Innovators for Industry and Institution Software
Version
This document is current with Fcrypt3 Version: 3.4.5.3. Fcrypt3 is only available to domestic clients.
If you are already a client, please use the "Contact" page of your client menu. If you are not a client, please use
our public Contact form.
RSS Feed
You can monitor the changes to this utility by subscribing to the Fcrypt3 RSS Feed.
You can either click on the link to start your RSS client or enter the feed address (http://www.iii-software.com/products/fcrypt3/rss.xml) directly into your client.
This is a low-volume feed which will contain only items of interest to Fcrypt3 users.
Overview
Fcrypt3 is a symmetric cipher file encryption engine.
Fcrypt3 was designed to securely encrypt data such that it could be transferred over insecure links
without fear of disclosure.
As a symmetric cipher, Fcrypt3 is based on a special "Key" file to encrypt and decrypt data. The same key is used for both purposes. To add additional security to the key file, files can be encrypted with passwords which enhance the security of the encryption key.
Fcrypt3 is the successor to Fcrypt (version 1) and Fcrypt2 (version 2). Although the software versions are related, they are NOT compatible. Version 3.4 introduced an entirely new key file design, along with a substantially stronger encryption algorithm. Neither keys nor files encrypted with prior versions of Fcrypt are compatible with Fcrypt3. To ease the transition to version 3, files created with Fcrypt3 will default to an extension of .enc3 (instead of .enc for versions 1 and 2). Also, the default key name is now fcrypt3.key.
Feature Highlights
Below are just a few of the main features in Fcrypt3
- Blowfish with 448-bit keys using the CBC method
- A non-predictable initialization vector is used for each encryption pass. Multiple passes at encrypting the same file with the same key and same password will yield different encrypted data.
- The encrypted file contains a signature to ensure that the correct key and optional password were used to decrypt the file. This can also help identify a file that has been tampered with during transit.
- Password based encryption. Different passwords used with the same key file generate significantly different encrypted packages.
- Key files and encrypted files now contain version information to ensure compatibility with a given version of the software.
- Key files support keys up to 512 bytes. This provides support for future encryption algorithms.
- The true encryption key is stored in the key file in an encrypted form.
- Encryption keys are generated with hardware-based True Random Number Generators (TRNGs) for additional security.
Requirements
Fcrypt3 will run on any 32-bit version of Windows, from Windows 95 through Vista and beyond.
On the server side, all versions of Windows Server from NT4 through 2003 are supported.
You must have the Fcrypt3 public key installed in your Fcrypt3 directory. The public key is required to decode all client-specific key files and possibly for retrieving future software updates. NOTE: the Fcrypt3 public key is the same for EVERY user. DO NOT encrypt sensitive data with this key unless that data is password protected. We do not recommend using the public key (even with a password) for any sensitive data.
You must follow the procedure "Getting your Custom Key" (separate document). The key must be installed in your Fcrypt3 software directory.
Installation
If you have a previous version of Fcrypt, you should back up the directory before you proceed.
Fcrypt3 should be installed in its own directory, usually named Fcrypt3. You should not install Fcrypt3 directly into one of the Windows system folders. Fcrypt3 should be added to your Path statement (My Computer, Advanced, Environment)
Follow these instructions to install your key:
- Put the name.key.enc3 in your Fcrypt3 directory
- Fcrypt3 decode name.key.enc3 -p=password (replace 'password' with the one you were given when the key was assigned)
- All future encryptions should use this key. You can rename the key to fcrypt3.key if you want it to be the default key.
Usage
Fcrypt3 is a command-line utility, which means it is easy to integrate into any of the scripting languages available under Windows.
The format of the command is:
fcrypt3 [action] [infile] (outfile) (options)
The elements on the command line are discussed below.
[action]
Either encode or decode.
[infile]
The input file. When encoding a file, this is the unencrypted (plaintext) version. When decoding a file, this is the file that was previously created by Fcrypt3.
(outfile)
The outfile is an optional parameter. You can specify the output of Fcrypt3 be placed in a specific filename. If omitted, a default filename will be generated. When encoding a file, the default filename will be the name specified for [infile] when '.enc3' appended. When decoding, the default filename will be the name specified in [infile] with the trailing '.enc3' removed. If there was no trailing '.enc3', '.txt' will be added to the [infile].
(options)
These are optional parameters to specify the operation of Fcrypt3. A list of options follows.
-c or -compress
Data will be compressed prior to encryption, using an algorithm similar to PKZip or WinZIP.
-noc or -nocompress
Data compression will be turned off. Versions prior to 3.4.5.2 needed the compression parameter set on the command line. Versions 3.4.5.3 and later have compression enabled by default.
-i or -info
Display statistics at the end of each execution.
-k=keyfile or -key=keyfile
Specify the key file to use. (see documentation for discussion of key files). The -k option must be followed by an equal sign and the filename of the key file. The name of the keyfile can contain no embedded spaces. The keyfile must exist and be a valid Fcrypt3 key or the process will terminate. Example: -k=keyfile.key
-p=passtext or -password=passtext
Specify a password. The -p option must be followed by an equal sign and the password text (passtext). Passwords cannot contain an embedded space. Example: -p=password
-w or -wait
Instructs Fcrypt3 to pause before completion. This is only useful when Fcrypt3 is called from within a script. You will need to press a key before Fcrypt3 will continue.
-? or -help
Will display the command line format, along with version information. Fcrypt3 will not complete any other action when help is requested.
Examples
Encrypt a file, using the default fcrypt3.key. The resulting file will be named infile.enc3
fcrypt3 encode infile
Encrypt a file, using the default fcrypt3.key. The resulting file will be named outfile.txt.enc3
fcrypt3 encode infile.txt outfile.txt.enc3
Encrypt a file with compression, using a custom key. Statistics will be shown. NOTE: If key is not in current directory, the directory containing Fcrypt3.exe will be searched.
fcrypt3 encode infile -c -k=mykey.key -i
Revision History
| Date | Version | Change Description |
|---|---|---|
| 2010.05.27 | 3.4.5.4 | There was a minor bug where the command line was not validated properly. Forgetting to specify the /k switch before the key file would cause the key file to be interpreted as the output file. This resulted in the key file being overwritten or deleted. This will now throw an error message. |
| 2009.08.28 | 3.4.5.3 |
(1) Modified modules to display full revision (major).(minor) r(release).(revision). (2) Match resource files in exe/dll with program and documentation. |
| 2009.07.05 | 3.4.5.2 |
(1) Compress turned on by default. (2) New command line switch -noc / -nocompress turn turn compression off. (3) Bug Fix: ErrorLevel. The OS return code (ErrorLevel) was getting reset before program exit. |
| 2009.07.03 | 3.4.5.1 | Add resources to the executable and DLL. |
| 2007.05.13 | 3.4.5.0 |
(1) Errorlevel is now set on exit. This can be checked in scripts to see if Fcrypt3 failed (0=success, >0=Error). See the Fcrypt3 API reference for a list of error codes and their meanings.. (2) The Fcrypt3 engine is now available as a DLL (fcrypt3.dll), suitable for calling from any applications capable of calling STDCALL DLLs (e.g., MS C).. (3) Key management has improved slightly. Prior versions required that keys reside in the current directory or be reference by full path. Keys can now be kept in the Fcrypt3 install directory (which can be in your path). If the key is not found in the local directory, the directory where the software is installed is checked.. (4) Add new example for key management change. |
| 2007.05.08 | 3.4.4 |
(1) Only documentation updated. (2) Add samples. (3) Correct password option (requires the equal sign) |
| 2007.04.18 | 3.4.3 |
(1) Feature release. (2) Outfile is now optional. When not provided, the default will be the same filename as infile with ".enc3" appended. (3) Encrypted store now has embedded signature. Will make detecting wrong key and/or password extremely fast. |
| 2007.04.17 | 3.4.2 |
(1) Maintenance release. (2) Better command line handling. (3) Added long version to the options. For example, the long version of the "-c" option is now "-compress". This will hopefully help to make options more easily remembered. (4) Missing key file is now an error. The default key scheme is no longer supported. |
| 2007.04.15 | 3.4.1 |
(1) Feature release. (2) SecureKeys. The key files now contain several security features. (1) The actual key is encrypted. (2) The key contains a signature to identify if a key has been tampered with. |
| 2007.04.09 | 3.3 |
(1) Feature Release. (2) Encrypted store (.enc3 file) now stores the options used to encrypt a file in the file header. E.g., compression. This eliminates trying to add all the options to the decrypt process and the potential mismatch that could occur. (3) Version info in the encrypted store (.enc3 file) is now included and enforced. This prevents accidentally using the incorrect key or software version. |
| 2007.04.09 | 3.2 |
(1) Feature release. (2) Compress is now supported. When selected, data is compressed prior to encryption. (3) Block sizes are adjusted to tune memory. Usage is now capped at 7-10 megabytes depending on configuration. |
| 2007.03.25 | 3.1 |
(1) New release. (2) Complete rewrite. See documentation and news article. |
| 2001.07.05 | 2.1 |
(1) Feature release. (2) Added command line password. This adds a level of security to just the key file alone. |
| 2001.07.01 | 2 | Fcrypt2 production. |
| 1999.08.21 | 1 | Fcrypt Production. Based on the uenc2 utility (c) 1997 III Software. |
| 1995.07.23 | uenc2 | uenc2 utility |
| 1992.01.05 | Encode | Encode02 utility (based on encode01) |