M ASTER  S OFTWARE


QUALITY SOFTWARE SINCE 1958
 

PROTECT YOUR PRIVACY -- PROTECT YOUR SECURITY
with the strongest line of data file and message encryption software available.
OP-Crypt Message Encryption System
Version 01 User Manual - November 29, 2012



          1. OP-CRYPT MESSAGE ENCRYPTION SYSTEM




               OP-Crypt is a powerful new software system that uses the unbreakable
          One-Time Pad encryption algorithm.  This algorithm is the only encryption
          method that has been proven mathematically to be unbreakable.  Without the
          keys, nobody, no matter how much computer power they possess, can ever read
          your messages.

               This means that you can communicate with absolute security.  Your
          messages are safe forever, provided the keys remain secret.

               For over 50 years the one-time pad encryption algorithm has been the
          standard of security for cryptographic products.  Other products claim to
          be "like the one-time pad" or perhaps "as secure as the one-time pad" even
          when they are not at all similar to the one-time pad.  OP-Crypt is the
          one-time pad, the real thing, the algorithm that so many others try to
          emulate.



          TABLE OF CONTENTS


          1. OP-CRYPT MESSAGE ENCRYPTION SYSTEM
            1.1. The One-Time Pad
            1.2. Networks and stations
            1.3. Maximum security

          2. PASSWORDS AND KEYS
            2.1. Installation password
            2.2. Network key
            2.3. Master key
            2.4. Station keys
            2.5. Message ID
            2.6. Key summary

          3. SETTING UP YOUR NETWORK
            3.1. Star network
            3.2. Hierarchical network
            3.3. Cluster network
            3.4. Pairwise network
            3.5. Special stations
            3.6. Distributing keys

          4. USING OP-CRYPT
            4.1. Encrypting a message
            4.2. Decrypting a message
            4.3. Station information
              4.3.1. Adding a station
              4.3.2. Changing a station key
              4.3.3. Deleting a station
              4.3.4. Listing the station names
            4.4. Changing the master key
            4.5. Changing the network key

          5. INSTALLING OP-CRYPT
            5.1. Starting the installation
            5.2. Installation password
            5.3. Software license
            5.4. Network key
            5.5. Master key
            5.6. Completing the installation

          6. KEYS
            6.1. Key Do's and Don'ts
            6.2. Letters, digits and punctuation
            6.3. Key blocks
            6.4. Pronounceable keys
            6.5. Patterns
            6.6. Secretaries and clerks
            6.7. Key strength
            6.8. Summary: Picking a key

          Appendix A. DOS BASICS
            A.1. Starting DOS
            A.2. Sizing the DOS window
            A.3. Directories
            A.4. Current directory
            A.5. Working with directories
            A.6. Identifying files
            A.7. Long names
            A.8. File operations
            A.9. Batch files



          1.1. The One-Time Pad


               The reason that the One-Time Pad algorithm is so secure is that it
          uses a separate key from the key stream for each character of the message.
          A million-character message would use a million keys from the key stream.
          Any character in the message could get changed into any other character,
          completely independently.  So the first A in the message could become W,
          the second A could become # and the third A could become 3, for example.

               Every message uses a different set of keys.  If you sent a second
          message of one million characters, that message would use a different
          million keys from the key stream.  If you sent exactly the same message
          again, the first A in the message could become ], the second A could become
          6 and the third A could become h, for example.

               The problem with classical one-time pad systems is that you eventually
          run out of keys.  Then you need to supply new keys to all of the parties --
          but how can you keep the new keys secret if you have run out of keys?  You
          cannot use the one-time pad to send new keys because you need one key to
          protect each key that you send.  For every new key you distribute you use
          up one key.  You can never get ahead.

               OP-Crypt does not have this problem.  It uses an infinitely long key
          stream.  No matter how many messages you send, and no matter how long your
          messages are, you can never run out of keys, and you never need to reuse
          keys, or to distribute more keys.  The key stream is infinitely long, so it
          never gets used up.

               OP-Crypt, however, is much stronger than the basic One-Time Pad.
          Op-Crypt first performs a One-Time Pad encryption, as described above.
          Then it performs a block encryption, and then a second, independent,
          One-Time Pad encryption.  Triple encryption.  The result is a uniquely
          powerful encryption, completely and permanently unbreakable.



          1.2. Networks and stations


               OP-Crypt is designed for use by a group of people who need to
          communicate secretly with one another.  The entire set of users is called a
          network.  The network may be any type of organization, commercial, social,
          diplomatic, professional, military, religious, or any other.  Each party
          within the network is called a station.  A station may be an office of a
          company, a department of an organization, a branch, an embassy, an agency,
          an individual, or simply an email address.

               Within a network, an office or person could operate several different
          stations for communications.  Thus the same individual could be Larry, El
          Paso, and oilman@sym3.net.



          1.3. Maximum security


               OP-Crypt has been designed for maximum security.  Every file that
          OP-Crypt uses is securely encrypted.  Every file that OP-Crypt produces is
          securely encrypted.  It has been designed to leave no openings and no
          weaknesses that any potential opponent could use to breach the system.  All
          of the different encryptions require a lot of different keys.  The
          following sections describe all of the different types of passwords, keys
          and identifiers that OP-Crypt uses to achieve such extreme security.



          2. PASSWORDS AND KEYS



               OP-Crypt uses a system of passwords and keys to assure that your
          messages remain secure, even if other parties had the OP-Crypt software,
          and even if they obtained your disks or possibly your computer itself.

               There are five different kinds of passwords and keys, so you might
          think that you will need to memorize and endlessly type a whole array of
          keys.  Be assured, right from the outset, that the only key that you need
          to memorize is the master key, which you choose yourself.  The other keys
          are either generated by the software, or they are typed only once when
          OP-Crypt is installed at each station.



          2.1. Installation password


               There is one password used with OP-Crypt, namely the installation
          password.  This password is required to install the OP-Crypt software on
          your computer.  If somebody were to obtain your copy of the OP-Crypt
          software, they would not be able to install it on their own computer
          without this password.  The installation password is 14 characters, and has
          the form xxxx-xxxx-xxxx, where each x can be either a letter or a digit,
          for example, A1B2-CD34-E56F.



          2.2. Network key


               When you install OP-Crypt you must supply the network key for your
          network.  It is essential that you choose a strong network key.  You should
          carefully read the chapter on choosing keys before you select your network
          key.

               The network key is the same for every station within your network.  It
          is used to mix the encryption tables.  This personalizes OP-Crypt for your
          network.  Every station in your network must use the same encryption tables
          so that they can communicate.  Other purchasers of OP-Crypt who do not know
          your network key cannot read your messages, and you cannot read their
          messages.  The encryption tables that you use in your network are produced
          using your network key to mix the encryption tables that Master Software
          has generated.

               It is vital that you choose a strong network key.  You should read the
          chapter on choosing keys before selecting your network key.  To make
          certain that every station types the network key correctly, OP-Crypt
          generates a 4-digit verification code.  When you send the network key to a
          station, you should also send the verification code to avoid dangerous
          errors.  It is also a good idea to send and return a test message to each
          new station to verify that the key was entered correctly.



          2.3. Master key


               When the encryption tables are stored on your computer they are
          encrypted using strong 640-bit keys generated by OP-Crypt.  These keys are
          never seen by the user.  They are kept in a special file called the master
          file.  The master file is encrypted by a master key chosen by the user.
          Every station can choose a different master key.  The master keys are not
          shared or distributed.  For maximum security, no station should know the
          master key of any other station.

               The master file and the master key are the heart of the system.  If
          someone could obtain both your master file and your master key, they would
          have complete access to all of your files and messages.  They would even
          have access to your station key file, so it is possible that they could
          read messages between other stations.

               It is therefore absolutely essential that every station chooses a
          strong master key.  A weak master key at one station would compromise the
          entire network.  Carefully read the chapter on choosing keys before you
          select your master key.



          2.4. Station keys


               Each station has a station name, or ID, and a station key.  The
          station ID can be public.  It can be used openly in emails, letters and
          phone calls.  The station ID can be up to 20 characters long, and may be
          anything you find convenient to identify your correspondents.  Examples are
          Charlie, Austin branch, red-dog, Bosley Bank Ltd, Eagle 1, Smith's Grocery,
          Sister Divinity, and so forth.

               For each station ID there is a corresponding station key.  These keys
          should be kept strictly secret.  Follow the rules in the Keys chapter for
          choosing strong keys.  The station ID and station key are typed just once
          for each station.  OP-Crypt remembers them for you in a securely encrypted
          file.



          2.5. Message ID


               The key for each message is built by OP-Crypt from a message ID chosen
          by the user.  The message ID should be completely random, and at least 10
          characters long.  It is not a safe practice to vary the message ID in some
          systematic way, like numbering the messages sequentially, or obtaining the
          message ID from the date and time.  Some sample message IDs might be 

               D4Z7 U8C9 J3Y5
               ZTyD-594-WhC
               16=47;308%52
          
               The message ID does not need to be secret.  It can be included in the
          body or subject line of an email or letter that accompanies the message
          file.  OP-Crypt will use the station key of the sender, the station key of
          the receiver, and the message ID to construct a secure message key.  So, if
          the message is sent as an attachment to an email, the email should contain
          these 3 identifiers worked into its text (unless the sender ID and/or the
          receiver ID can be determined from the email addresses).



          2.6. Key summary


               The following table gives a quick overview of the different passwords
          and keys used by OP-Crypt.  

          Installation password
               Generated by Master Software
               Typed once at installation
               Never used again
          Network key
               Chosen by the users
               The same for all stations
               Typed once at installation
               Can be changed later
          Master key
               Chosen by each user
               Different for each station
               Typed at every session
          Station keys
               Chosen by the users
               Typed once for each new station added
               Can be changed later
          Message ID
               Chosen by the message sender
               Different for every message
               Typed once by sender, once by receiver
          



          3. SETTING UP YOUR NETWORK



               Before you install OP-Crypt, and before you begin to distribute keys,
          you need to consider how you want to set up your network.

               If the network is small, if every station knows about every other
          station, and if you want all of the stations to be able to communicate
          freely with each other, then there is no decision required.  You simply
          distribute the network key and all of the station keys to everyone.

               If the network is large, and you do not want every station to know
          about and communicate with every other station, then you should consider
          other ways of organizing your network.  The following sections describe
          some of the possibilities.



          3.1. Star network


               In a star network, all communications flow from one central station,
          called the network hub, to all of the other stations.  In this model, none
          of the stations know about any other station except the hub.  Each station
          receives only the network key, the station key for the hub, and its own
          station key.  Normally all of the keys are chosen by the hub.

               In a star network none of the outer stations can communicate directly
          with each other, and none of the outer stations has the ability to read any
          of the messages sent between the hub and any other station.  If one outer
          station needs to send a message to another station it must be relayed
          through the hub.  The hub will decrypt the message using the sender's ID,
          then re-encrypt it using the receiver's key and a different message ID.



          3.2. Hierarchical network


               In a hierarchical network there is also one central station, but some
          of its outer stations may have their own networks, also organized as star
          networks.  This may continue for several layers.  Each station may
          communicate with its own local network and with its hub.

               In the centralized model, there will be one network key for the entire
          hierarchy.  The central hub chooses all of the station keys, and
          distributes the appropriate set of keys to each station, according to its
          place in the network.  Each station can communicate up the hierarchy as far
          as the central hub, and down the hierarchy to the stations below it.
          Stations cannot communicate across the hierarchy, or read messages sent in
          other parts of the network.

               In the decentralized model, there may still be just one network key
          for the whole hierarchy, or each local star network could have its own
          network key.  In the latter case, each station can communicate only one
          level up and one level down the hierarchy.  A station in the middle of the
          hierarchy, one which is neither the central hub, nor at the outermost
          layer, will require two separate copies of OP-Crypt with two separate sets
          of encryption files, one for communicating up the network, and one for
          communicating down.

               In a decentralized network, each local hub will select and distribute
          the station keys for its own outer stations.  Stations elsewhere in the
          hierarchy, even stations higher up, will not know either the network key or
          the station keys for any other local star network.  No station will be able
          to communicate with, or to read the messages of, any other station outside
          of its own local star.  Even messages from the central hub will need to be
          relayed down the hierarchy through all of the intermediate hubs.



          3.3. Cluster network


               In a cluster network, certain groups of stations will communicate
          directly with one another.  Each station in a cluster will know the names
          and keys of every other station in its cluster.  Typically, each station
          will choose its own station key and distribute that key to the rest of the
          cluster.  The clusters themselves might be organized as a star network or a
          hierarchy.  For example, all of the stations in each geographic area may
          form one cluster, while all of the clusters are controlled from a single
          central hub, or headquarters.



          3.4. Pairwise network


               Some pairs of stations in a network may have a larger volume of
          message traffic which may justify having special station names and keys for
          that traffic.  For example, the Dallas office may have heavy communications
          with the Fort Worth office.  So the Dallas office may be known by the
          station name Dallas to the rest of the network, but to the Fort Worth
          office it may be known as TexHQ.



          3.5. Special stations


               In larger networks it may be desirable to reserve some station names
          for special purposes.  One such purpose might be to broadcast messages,
          where the hub wants to send the same message to every station, but does not
          want to take the time to encrypt it separately for each station.  In this
          case it could use a special broadcast station name, and send the message to
          all of the stations using that name for the receiving station.  That way,
          only one encrypted copy of the message would need to be generated.

               Another special station name might be used for distributing keys, for
          example when changing the network key or adding new stations.  The use of
          the alternate station name would alert the receiver to the special nature
          of the message.  Such a message might have a special structure that
          conceals its purpose, for example hiding the key inside some completely
          innocent text.



          3.6. Distributing keys


               Once the network is set up new keys can be distributed using messages
          encrypted by OP-Crypt.  But, how do you distribute keys before your network
          is set up?  How do you distribute keys to a new station that has not yet
          joined the network?

               If you already have a message encryption system, and you are upgrading
          to OP-Crypt, then you can distribute keys through the old system.  Suppose,
          though, that you are upgrading because you no longer trust your old system.
          Then it would be foolish to use the old system to distribute keys for the
          new system.

               A better way to distribute keys is by encrypting them with NK-Crypt.
          This is another product offered by Master Software.  NK-Crypt has the
          advantage that it does not require any exchange of keys.  It avoids the
          problem of what key to use when sending the first secret key.  So you can
          use NK-Crypt to send the new station the network key, its station name and
          station key, and the hub's station name and key.  Once this initial setup
          is completed you can use OP-Crypt to send the other station names and keys.



          4. USING OP-CRYPT



               Although there are many keys and many files involved with OP-Crypt,
          using OP-Crypt is really very easy.  The program tells you at every stage
          what needs to be done.  You choose the actions, such as encrypting and
          decrypting messages, and the program tells you what file names, keys and
          ID's are needed.

               To start OP-Crypt, you type the OP command at the DOS prompt.  That
          is, you type 

               OP

          and then press the Enter key.  The first time you run OP-Crypt it will
          install itself.  That will be explained in a later chapter.

               OP-Crypt will ask you what you want to do.  The choices are as follows
          

               Do you wish to
                 E - Encrypt a message.  Make it unreadable to send it.
                 D - Decrypt a message.  Read a received message.
                 S - Edit station keys (add, delete, change).
                 M - Change master key.
                 N - Change network key.
                 Q - Quit.

               Type your choice (E, D, S, M, N or Q):

          You type a letter to indicate your choice.  For example, if you want to
          encrypt a message, you would type E.



          4.1. Encrypting a message


               To encrypt a message you need to supply 5 pieces of information.  Once
          you have typed E to select "Encrypt a message" OP-Crypt will prompt you for
          each item.

               The first item is the name of the file that contains your message.
          You can create the file the same way you create any file on your computer,
          for example by using a text editor or a word processor.  You do not need to
          be concerned about the format of the file.  OP-Crypt can handle any file in
          any format created by any program.  You will be prompted for the file name 

               Enter the name of the message file to be encrypted,
               for example \MESSAGES\NEWMESSAGE.TXT or type Q to quit.

               File name:

          Type the name of your message file and press Enter.  For example, if you
          want to encrypt the file munitions.list then you would type munitions.list
          like this 

               Enter the name of the message file to be encrypted,
               for example \MESSAGES\NEWMESSAGE.TXT or type Q to quit.

               File name: munitions.list

          and then press Enter.

               Next you need to give the name of the file where you want OP-Crypt to
          put the encrypted message.  You may use any file name you wish.  

               Enter the name for the resulting encrypted file, for example
               \ALBUM\PHOTO36.JPG or type Q to quit.

               File name:

          Type the name of the result file and press Enter.  For example, if you want
          the encrypted file to be called birthday then you would type birthday.
          After the encryption process is finished, you would send the file birthday
          to the receiving station.  You will need to tell the receiver the message
          ID.

               Note that OP-Crypt does not erase or over-write the files that you
          encrypt.  In the example above, the original unencrypted message would
          still be in the file munitions.list and the encrypted message would be in
          the file birthday.  This allows you to send the same message to any number
          of stations, with each copy encrypted for that station.

               Bear in mind, however, that when the encryption process is finished,
          the message file is still there on your computer.  If an opponent could
          possibly have access to your computer, the message file should be either
          shredded or encrypted.  It is not sufficient simply to erase the file,
          since it would remain on your hard drive.  You could use GK-Crypt to
          encrypt the file.

               The next steps in the encryption are to give the station ID of the
          sender (your own station), the station ID of the receiver (the station you
          are sending to), and the unique message ID.  You type this information when
          you receive the following prompts:  

               Enter the station ID of the message sender.
               Sender ID:

               Enter the station ID of the message receiver.
               Receiver ID:

               Enter the message ID.  Every message should have a unique
               message ID at least 10 characters long.  The message ID is
               case-sensitive, so west, West and WEST are all different.
               Message ID:

          The station ID that you enter can be any station ID that you have
          previously set up.  A later section describes how you set station IDs.

               The message ID should be completely random and at least 10 characters
          long.  Every message sent in your network must have a different message ID,
          for example, KZX 937 UDF 491.  It is not safe to form the message ID in any
          systematic way.



          4.2. Decrypting a message


               Decrypting a message is the opposite process from encrypting the
          message.  You enter the same information in a slightly different order.
          The first file name that you type will be the file containing the encrypted
          message that you received.  The second file name that you type will be the
          file where you want OP-Crypt to place the decrypted message so that you can
          read it.

               You select the decryption task from the main menu by typing D for
          Decrypt a message like this, 

               Do you wish to
                 E - Encrypt a message.  Make it unreadable to send it.
                 D - Decrypt a message.  Read a received message.
                 S - Edit station keys (add, delete, change).
                 M - Change master key.
                 N - Change network key.
                 Q - Quit.

               Type your choice (E, D, S, M, N or Q): d
          
               OP-Crypt will prompt you for the name of the file that you want
          decrypted.  This is a message file that you have received from the sending
          station.  

               Enter the name of the message file to be decrypted,
               for example \MESSAGES\NEWMESSAGE.TXT or type Q to quit.

               File name:

          If the message file is called birthday you would type birthday and press
          Enter.

               Next, OP-Crypt prompts you for the name of the file where you want the
          decrypted message to be placed.  Depending on what type of software was
          used to create the file, it may be important that the decrypted file have
          the same file type as the original file.  For example, if the original file
          was created by WordPerfect it would have the file type wp, for example
          merger.wp.  If you are going to read the file using WordPerfect then the
          decrypted file should also have the file type wp, for example newplan.wp.  

               Enter the name for the resulting decrypted file, for example
               \ALBUM\PHOTO36.JPG or type Q to quit.

               File name:
          
               As with the encryption process, you will be prompted for the name of
          the sending station, the name of the receiving station, (your own station),
          and the message ID.  The sender should have sent you the message ID along
          with the message.  For example, it might be contained somewhere within an
          email that had the encrypted message attached.  You type this information
          following the prompts 

               Enter the station ID of the message sender.
               Sender ID:

               Enter the station ID of the message receiver.
               Receiver ID:

               Enter the message ID.  Every message should have a unique
               message ID at least 10 characters long.  The message ID is
               case-sensitive, so west, West and WEST are all different.
               Message ID:

          The decrypted file will be placed in the file you chose.  You are
          responsible for deleting or securing that file after you have read the
          message.  For example, if you plan to keep the file, you may encrypt it
          using GK-Crypt.  Alternatively, you may delete and shred the file, and
          create it again when it is needed by using OP-Crypt to decrypt the message
          file.



          4.3. Station information


               To create or change information about the stations in your network you
          would select S - Edit station keys from the main menu.  

               Do you wish to
                 E - Encrypt a message.  Make it unreadable to send it.
                 D - Decrypt a message.  Read a received message.
                 S - Edit station keys (add, delete, change).
                 M - Change master key.
                 N - Change network key.
                 Q - Quit.

               Type your choice (E, D, S, M, N or Q):

          At the prompt you type S.

               This will select the station editing function.  You can use it to add,
          delete or change network stations.  OP-Crypt will prompt you like this 

               Do you wish to
                 A - Add a new station.
                 C - Change a station key.
                 D - Delete a station.
                 L - List the stations.
                 Q - Quit.

               Type your choice (A, C, D, L or Q):

          You type the letter indicating your choice.


          4.3.1. Adding a station

               You add a new station by giving the station name, or station ID, and
          the station key.  The station name is any name that you choose to identify
          one of the parties in your network.  The station names should be names that
          are meaningful to you and easy to remember.  It is not necessary to make
          them cryptic or random, or to keep them secret.  The station names may be
          used freely in open communications, such as emails that accompany your
          secret messages.

               The station keys, however, should be kept strictly secret.  They
          should be long strong cryptographic keys.  It is not safe to build the
          station keys from the station names in any type of systematic way.  For
          example, if your stations are called red, white and blue it would be
          completely unsafe and unwise to make the station keys red-key, white-key
          and blue-key or xzq:red, xzq:white and xzq:blue or r/ED, whi/TE and bl/UE
          or any similar nonsense.

               Don't cut corners.  Follow the rules in the chapter on keys and always
          use strong keys.

               When you have selected A to add a station OP-Crypt will prompt you for
          the station name.  

               Enter the station name (station ID).
               The name may be 1 to 20 characters.
               Station name:

          The station name is not case-sensitive.  The names charley, Charley and
          CHARLEY are all equivalent.  You may type the station name in upper case,
          lower case or mixed case, as you wish.

               After you have entered the station name, OP-Crypt will ask for the
          station key.  

               Enter the station key.  The key may be 1 to 126 characters.
               The key is case-sensitive, so west, West and WEST are
               3 different keys.  Or, type Q to quit.
               Station key:

          The station key must be entered exactly.  All characters count, including
          blanks.  The key is case-sensitive.

               To help insure that each station key is entered correctly, every
          station key has a 4-digit verification code.  Suppose that station Bravo
          has chosen the station key SDV8493tz5967Wh.  When station Bravo adds this
          key to its own station list, OP-Crypt will display the verification code
          9179 like this 

               The key verification code is 9179.  Is this correct?
               Type Y or N:

          They should carefully inspect the station key that was entered.  If it was
          typed correctly they would type Y to accept the key.

               When station Bravo distributes the station key SDV8493tz5967Wh to
          other stations, they should also distribute the verification code 9179.
          When another station adds station Bravo to its station list, they should
          check the verification code to make sure it matches.  Let's say they get 

               The key verification code is 4308.  Is this correct?
               Type Y or N:

          This does not match, so they should type N.  This means they did not type
          the station key correctly.  OP-Crypt will give them another chance to type
          the station key.

               Each station key needs to be typed only once.  After the station key
          has been entered and verified OP-Crypt will remember it, so it will not
          need to be typed again.


          4.3.2. Changing a station key

               Changing a station key works similarly.  OP-Crypt prompts for the
          station name.  

               Enter the station name (station ID), or Q to quit.
               Station name:

          You type the station name and press Enter.  The name may be typed in upper
          or lower case.

               OP-Crypt will then prompt you for the new station key.  This should be
          a strong key, using the guidelines in the chapter on keys.  

               Enter the new station key.  The key may be 1 to 126 characters.
               The key is case-sensitive, so west, West and WEST are considered
               3 different keys.  Or, type Q to quit.

               Station key:
          
               To be certain that you have typed the station key correctly, OP-Crypt
          will display the verification code.  When a station key is first created,
          the verification code should be recorded.  When the station key is sent to
          other stations, the verification code should also be sent so the other
          station can be sure the station key was sent and typed correctly.  For
          example, 

               The key verification code is 1234.  Is this correct?

               Type Y or N:

          If the verification code matches, type Y for Yes.

               When a station key is first created the verification code should be
          recorded.  When the station key is sent to other stations, the verification
          code should also be sent so the other station can be sure the station key
          was sent and typed correctly.


          4.3.3. Deleting a station

               The procedure to delete a station is straightforward.  You simply
          specify the station name after the prompt 

               Enter name (ID) of the station to be deleted.

               Station name:

          To delete station W:Smith you would type W:Smith and press Enter.  Station
          names are not case-sensitive, so you can type them in upper case, lower
          case, or mixed case, as desired.


          4.3.4. Listing the station names

               Selecting L from the Station Editing menu will list all of the station
          names.  The list is written to the file OPCRYPT.LST.  You can use the list
          to decide whether any stations should be deleted, or to find any station
          names you may have forgotten.



          4.4. Changing the master key


               Stations should change their master keys regularly.  The master key
          should be changed any time someone who has access to the master key leaves,
          and any time there is a suspicion that some unauthorized person may have
          obtained the master key.  This prevents the person from coming into your
          premises, copying files from your computer, and then reading them.
          Depending upon how your network is organized, somebody who obtained your
          master key and master file might also be able to read messages between
          other stations.

               To change the master key you would select M - Change master key from
          the main menu.  

               Do you wish to
                 E - Encrypt a message.  Make it unreadable to send it.
                 D - Decrypt a message.  Read a received message.
                 S - Edit station keys (add, delete, change).
                 M - Change master key.
                 N - Change network key.
                 Q - Quit.

               Type your choice (E, D, S, M, N or Q):

          At the prompt you type M.

               OP-Crypt will prompt you to enter the new master key.  

               The Master Key is case-sensitive.  For example, the 6 words
                  sample   Sample   SAMple
                  SAMPLE   SamPle   SamplE
               are all considered different keys.  All characters are taken
               as part of the key, including leading and trailing blanks.

               Please enter the new Master Key.
               Key:

          The master key must be typed exactly.

               You should carefully examine the master key to be sure that you have
          typed it correctly.  If you type it incorrectly, and you do not remember
          exactly how you typed it, then you will be unable to use OP-Crypt.  You
          will have to restore the OP-Crypt files from a backup.  OP-Crypt will give
          you the chance to correct any errors.  

               Please check the Master Key carefully.
               (xxxx)

               Is the Master Key correct?  (Y or N):

          Here xxxx is the key you typed.  If it is correct, type Y, otherwise type
          N.

               It is so important that you type the master key correctly, that
          OP-Crypt will give you a second chance to verify the key.  

              For verification, please enter the new Master Key again.

              Key:

          Type the master key again.  If it matches, then OP-Crypt will change to the
          new master key.  If the two keys do not match, OP-Crypt will display 

              THE KEYS DO NOT MATCH

          You will then be given a chance to repeat the process.  You should type the
          master key more slowly and carefully the second time.



          4.5. Changing the network key


               From time to time you may decide to change the network key.  Some
          experts recommend changing the network key every day.  This means that an
          opponent who somehow obtained the network key would be able to read
          messages that were intercepted only on a single day.  Another approach is
          to change the network key only when there is physical evidence that the
          network has been compromised, for example if a lock has been forced, or
          disks are missing.

               To change the network key you would select N - Change network key from
          the main menu.  

               Do you wish to
                 E - Encrypt a message.  Make it unreadable to send it.
                 D - Decrypt a message.  Read a received message.
                 S - Edit station keys (add, delete, change).
                 M - Change master key.
                 N - Change network key.
                 Q - Quit.

               Type your choice (E, D, S, M, N or Q):

          At the prompt you type N.

               OP-Crypt will prompt you to enter the new network key.  

               Please enter the new network key.  The network key may be up
               to 126 characters long.  The network key is case-sensitive, so
               abcd and ABCD are not equivalent.  All characters count,
               including blanks.

               Network key:

          The network key must be typed exactly.

               To be certain that the network key has been entered correctly a
          4-digit verification code is used.  When the hub station distributes the
          new network key, they should also distribute the verification code.
          Op-Crypt will display the code, for example 

               The verification code is 9999

               Is this correct?  (Y or N):

          If the verification code matches, type Y for Yes.

               All stations must change the network key at the same time.  If one
          station sent a message to another station using an older or a newer network
          key, the receiving station would be unable to decrypt the message.



          5. INSTALLING OP-CRYPT



               The first time you use OP-Crypt it will install itself.  The first
          step in installation is to copy the OP-Crypt files from the installation
          disk to your hard disk.

               Place the distribution disk in your CD-ROM drive.  You can copy the
          file using Windows or using DOS.  To copy the files using Windows, click on
          My Computer on your desktop, and then click on your CD-ROM drive.  For each
          file, follow these steps:  (1) Put the cursor over the file to highlight
          it.  (2) Click on Files on the toolbar.  (3) Click on Copy.  (4) Follow the
          hierarchy of folders until you reach the folder where you want to install
          OP-Crypt.  (5) Click on Copy again.  Alternatively, in step 1 you could
          hold down the Ctrl key and hover the cursor over each file in turn before
          performing the other steps.

               It is much easier to copy the files using DOS.  Suppose that your
          CD-ROM drive is your d drive, that your hard drive is your c drive, and
          that you have chosen to install OP-Crypt in a directory called \vacation.
          Then you would copy the files to your hard drive by typing the command 

               copy d:*.* c:\vacation\

          That will copy all of the files in one step.



          5.1. Starting the installation


               Once OP-Crypt is on your disk, you can run it from DOS by typing the
          OP command, like this 

               op

          The first time you run OP-Crypt it will take you through the installation
          procedure.  It will first ask if you are ready 

               OP-Crypt Program Installation
               During the installation you will need to choose the Master Key.
               Please consult the OP-Crypt User Manual before making this
               important decision.

               Do you wish to continue the installation now?
               Choose (Y or N):

          If you are ready to proceed, type y.



          5.2. Installation password


               To install OP-Crypt you must supply the installation password.  This
          protects you from somebody obtaining your distribution disks and installing
          OP-Crypt to read your messages.  OP-Crypt will ask 

               Please enter the installation password.  The password
               is enclosed with the distribution disk.  The password
               is 14 characters long, for example A123-B456-C789

               Password:

          Type the 14-character installation password that you have been sent,
          including the two hyphens.

               As a precaution, you may request that the installation password be
          sent separately from the distribution disk, possibly to a different mailing
          address.  It can be sent in a plain white envelope with no return address.



          5.3. Software license


               The next step is to read the Software License.  OP-Crypt will display 

               The OP-Crypt Message Encryption System may be used only under
               the terms of the Software License.  Please select:

               A: I have read the Software License and I agree to the terms.
               D: Display the Software License so I can read it now.
               Q: Quit.  Do not install OP-Crypt.

               Select A, D or Q:

          To accept the terms of the Software License, type a.



          5.4. Network key


               The encryption files for each network get personalized using the
          network key.  Each network chooses its own network key, which should be
          kept strictly secret.  Since the network key is central to the security of
          the entire network it is absolutely essential that you choose a strong
          network key.  Read the chapter on keys before making this important
          decision.  

               Please enter the OP-Crypt network key.  The network key may be up
               to 126 characters long.  The network key is case-sensitive, so
               abcd and ABCD are not equivalent.  All characters count,
               including blanks.

               Network key:

          The network key must be typed exactly.

               To verify that the network key is correct, check the verification
          code.  The verification code should be distributed along with the network
          key to all of the stations in the network.  For example, 

               The verification code is 1234

               Is this correct?  (Y or N):

          Type Y if it is correct, N if it is not.



          5.5. Master key


               The master key is used for encrypting the OP-Crypt files on your hard
          disk.  This protects you in case somebody copies your hard disk, or even
          takes your entire computer.  Without the master key they cannot read your
          encryption files, and without your encryption files they cannot read your
          messages.

               Each station chooses its own master key.  It is essential that every
          station picks a strong master key.  If even one station in a network used a
          weak master key, that would endanger the privacy of every message to and
          from every station that was using the same network key.  This is truly a
          case where the weakest link breaks the chain.

               Unlike all of the other keys and passwords used by OP-Crypt, which are
          typed only once, the master key must be typed each time you start OP-Crypt.
          You need a master key that is both strong and easy to remember.  Be sure to
          read the chapter on keys before choosing your master key.  Enter the master
          key at the prompt 

               The Master Key is required for running OP-Crypt.
               The Master Key is case-sensitive.  For example, the 6 words
                  sample   Sample   SAMple
                  SAMPLE   SamPle   SamplE
               are all considered different keys.  All characters are taken
               as part of the key, including leading and trailing blanks.

               Please enter the Master Key.

          Type your master key exactly and then press Enter.



          5.6. Completing the installation


               The rest of the installation is done automatically by OP-Crypt.  It
          takes some time to personalize the encryption files and write them to your
          hard disk.  The program will display 

               Installing the OP-Crypt files ...

          Do not interrupt the program during the remainder of the installation
          process.

               When the installation is complete, OP-Crypt will automatically start
          your first session.  It is a good idea to verify the installation by
          encrypting and then decrypting a sample message.  Once you are satisfied
          that the program has been installed correctly it is strongly recommended
          that you back up your hard disk.



          6. KEYS



               Choosing the keys for encrypting your files is one of the most
          critical steps in using the OP-Crypt package.  If you choose a short or
          weak key, it may be easy to remember and easy to type each time you need
          it, but your data will not be secure.  It is a serious mistake to think
          that you can use a weak key simply because you are using such a strong
          encryption package.  A strong safe with a weak lock is not secure.

               If you choose a long strong key your data will be more secure, but it
          will be harder for you to remember it and to type it accurately each time
          it is needed.  This chapter will describe techniques for choosing keys that
          are both secure and easy to remember and to type accurately.



          6.1. Key Do's and Don'ts


               Many people try to take shortcuts in order to have keys that are easy
          for them to remember.  You need to assume that any opponent will also be
          aware of the same shortcuts.  Here are some simple rules that can help
          prevent a costly error.

               When you choose a key, do not base the key on your personal
          information.  Assume that your opponent knows all of your personal data.

          DO NOT base your key on 

               Your birthday
               Your telephone number
               Your Social Security number
               Your license plate number
               Your spouse's, child's, parent's, sibling's or even
                 your pet's name, birthday, phone number, etc.

          DO NOT base your key on commonplace phrases 

               Nursery rhymes
               Song titles or lyrics
               Folk sayings
               Names of famous people, groups, places or events
               Names of books, plays or TV shows
               Punchlines from jokes
               Well-known dates
               Tongue twisters
               Words or phrases in other languages

          DO NOT use data widely known within your specialized field 

               Digits of pi or e
               Names of bones, nerves, or organs
               Names of stars, minerals, geological features, bacteria,
                 ancient cultures, alloys, proteins, theorems, etc.
               Mnemonics
               Names of people, schools, companies, places, etc.
               The speed of light, Avogadro's number, the Golden Ratio, etc.

          DO NOT choose sequences of consecutive letters from the alphabet or from
          the keyboard, whether forwards, backwards or diagonally.

          DO NOT use the keys that appear in this manual.  Always assume that your
          opponent has read it, too.

          DO use a long key.

          DO try to make your key as random as possible.

          DO read this entire chapter on picking keys.

          DO evaluate the strength of your key according to the principles in the
          following sections.

          DO make your Master Key extra long and strong.



          6.2. Letters, digits and punctuation


               If there are several people who need access to the data, and who are
          trusted with the keys, then the problem of recording or memorizing the keys
          becomes multiplied.  Some people have the capacity to memorize long strings
          of random-looking letters and/or digits, but most people cannot do this.
          The safest course is to write down your key, and keep it in a secure place,
          such as a locked safe.  Other techniques will be discussed in a later
          section.  It is advisable to have several copies, in case one copy gets
          lost, stolen or destroyed.

               The strength of an encryption key is measured in bits, the binary
          digits that are used by your computer's hardware.  Here is a rough guide to
          how many bits you get from each character in an encryption key when the
          characters are chosen randomly.  

               Table 1.  Strength of each character in a key.

               Decimal digits = 3.3 bits
               Single case letters = 4.7 bits
               Mixed case letters = 5.7 bits
               Mixed letters and digits = 5.9 bits
               Mixed letters, digits and punctuation = 6.3 bits

          Based on this chart, here is the strength of some sample 10-character keys 

               Table 2.  Strength of 10-character blocks.

               5835701483 = 33 bits   Decimal digits
               CIWMRPTNZX = 47 bits   Upper case letters
               tyuhbivxks = 47 bits   Lower case letters
               DmbHaqREkV = 57 bits   Mixed case letters
               ku8Je94Lg7 = 59 bits   Mixed letters and digits
               g"p5WZc4%F = 63 bits   Mixed letters, digits, punctuation

          
               As you can see, the strength of the key increases when you choose
          randomly from a larger set of characters.  However, the difficulty of
          memorizing the keys and typing them accurately becomes much greater as the
          keys get more random.

               Note that all of the keys illustrated above are too short to be
          considered secure.



          6.3. Key blocks


               There are several methods for producing keys that are secure, yet
          easier for people to manage.  The first technique is to break your keys
          into blocks.  It has been a common practice for many years to break coded
          messages into blocks of 5 characters each so that they can be transcribed
          more accurately.  The same idea works for keys, too.  Notice how the key 

               CNWIALVMXBTEPOSBXRNH

          becomes much easier to read when it is broken into groups of 5 letters 

               CNWIA LVMXB TEPOS BXRNH

          
               For longer keys it may be advisable to use additional punctuation to
          organize the blocks into groups of blocks.  For example, 

               48591-04528-16392, 35207-31654-74925, 09482-71653-42570

               GBXTL=PRBUI=LVZEW..BXGMN=LUIQT=SPFAE..VZJOQ=HUKBW=OZCND

          
               The second technique is to use groups that have the same structure.
          Here are some examples, and the strength of each key block 

               91486 61872 94373   16 bits per block   5 digits
               T3708 D6204 F5193   18 bits per block   1 letter, 4 digits
               GS437 BR092 LX528   19 bits per block   2 letters, 3 digits
               UHM15 XTN63 MYA74   21 bits per block   3 letters, 2 digits
               QRILC PJRMS OVDZK   23 bits per block   5 letters

          The strength remains the same when the letters are placed in different
          positions.  For example, all of the following keys have the same strength,
          namely 2 letters and 3 digits 

               GS437 BR092 LX528   Letters at the start of each block
               943KP 471GQ 205YL   Letters at the end of each block
               V107J X219C F738L   Letters at both ends of each block
               6WF52 9TU48 7JN13   Letters in the middle of each block

          
               One advantage of using key blocks that always have the same structure
          is that there is no confusion between letters and digits.  Some letters and
          digits that may get confused are 

               Letters   B G I l O S T Z
               Digits    8 6 1 1 0 5 7 2

          Its position in the block tells you whether the character is a letter or a
          digit, so there is no need to avoid these characters when you use blocks
          with a fixed structure.

               Another variation on this idea is to make each key block uniform, but
          to vary the types of blocks randomly.  Here are two 30-character keys with
          uniform blocks.  Each block consists of all digits, or all uppercase
          letters, or all lowercase letters.  

               KNUHW 50258 fewrz 39274 gyakf obqnk

               doztc 81463 69917 AGNDL rdefo PUIZH

          



          6.4. Pronounceable keys


               Another technique that can be used to produce keys which are secure,
          yet easy to remember, is to make the keys pronounceable.  That is, you
          would use pronounceable combinations of vowels and consonants to form
          syllables, and combine these syllables to form artificial words.  This
          method may be valuable in situations where it is unsafe to write down the
          keys, and they must be memorized.  Here are some examples.  

               shambu dilp prelec oltu domex sarbuti shum obior

               Yotz doruc flean jadmek pra kerazi, Lagatu limbrazon.

          
               You can burn the key into your memory by starting with just a few
          artificial words, say DOZEK ULM HAPLICO, and repeat these to yourself for a
          day or two.  Then add another few words, say DOZEK ULM HAPLICO GRUX ANTIAM,
          and repeat those in your head for a few more days.  You can add some more
          words the following day.  

               dozek ulm haplico grux antiam ludovesk gur amesqi

          
               You can complete the process by adding capitalization and punctuation,
          like 

               Dozek ulm Haplico "Grux Antiam" ludo-vesk gur a'mesqi.

          Using mixed-case letters and punctuation increases the strength of your
          key.

               You can imagine the key to be a saying in some private language, and
          make up a translation, in order to fix it more firmly in your mind.  For
          example, 

               Wise king Haplico "Lion of Antioch" out-witted a sorcerer.

          
               In a pronounceable key each letter has a strength of about 3.3 bits if
          the words are fairly uniform in length, and about 3.5 bits if the words are
          more variable in length.  For example, the first key below is fairly
          uniform in length, while the second is more variable.  

               panek dilbap greho drung fasdop ulben bukty crivan

               lobykar elb dixiat glem urbiqeo dhorsh uz vilagump

          



          6.5. Patterns


               When choosing a key, avoid creating any patterns, such as repeated
          letters or syllables.  Patterns weaken the keys by making them easier to
          guess.  Here are some examples of keys with patterns.  

               BBXXTT KKUUVV WWYYCC      The letters are all in pairs.
               aaa3gg5yyyy9ccc7uu2       There are runs of equal letters.
               10704 20906 50803         The second and fourth digit in
                                         each group is zero.
               51615 38183 29092         Each group has an ABCBA pattern.
               zampana reveske flogoto   The vowels in each group are all
                                         the same.
               tuntam memescu saksoli    The first and second syllable
                                         start with the same letter.
               debendik devogi delakt    Every group starts with de.
               ABC ghi LMN def XYZ       Each group has 3 consecutive
                                         letters of the alphabet.
               500XD 711TJ 822GN         The second and third digits in
                                         each group are the same.
               31734 23839 30376         Every group has two 3's.
               dobaku levoti wafigo      Consonants and vowels alternate.
               vgy7 2wdc zse4 7ujm       Has diagonal runs on the keyboard.
               KAZ VEK CIF ZOP HUQ       The vowels run in order AEIOU.

          
               Once you have chosen a key, inspect it for patterns, and change it to
          remove them.  If your key is a long string of letters or digits, look to
          see if there are any letters or digits that are used too often, or that are
          missing.  You may want to make some changes.  However, don't overdo it.  If
          you use every letter or every digit exactly the same number of times, or if
          all the letters and digits in each block of your keys are always different,
          those are also patterns which weaken the key.



          6.6. Secretaries and clerks


               Sometimes lower-echelon employees will not safeguard file keys as
          zealously as other workers.  It is common for these employees to write down
          keys in places that are easily accessible, such as on the computer itself,
          on their desk pads or wall calendars, or on slips of paper on a bulletin
          board.  Anybody could see the keys and write them down.  It is absurd for
          the company president to keep the Master Key in a locked box inside a
          walk-in vault, and for the secretary's assistant to write the Master Key on
          a gummed label on the wall next to the computer.

               The employee might assume that nobody will ever guess that those
          cryptic letters and digits are actually the Master Key that unlocks all of
          the company's secret files.  The employee might assume incorrectly.  If
          these employees must be trusted with the keys then it is essential that
          they be educated to avoid such security breaches.

               Keys should never be written or pasted on the computer itself, the
          computer desk, a desk pad or calendar, the cover of a notebook or steno
          pad, the bottom of a stapler, telephone or flowerpot, the back of a
          clipboard, letter tray or desk organizer, or any similar place.  Intruders
          know to look in such places.  Don't make their job easy.



          6.7. Key strength


               The following table is a guide to how long a key must be in order to
          achieve various levels of security.  For example, if you want a key
          strength of 200 bits, and you use a decimal key, then you need 60 digits.
          With the speed of current computers 100 bits is the lowest level of
          security that can be considered safe.

               The table assumes that the letters or digits of the key are chosen
          completely randomly.  If the letters or digits follow some pattern then
          your key needs to be longer.  For example, a key such as 

               TC174 JF296 BH583 KD629

          would be measured as 8 single-case letters and 12 digits, for a total
          strength of 77 bits.  Because of the LLDDD pattern it would not be
          considered to be 20 mixed letters and digits, which would have a strength
          of 118 bits.  


          Table 3.  For each type of key, this table shows how long to make
                    the key in order to achieve the desired strength.

                                   Desired key strength measured in bits
          Type of key             100   125   150   200   250   300   400
          ---------------------------------------------------------------
          Decimal digits           30    38    45    60    75    90   120
          Single-case letters      21    27    32    43    53    64    85
          Mixed-case letters       18    22    26    35    44    53    70
          S-C letters + digits     19    24    29    39    48    58    77
          M-C letters + digits     17    21    25    34    42    50    67
          Letters, digits, punc    16    20    24    32    40    47    63
          Uniform blocks           22    27    33    44    55    66    88
          Pronounceable, uniform   30    38    45    60    75    90   120
          Pronounceable, variable  29    36    43    57    71    86   114

          For example, if you wanted a decimal key you would read across the top row
          of this table.  If you wanted the decimal key to have a strength of 125
          bits, you would look at the second column in the top row to find that you
          would need 38 decimal digits.  If you wanted a key of mixed-case letters
          and digits with a strength of 250 bits, you would need 42 letters and
          digits.

               Note that the longest input line you can enter is 126 characters.
          (This is a limitation of DOS, not a limit set by OP-Crypt.)  So if you
          wanted 400 bits of strength, and you chose to have a decimal key which
          requires 120 digits, then you would have only 6 characters left to separate
          the blocks.  Your blocks would need to average over 17 characters each.  (A
          pattern of 17, 17, 17, 17, 17, 17, 18 would fit.)



          6.8. Summary: Picking a key


          The best way to pick a key is to follow these steps.

          (1) Decide how strong you want your key to be, say 200 bits.
          (2) Choose the type of key, say blocks of letters and digits.
          (3) Use the tables above to determine the key length.
          (4) Randomly choose a key of the required length.
          (5) Inspect the key for patterns.
          (6) Adjust the key to remove or reduce the patterns.
          (7) If you will need the key again, write down the key and keep
                  a copy in a secure place.
          (8) Type the key when OP-Crypt asks for it.



          Appendix A. DOS BASICS



               OP-Crypt runs under DOS, not under Windows.  DOS was the primary
          operating system for personal computers from about 1975 to 1995.  Older
          versions of Windows, prior to the introduction of Windows 95, ran as tasks
          under DOS.  Since 1995 the situation has reversed, and DOS now runs as a
          task under Windows.  Every computer user before 1995 knew DOS well.
          However, newer computer users may not be familiar with DOS, so that a
          little basic orientation may be helpful.



          A.1. Starting DOS


               On newer computers it may be difficult even to find DOS in order to
          use it.  There are two methods for running DOS.  The first method is to
          click on a DOS icon from your desktop, or from a taskbar at the top or
          bottom edge of the desktop.  The icon may say DOS, or MSDOS, or possibly
          CMD or COMMAND.  Clicking any one of these icons will start DOS.  If there
          is a DOS icon on your desktop or in a taskbar, you can skip the rest of
          this section.

               If there is no DOS icon on your desktop or taskbar you may find one
          elsewhere.  Start by clicking on "Start" in the corner of the screen.  This
          will bring up a menu listing various programs and options.  If there is a
          DOS icon there, you can use it directly, or you could drag it onto the
          desktop for future use.  If it is not there, click on "Programs" or "All
          Programs."  This will bring up a long list of various programs that are on
          your computer.  If one of these is DOS, you can click it, or you can drag
          it to the desktop.

               If you still don't see a DOS or CMD icon, put your mouse on each of
          the icons that you see.  Don't click, just let the mouse cursor rest on the
          icon.  This will often bring up another list of programs, and DOS may be
          among them.

               If DOS still is not there, don't give up.  You just need to search
          deeper.  In the list of All Programs there will be some folders with names
          such as "Applications" or "System Utilities."  Click to open each of these
          folders.  In those folders you may find DOS or CMD.  Or, you may find more
          folders.  Again, rest the mouse on the names of programs, and click on
          folders to find even more well-hidden programs and folders.

               Once you find the DOS icon, drag it to the desktop.  Put the mouse
          cursor on the DOS icon and hold down the left button.  Move the mouse to
          drag the cursor onto the desktop, and then release it to drop the icon on
          the desktop.  Click the desktop to close all of the other windows.  Then
          drag the DOS icon to wherever you want it on the desktop.

               If all of this fails, it is time to try the second method.  Go back to
          the desktop, and click on "Start" again.  In the list of options click on
          "Run" or "Run Program."  This will open a small window with a box where you
          can type the name of a program that you wish to run.  Type CMD in this box,
          and then press Enter.  This will open a DOS window.



          A.2. Sizing the DOS window


               The DOS window will often be a small window in the middle of the
          screen, probably off-center.  It is easier to work with DOS in full-screen
          mode, with no distracting windows or borders.  To do this, right click on
          the top border of the DOS window, and select "Properties" from the pop-up
          window that appears.  Use the various options to select full-screen mode.
          This may take several tries before it works, so don't get frustrated if the
          next time you use DOS you get the same small window, and need to resize it
          again.

               When you do get the full screen mode, the screen is likely to be set
          to 50-line mode.  This makes the characters small and crudely formed.  You
          may be more comfortable using 25-line mode.  To switch, you can type the
          command

               mode con lines=25

          This will double the size of the characters and make them easier to read.



          A.3. Directories


               In DOS your computer's hard disk is organized into directories.  All
          of the files on your computer are in directories.  These correspond to the
          folders in Windows.  Directories and folders are the same thing.  A
          directory or a folder can contain files and more directories or folders, so
          that the folders or directories are nested one inside the other in a
          hierarchy.

               The top of the hierarchy is called the "root directory."  Typically
          the root directory does not contain any files.  Rather, it contains all of
          the principal directories on the computer, such as

               \Windows
               \Program Files
               \Documents and Settings

          and so forth.  The backslash \ in front of these directory names shows that
          they are directories within the root directory.

               A directory within another directory is sometimes called a
          subdirectory.  In the example above the directory Windows would be a
          subdirectory of the root directory.



          A.4. Current directory


               Files are identified in DOS by using a path, a filename and a
          filetype.  For example,

               direc1\direc2\file1.doc

          Here the path is direc1\direc2, the filename is file1 and the filetype is
          doc.  The path consists of the sequence of nested directories which contain
          the desired file.

               If the path starts with a \ backslash, then the sequence of
          directories start from the root directory.  If the backslash is omitted,
          then the path starts from the current directory.  For example, if the
          current directory is Windows, then the file identifier
          direc1\direc2\file1.doc would refer to the file
          \Windows\direc1\direc2\file1.doc

               By setting the current directory you can shorten the names of programs
          and files that you must type.  For example, if you want to use the program

              \direc1\direc2\prog1.exe

          to process the data files

              \direc1\direc2\file1.dat
          and
              \direc1\direc2\file2.dat

          you could type

              \direc1\direc2\prog1 \direc1\direc2\file1.dat \direc1\direc2\file2.dat

          If you changed the current directory to \direc1\direc2 then this could be
          shortened to

              prog1 file1.dat file2.dat

              The command to change the current directory is cd.  To change the
          current directory to \direc1\direc2 you would type

               cd \direc1\direc2\

          If you later wanted to change the current directory to
          \direc1\direc2\direc3 it is sufficient to type

               cd direc3

          since you were already in the directory \direc1\direc2.



          A.5. Working with directories


               You can make your own directories by using the Make Directory command.
          For example, if the current directory is \direc1\direc2 and you wanted to
          make a subdirectory called direc3, then you could type

               md direc3

          Starting from the root directory, the new directory would be
          \direc1\direc2\direc3.

               To remove a directory, you can use the Remove Directory command.  For
          example, to remove the directory \direc1\direc2\direc3 you would type

               rd \direc1\direc2\direc3

          As a safety precaution, you cannot remove a directory until you have
          deleted all of the files in the directory, and removed all of its
          subdirectories.  This prevents you from accidentally deleting files that
          you meant to keep.

               To list the contents of a directory, you can use the Directory
          command.  The basic format is

               dir mydirec /options

          Here mydirec is the directory you want to list.  There are many possible
          options.  Here are a few of the most useful:

               /s    List the contents of all subdirectories
               /on   Sort the files by name
               /os   Sort the files, smallest to largest
               /o-s  Sort the files, largest to smallest
               /od   Sort the files, oldest to newest
               /o-d  Sort the files, newest to oldest
               /p    Pause after every 20 lines

          You can use several options in the same command.  For example,

               dir \direc1 /s /od /p

          would list the files in \direc1 and all of its subdirectories sorted from
          oldest to newest, and pausing after every 20 lines.

               You can also list specific files, files that have a given filename or
          filetype, or files whose filenames and filetypes begin with specific
          letters.  Here are some examples

               dir tax.ref   Lists the file tax.ref.
               dir tax.*     Lists all files with the name tax.
               dir *.doc     Lists all files of type doc.
               dir st*.c*    Lists all files whose filename starts with st
                             and whose filetype begins with c, such as
                             startup.cfg, study.com or state.core.

          The * asterisks in these commands are called wildcards because they can be
          replaced by any set of letters.  These commands can tell you whether these
          files exist, their sizes, and the date they were last updated.



          A.6. Identifying files


               All of the data in your computer resides in files.  Files contain the
          operating system, all of the application programs, and all of the data that
          they use and create.  Files are identified to DOS by four fields, namely
          the drive, path, filename and extension.

               drive      is the device where your file is stored, usually
                          C for your hard drive, A or B for a floppy drive,
                          D or E for a CDROM drive.

               path       is the directory on your drive where the file is
                          located.

               filename   is the name that you gave your file.  The name
                          usually indicates the contents or purpose of the
                          file.

               extension  is a suffix that indicates the kind of file, such
                          as TXT for a text file, JPEG for a picture file,
                          EXE for an executable file, etc.

          A full file identifier might look like this,

               c:\mycompany\mydepartment\2005\sales.wp

               In this example, c: identifies that your file is on the C drive, which
          is your hard drive.  \mycompany\mydepartment\2005\ is the path to your
          data.  It shows that the data file is located in the 2005 folder, which is
          inside the mydepartment folder, in the mycompany folder.  So the path
          consists of nested folders, or a list of directories.  sales.wp is the file
          with the data.  The filename is sales, and the extension is wp, which
          indicates that it is a WordPerfect document.

               In a file identifier all of the fields except the filename are
          optional.

               drive      can be omitted if the file is on the current
                          drive, that is, the drive where you are now
                          working.

               path       can be omitted if the file is on the current
                          directory of the drive.

               extension  can be omitted if the file does not have an
                          extension on its name.  For example, if the file
                          is just named oldstuff then no extension is
                          needed.

          Here are some examples of valid file identifiers:

               a:budget
                    identifies the file budget in the current directory
                    of the A drive.

               \jones\commissions
                    identifies the file commissions in the jones directory
                    on the current drive.

               late\requests.txt
                    identifies the file requests.txt in the late
                    subdirectory of the current directory.



          A.7. Long names


               Some Windows files and directories have long names, or names
          containing blanks or dots, such as

               Documents and Settings
               My Music
               Microsoft.Net
               SharedReg12.dll

          Microsoft has made the naming of files and directories incompatible between
          Windows and DOS.  DOS limits directory names to 8 characters, and does not
          allow blanks in names.

               To refer to these directories, you need to shorten the names down to 8
          characters.  The short name is formed by taking the first 6 non-blank
          characters of the name plus the combination ~1.  When the name of a
          directory contains a . dot character, each of the parts of the name is
          treated separately.  For example, for the directories above,

               Documents and Settings   would be called   Docume~1
               My Music                 would be called   MyMusi~1
               Microsoft.Net            would be called   Micros~1.Net
               SharedReg12.dll          would be called   Shared~1.dll

          Thus a full path and file name such as

               \Windows\Microsoft.Net\Framework\SharedReg12.dll

          in DOS would be called

               \Windows\Micros~1.Net\Framew~1\Shared~1.dll

               It is a good idea to give all of your own files and directories names
          that are compatible with DOS.  The names should be no more than 8
          characters long and should not contain blanks.



          A.8. File operations


               Besides the encryption and decryption operations that you perform
          using OP-Crypt, it can be useful to know several other common file
          operations.

               There is no DOS operation to create a file.  Files are created by
          application programs such as word processors, picture editors,
          spreadsheets, etc.  Once created, files can be copied, renamed and deleted.

               It is important to remember that encrypted files should not be
          renamed, and files should not be copied into or out of a group of encrypted
          files.  It is safest to decrypt files before renaming or copying.

               To copy a file to a new location, the command is

               copy oldfile newfile

          The old file and new file identifiers can be fully qualified, that is, they
          may have drive, path, filename and filetype.  So the copy command can be
          used to copy files to other directories or to other drives.

               Wildcards can be used in the copy command to copy groups of files.
          For example, the command

               copy \oldpath\*.doc \newpath\*.*

          would copy all files of type doc from the \oldpath directory to the
          \newpath directory.

               The rename command works similarly to the copy command.  The form is

               ren oldfile newname

          Here oldfile can be fully qualified, with drive, path, filename and
          filetype.  However, newname can have only a new filename and filetype.
          There cannot be a new drive or new path because the file does not change
          its location, only its name and/or type.  For example,

               ren target\x3*.jpg x4*.*

          would rename all of the jpg files in the target directory that start with
          x3 to start with x4.

               The command to delete files takes the form

               del file

          Here, file can be a fully-qualified file identifier, with drive, path,
          filename and filetype.  It can also have wildcards so that you can delete
          several files with a single command.  For example,

               del a:old*.*

          would delete all files in the current directory of the a drive whose
          filenames start with old.

               Note that deleting a file does not erase it.  The file still exists on
          the disk, where it can be read by various utility programs that are
          available for that purpose.  The file will remain there until some other
          file eventually gets written on top of it.



          A.9. Batch files


               Batch files are a useful way to reduce the number and complexity of
          the DOS commands that you must type.  Each batch file can contain any
          number of DOS commands.  You execute the entire sequence of DOS commands
          just by typing the name of the batch file.

               Here is a simple example.  Suppose that you frequently use the program
          OP-Crypt.  If the current directory is \plans\tower but OP-Crypt is in the
          directory \programs\download then to use OP-Crypt you would type

               \programs\download\OP

          To make this easier, you could create a batch file named OP.bat on the
          current directory.  This file would contain the single line

               \programs\download\OP

          Now when you wanted to execute OP-Crypt all you would need to type is

               OP

               You could place a copy of the batch file OP.bat in every directory
          where you usually work.  Then you could run OP-Crypt from anywhere just by
          typing OP.  You would not need to have multiple copies of OP-Crypt.

               There are many other DOS commands and options.  This is just a small
          sample of useful DOS commands.


Choosing an Encryption Product
A Quick Overview of Cryptography

Back to the OP-CRYPT main page
Back to the MASTER SOFTWARE homepage

© Copyright 2005-2024 Master Software Corporation
All rights reserved. No part of this manual may be reproduced in any form without the express permission of Master Software Corporation.