FreeOTFE logo FreeOTFE
Free disk encryption software for PCs and PDAs
(PDA version of WWW site)

Command Line Decryption Utilities


Overview

Note: At time of writing (10th October 2004), although this software is included in the source release, and is functional, this software is currently under development.

FreeOTFE is relatively unique in that comes complete with software which may be used to decrypt encrypted volumes (provided the correct decryption key is known!).

This software is designed to fulfil two main objectives:
  1. To increase and encourage peer review of FreeOTFE
  2. To act as a "security blanket" for users - should development of FreeOTFE ever be dropped, it will still be possible for users to recover their data, regardless of the state of the FreeOTFE project.
Functionally, this software has one task: to decrypt the encrypted partition area of FreeOTFE volume files and to write out the plaintext version for examination.

This software is considerably easier to understand than the kernel mode drivers, and does not require the Microsoft SDK/DDK to be present. As a result, any competent software engineer should be able to modify the software as appropriate and confirm that data is being encrypted correctly by the FreeOTFE system.

This software is not intended for general public use, but by those who understand and can write C. In order to use it, modifications to the source code will most probably be required (to change the decryption keys used, if nothing else). For this purpose, the command line decryption utilities are not released in binary form, only as source code which must be compiled by the user.


Operation

Each of the command line decryption utilities is designed to operate in the following manner:
  1. Open the (input) encrypted volume file.
    • The filename used is hard coded to "inFile.dat"; obviously this may be changed as required.
  2. Open/Create the (output) plaintext volume file.
    • The filename used is hard coded to "outFile.dat"; obviously this may be changed as required.
  3. Generate an IV, if required
    • The method of generating the IV may vary, dependant on how the volume was encrypted
  4. Read in a sector's worth of data from the input (encrypted) file
  5. Decrypt the sector, block by block
    • The key used here is hard coded in the source, and must be the actual key that was used to encrypt the data (obviously!)
    • The way in which decryption is carried out is cypher, and cypher implementation dependant
  6. Write the decrypted sector to the output (plaintext) file
  7. Repeat steps 3-6 until all data has been decrypted
  8. Close the output file
  9. Close the input file
Please note:
  1. This software is focussed only on decrypting data. They do not hash user keys, etc
  2. The hard coded keys must represent the actual encryption keys. In the case of Linux volumes, this is the user's password hashed as appropriate. In the case of FreeOTFE volumes, this is the "master key" stored in the volume's "critical data block"
At time of writing, although a separate command line decryption utility to decode a FreeOTFE volume's CDB/keyfiles has not been implemented, the FreeOTFE GUI does incorporate this functionality allowing developers to extract all of the information required contained within a CDB/keyfile. (Note: For obvious reasons, this requires the volume's password and all other details that are required to use the CDB are known - it is simply not possible to decrypt this information otherwise)