DoxBox: Appendix F: Command Line Decryption Utilities

 

 

 

 

 

 

DoxBox logo DoxBox: Open-Source disk encryption for Windows

 

The latest version of this document can be found at the DoxBox project site


Appendix F: Command Line Decryption Utilities


Overview

DoxBox comes complete with command line software which may be used to decrypt encrypted volumes (provided the correct decryption key is known).

This software is designed to fulfil two main objectives:

  1. To ease peer review of DoxBox
  2. To enable testing of the ciphers in isolation
  3. To test some algorithms (notably key set up) using a diverse implementation

In addition it provides an extra insurance that data will be recoverable, because it is written in the portable C language, and uses minimal OS calls, it is less likely to need modification with later versions of Windows.

Functionally, this software has one task: to decrypt the encrypted partition area of DoxBox files and to write out the plaintext version for examination.

This software is considerably easier to understand than the kernel mode drivers, and does not require the Microsoft SDK/DDK to be present. As a result, any competent software engineer should be able to confirm that data is being encrypted correctly by the DoxBox software. This makes it possible to review and test the cryptographic code in isolation and verify both that it is identical to that used by the source libraries, and that it correctly implements the algorithm.

This software is not intended for general public use, but by those who understand and can write C. In order to use it, modifications to the source code will most probably be required (to change the decryption keys used, if nothing else). For this purpose, the command line decryption utilities are not released in binary form, only as source code which must be compiled by the user.


Operation

Each of the command line decryption utilities is designed to operate in the following manner:

  1. Open the (input) encrypted volume file.(The filename used is hard coded to "inFile.dat"; obviously this may be changed as required.)
  2. Open/Create the (output) plaintext volume file.(The filename used is hard coded to "outFile.dat"; obviously this may be changed as required.)
  3. Generate an IV, if required. (The method of generating the IV may vary, depending on how the volume was encrypted)
  4. Read in a sector's worth of data from the input (encrypted) file
  5. Decrypt the sector, block by block
    • The key used here is hard coded in the source, and must be the actual key that was used to encrypt the data (obviously!)
    • The way in which decryption is carried out is cypher, and cypher implementation dependent
  6. Write the decrypted sector to the output (plaintext) file
  7. Repeat steps 3-6 until all data has been decrypted
  8. Close the output file
  9. Close the input file

Please note:

  1. This software is focused only on decrypting data. They do not hash user keys,