DeadboltEdit Logo

OpenSSL Compatibility




  1. About the Encryption
  2. How is the encryption compatible with OpenSSL?
  3. How to Decrypt a DeadboltEdit File with OpenSSL
  4. Simplified Decryption With A UNIX Script

  1. About the Encryption

    The encryption used in DeadbolotEdit is an implementation of the Blowfish Cipher. Blowfish is a strong encryption method that is widely accepted and used in commercial encryption products. A good explanation of the Blowfish cipher can be found here: Wikipedia: Blowfish Cipher.

    The Blowfish encryption in DeadboltEdit is compatible with the OpenSSL implemention. Key length is 128-bits, and the encryption mode is Cipher-Block-Chaining (CBC).

    Compatibility with OpenSSL is an important consideration, because the encryption is verifiable against a well known and respected implementation.

    Top

  2. How is the encryption compatible with OpenSSL?

    When DeadboltEdit encrypts text, the actual encryption and encoding are compatible with OpenSSL encryption. However, when DeadboltEdit stores encrypted files, the file format differs from the OpenSSL file format. This is because DeadboltEdit stores additional information embedded in a file header, which allows checking for file corruption and tampering. For this reason, DeadboltEdit files cannot be used with OpenSSL.

    As an excercise to verify the encryption implementation in DeadboltEdit, it is possible to remove file header information from a DeadboltEdit encrypted file, and then decrypt it with OpenSSL command-line tools using the DeadboltEdit password that was used to create the file. This is not something you would want to do in actual practice, but it is a valuable excercise to demonstrate the correctness of the encryption implementation.

    Note: Decrypting with OpenSSL can only be done with knowledge of the password that was used to create the file. This is not a security weakness.

    Top

  3. How to Decrypt a DeadboltEdit File with OpenSSL

    This process can be used to verify the encryption implementation in DeadboltEdit. It is intended only for testing and verification.

    Requirements:
    1. OpenSSL command-line tools.
    2. A DeadboltEdit test file. Do NOT use an important file - make a test file that can be discarded if you make a mistake.
    3. A text editor (don't use a word processor).

    Steps:

    1. Edit the DeadboltEdit test file (ex. test.ctxt) with a text editor, and delete the entire first line of text. If your editor wraps lines, delete all characters from the beginning up to and including the third semi-colon (76 bytes).

      Example - Before:
      DeadboltEdit Encrypted ~~ Do Not Modify :0:21cbe801827670c4a3d8e2787d745ba0:
      U2FsdGVkX1+vKYGFaEZpjrXvyDpZ42Lrh10YiXLW6875ILq1iWpuzBh3t8hPEUghpw3C5ZaPhIOv
      odenseUf0R2doufTba7ClqVVMWKDEadbNsoFrjuSZTQ5OgPqYZeo+atlBpHyhy6Rh0ScNUFGk/YU
      Example - After:
      U2FsdGVkX1+vKYGFaEZpjrXvyDpZ42Lrh10YiXLW6875ILq1iWpuzBh3t8hPEUghpw3C5ZaPhIOv
      odenseUf0R2doufTba7ClqVVMWKDEadbNsoFrjuSZTQ5OgPqYZeo+atlBpHyhy6Rh0ScNUFGk/YU
    2. Save the file with name encrypted.txt.

    3. Decrypt with OpenSSL, using the following command:

      openssl enc -blowfish -d -a -salt -in encrypted.txt -out plaintext.txt

      The openssl program will prompt you for the encryption password. Enter the password that was used to create the original file with DeadboltEdit.

    4. The previous step should have created a plain-text file named plaintext.txt, which will contain your original plain-text information, plus a 1-line block-header with a DeadboltEdit check-code.

      Edit file plaintext.txt with a text editor, delete the first line, and save the file.

      Example - Before:
      3f1777708620ef1e534468c421c23ff1
      Test file to demonstrate OppenSSL compatibility.
      Line 2.
      Line 3.
      End.

      Example - After:
      Test file to demonstrate OppenSSL compatibility.
      Line 2.
      Line 3.
      End.
      File plaintext.txt should now be a correctly decrypted file.

    Top

  4. Simplified Decryption With A UNIX Script

    For users comfortable with the UNIX command-line and UNIX scripting, the following simple Bourne Shell script will decrypt a DeadboltEdit file with OpenSSL, sending the plain-text to stdout.

    Requirements:
    1. OpenSSL command-line tools.
    2. UNIX-compatible shell environment (eg. Mac OS X, Linux, MinGW on Windows).
    3. A DeadboltEdit test file. Do NOT use an important file - make a test file that can be discarded if you make a mistake.

    Script:
    #!/bin/sh
    #
    INFILE=$1
    export INFILE

    # decrypt file using openssl / Blowfish
    tail -n +1 ${INFILE} | openssl enc -blowfish -d -a -salt | tail -n +2

    Usage:
    Copy the script to a file (ex. decrypt.sh), and make it executable (ex. chmod 755 decrypt.sh).

    Run the script from a shell, and supply the path of the DeadboltEdit file as an argument.

    Example :
    decrypt.sh test.ctxt
    The openssl program will prompt you for the encryption password. Enter the password that was used to create the original file with DeadboltEdit.

    The decrypted plain-text is sent to stdout, which can optionally be redirected to a file.

    Top


Copyright 2012 - 2018       Michael Wright       All Rights Reserved