You can make your own directories by using the Make
          Directory command.  For example, if the current directory is
          \direc1\direc2 and you wanted to make a subdirectory called
          direc3, then you could type

               md direc3

          Starting from the root directory, the new directory would be

               To remove a directory, you can use the Remove Directory
          command.  For example, to remove the directory
          \direc1\direc2\direc3 you would type

               rd \direc1\direc2\direc3

          As a safety precaution, you cannot remove a directory until you
          have deleted all of the files in the directory, and removed all
          of its subdirectories.  This prevents you from accidentally
          deleting files that you meant to keep.

               To list the contents of a directory, you can use the
          Directory command.  The basic format is

               dir mydirec /options

          Here mydirec is the directory you want to list.  There are many
          possible options.  Here are a few of the most useful:

               /s    List the contents of all subdirectories
               /on   Sort the files by name
               /os   Sort the files, smallest to largest
               /o-s  Sort the files, largest to smallest
               /od   Sort the files, oldest to newest
               /o-d  Sort the files, newest to oldest
               /p    Pause after every 20 lines

          You can use several options in the same command.  For example,

               dir \direc1 /s /od /p

          would list the files in \direc1 and all of its subdirectories
          sorted from oldest to newest, and pausing after every 20 lines.

               You can also list specific files, files that have a given
          filename or filetype, or files whose filenames and filetypes
          begin with specific letters.  Here are some examples

               dir tax.ref   Lists the file tax.ref.
               dir tax.*     Lists all files with the name tax.
               dir *.doc     Lists all files of type doc.
               dir st*.c*    Lists all files whose filename starts with st
                             and whose filetype begins with c, such as
                             startup.cfg, study.com or state.core.

          The * asterisks in these commands are called wildcards because
          they can be replaced by any set of letters.  These commands can
          tell you whether these files exist, their sizes, and the date
          they were last updated.

          A.6. Identifying files

               All of the data in your computer resides in files.  Files
          contain the operating system, all of the application programs,
          and all of the data that they use and create.  Files are
          identified to DOS by four fields, namely the drive, path,
          filename and extension.

               drive      is the device where your file is stored, usually
                          C for your hard drive, A or B for a floppy drive,
                          D or E for a CDROM drive.

               path       is the directory on your drive where the file is

               filename   is the name that you gave your file.  The name
                          usually indicates the contents or purpose of the

               extension  is a suffix that indicates the kind of file, such
                          as TXT for a text file, JPEG for a picture file,
                          EXE for an executable file, etc.

          A full file identifier might look like this,


               In this example, c: identifies that your file is on the C
          drive, which is your hard drive.  \mycompany\mydepartment\2005\
          is the path to your data.  It shows that the data file is located
          in the 2005 folder, which is inside the mydepartment folder, in
          the mycompany folder.  So the path consists of nested folders, or
          a list of directories.  sales.wp is the file with the data.  The
          filename is sales, and the extension is wp, which indicates that
          it is a WordPerfect document.

               In a file identifier all of the fields except the filename
          are optional.

               drive      can be omitted if the file is on the current
                          drive, that is, the drive where you are now

               path       can be omitted if the file is on the current
                          directory of the drive.

               extension  can be omitted if the file does not have an
                          extension on its name.  For example, if the file
                          is just named oldstuff then no extension is

          Here are some examples of valid file identifiers:

                    identifies the file budget in the current directory
                    of the A drive.

                    identifies the file commissions in the jones directory
                    on the current drive.

                    identifies the file requests.txt in the late
                    subdirectory of the current directory.

          A.7. Long names

               Some Windows files and directories have long names, or names
          containing blanks or dots, such as

               Documents and Settings
               My Music

          Microsoft has made the naming of files and directories
          incompatible between Windows and DOS.  DOS limits directory names
          to 8 characters, and does not allow blanks in names.

               To refer to these directories, you need to shorten the names
          down to 8 characters.  The short name is formed by taking the
          first 6 non-blank characters of the name plus the combination ~1.
          When the name of a directory contains a . dot character, each of
          the parts of the name is treated separately.  For example, for
          the directories above,

               Documents and Settings   would be called   Docume~1
               My Music                 would be called   MyMusi~1
               Microsoft.Net            would be called   Micros~1.Net
               SharedReg12.dll          would be called   Shared~1.dll

          Thus a full path and file name such as


          in DOS would be called


               It is a good idea to give all of your own files and
          directories names that are compatible with DOS.  The names should
          be no more than 8 characters long and should not contain blanks.

          A.8. File operations

               Besides the encryption and decryption operations that you
          perform using GK-Crypt, it can be useful to know several other
          common file operations.

               There is no DOS operation to create a file.  Files are
          created by application programs such as word processors, picture
          editors, spreadsheets, etc.  Once created, files can be copied,
          renamed and deleted.

               It is important to remember that encrypted files should not
          be renamed, and files should not be copied into or out of a group
          of encrypted files.  It is safest to decrypt files before
          renaming or copying.

               To copy a file to a new location, the command is

               copy oldfile newfile

          The old file and new file identifiers can be fully qualified,
          that is, they may have drive, path, filename and filetype.  So
          the copy command can be used to copy files to other directories
          or to other drives.

               Wildcards can be used in the copy command to copy groups of
          files.  For example, the command

               copy \oldpath\*.doc \newpath\*.*

          would copy all files of type doc from the \oldpath directory to
          the \newpath directory.

               The rename command works similarly to the copy command.  The
          form is

               ren oldfile newname

          Here oldfile can be fully qualified, with drive, path, filename
          and filetype.  However, newname can have only a new filename and
          filetype.  There cannot be a new drive or new path because the
          file does not change its location, only its name and/or type.
          For example,

               ren target\x3*.jpg x4*.*

          would rename all of the jpg files in the target directory that
          start with x3 to start with x4.

               The command to delete files takes the form

               del file

          Here, file can be a fully-qualified file identifier, with drive,
          path, filename and filetype.  It can also have wildcards so that
          you can delete several files with a single command.  For example,

               del a:old*.*

          would delete all files in the current directory of the a drive
          whose filenames start with old.

               Note that deleting a file does not erase it.  The file still
          exists on the disk, where it can be read by various utility
          programs that are available for that purpose.  The file will
          remain there until some other file eventually gets written on top
          of it.

          A.9. Batch files

               Batch files are a useful way to reduce the number and
          complexity of the DOS commands that you must type.  Each batch
          file can contain any number of DOS commands.  You execute the
          entire sequence of DOS commands just by typing the name of the
          batch file.

               Here is a simple example.  Suppose that you frequently use
          the program GK-Crypt.  If the current directory is \plans\tower
          but GK-Crypt is in the directory \programs\download then to use
          GK-Crypt you would type


          To make this easier, you could create a batch file named gk.bat
          on the current directory.  This file would contain the single


          Now when you wanted to execute GK-Crypt all you would need to
          type is


               You could place a copy of the batch file gk.bat in every
          directory where you usually work.  Then you could run GK-Crypt
          from anywhere just by typing gk.  You would not need to have
          multiple copies of GK-Crypt.

               There are many other DOS commands and options.  This is just
          a small sample of useful DOS commands.

Back to GK-CRYPT main page
Choosing an Encryption Product
A Quick Overview of Cryptography

© Copyright 2005-2024 Master Software Corporation
All rights reserved. No part of this manual may be reproduced in any form without the express permission of Master Software.