CFR2D1.DO by James Main Kenney 1997 Part 1 (of 5) documentation for encryption program CFRJMK version 2.0 (CFRT20.BA for the Tandy Radio Shack TRS-80 Model 100/102/200; CFRN20.BA for the NEC PC-8201A/8300; CFRJMK20.BAS for GW-BASIC/QBASIC, compiled as CFRJMK20.EXE for MS-DOS/Windows) Program and documentation may be distributed without charge or permission if unaltered, with credit and distribution notices intact. Distribution of this program outside the U.S. may be a violation of federal law. General Description CFRJMK is an encryption program of great flexibility which, if properly used, can provide a high level of security. With a sufficiently large key it can produce unbreakable "one-time" ciphertext; at the other extreme, with no key at all, it can protect from casual snooping. It is a do-it-yourself cipher that can be shaped by a wide choice of options. These options, and the limitless amount of keytext that can be used, will frustrate attempts to break the cipher using the "brute-force" method of trying every possible key combination. CFRJMK is not a mysterious black box with a hidden mechanism: the source code is in easily-read BASIC, and it allows independent testing of individual components. (Note that a good cipher requires only secrecy of the key, not secrecy of the algorithm.) To further inspire confidence, it incorporates tests for randomness and correlation. For convenience, CFRJMK incorporates a random-character generator which can be used to produce a true-random keyfile by using the "human randomness" of pressing randomly selected keys at random times to modify the output of the pseudo-random number generator. (This is a simplified version of the author's RNDMGN.) Plaintext (messages) and keytext (passwords), which are combined to form unreadable ciphertext, can be entered from files or directly through the keyboard; for keytext, both routes can be used together for added security, and additional semi-permanent "resident" keytext can be stored in the program itself. In the MS-DOS version, since the length of the resident keytext cannot be changed in the compiled CFRJMK20.EXE, the option of loading a replacement (or adding) from a separate file was added; this option was added to the other versions to allow convenient sharing of a "resident keytext" replacement file. The plaintext itself can be used as keytext ("autokey"), and the pseudo-random number generator can also be used. All of these are separate options under control of the user. CFRJMK accepts as plaintext for encryption, and correctly decrypts, all 8-bit characters and control code except for keyboard-entered 27 (ESC) which terminates plaintext entry. (Also, a text file in a Tandy or NEC computer cannot store 0, 26, or 127.) It accepts as keytext characters in the same range except that most control code cannot be entered through the keyboard. CFRJMK produces a compact ciphertext entirely in the printable 7-bit ASCII range (32 to 126) making it compatible with 7-bit data services and with other encryption programs (for "superencryption"). Subsequent additions to the ciphertext outside this range (such as CR/LFs added during transmission) are ignored during decryption. It may therefore be useful merely for allowing 8-bit files, such as those using graphics, foreign letters, or math symbols, to be transmitted or stored in 7-bit form. The program itself does not limit the size of the plaintext and keytext files, nor the amount of plaintext entered through the keyboard, but the keytext entered through the keyboard is limited to 254 characters (255 with CFRJMK20.BAS/.EXE), and the resident keytext is limited to 247 characters (255 from a file replacement). The program runs in four distinct phases: First, a number of prompts are presented most of which may be answered by pressing only ENTER (or most any other key not cited) thereby accepting the default settings. Second, there are an optional number of randomizing operations ("initial fontstring permutations"). Third, the actual encryption or decryption takes place while the plaintext or an optional replacement is displayed. If no plaintext filename was entered for encryption, plaintext may be entered through the keyboard and encrypted a character at a time (ESCape terminates). Lastly, in the terminal phase, the file sizes and a plaintext checksum are displayed and data about keyfile use is given; an optional overwrite of the input and/or keytext files (making them unrecoverable) is then offered, followed by an optional filename swap. CFRJMK20.BAS/.EXE may be rerun without exiting the program. CFRT20.BA, CFRN20.BA, and CFRJMK20.BAS/.EXE are mutually compatible: each can decrypt ciphertext produced by any of the others using the same key. CFRJMK20.BAS/.EXE is a minimal adaptation not fully optimized for MS-DOS; it replaces CFRJMK10.BAS which ran under GW-BASIC but would not run under QBASIC and could not be compiled. CFRJMK20.BAS has been run under both GW-BASIC and QBASIC in MS-DOS 6.22/Windows 3.11 at 50 MHz, and was compiled by PowerBASIC 2.10g as CFRJMK20.EXE, which has also been run at 50 MHz in MS-DOS 6.22/Windows 3.11. A Windows icon, CFRJMK20.ICO, has been created for use with CFRJMK20.EXE. CFRJMK 2.0 is not generally compatible with CFRJMK 1.0 since the keystring is formed (from the keyboard entered keytext and the resident keytext) in a more elaborate manner to obtain greater randomness and interdependency, and multiple looping through the the entire working key generator replaces multiple keyfile inputs only. Other changes include allowing the program to be exited at most of the prompts and during encryption or decryption, and enhanced graphics for CFRJMK20.BAS/.EXE. Legal disclaimer: In these increasingly litigious and repressive times it may be important to note that CFRJMK is given without charge "as is" and the author accepts no responsibility for the security and integrity of data processed by it, nor for the legality of its distribution and use. By distributing or using CFRJMK, each recipient agrees to hold the author and (previous) distributors free of all liability and to assume total responsibility for the performance of CFRJMK and for the legality of their actions. Distributors, and users travelling abroad, should be aware that the U.S. government, in clear violation of the First Amendment right of free speech (which imposes no limitation on the form of that speech), attempts to discourage the distribution of encryption programs by using a World War 1 law restricting the export of "munitions" to prohibit the export of encryption programs using a key of more than (currently?) 40 bits. This restriction may apply only to a compiled program (such as CFRJMK20.EXE) and not to the source code (such as CFRJMK20.BAS), so that a traveller might be able to legally carry the latter along with a compiler or interpreter, but this is open to legal interpretation and could easily change. There were threats to prosecute cryptographer Philip Zimmermann for allegedly posting his program PGP on the Internet, but fear of a Supreme Court decision has apparently deterred this as of now. Since foreign governments can easily obtain any software distributed in the U.S., the target of these efforts is clearly the privacy of American citizens.