Command Line Decryption Utilities
Overview
Note: At time of
writing (10th October 2004), although this software is included in
the source release, and is functional, this software is currently
under development.
FreeOTFE is relatively unique in that comes complete with software
which
may be used to decrypt encrypted volumes (provided the correct
decryption key is known!).
This software is designed to fulfil two main objectives:
- To increase and encourage peer review of FreeOTFE
- To act as a "security blanket" for users - should development of
FreeOTFE ever be dropped, it will still be possible for users to
recover their data, regardless of the state of the FreeOTFE project.
Functionally, this software has one task: to decrypt the encrypted
partition area of FreeOTFE volume files and to write out the plaintext
version for examination.
This software is considerably easier to understand than the
kernel mode drivers, and does not
require the Microsoft SDK/DDK to be
present. As a result, any competent software engineer should be able to
modify the software as appropriate and confirm that data is being
encrypted correctly by the FreeOTFE system.
This software is not intended
for
general public use, but by those who understand and can write C. In
order to use it, modifications to the source code will most probably be
required (to change the decryption keys used, if nothing else). For
this purpose, the command line decryption utilities are not released in
binary form, only as
source code which must be compiled by the user.
Operation
Each of the command line decryption utilities is designed to operate in
the following manner:
- Open the (input) encrypted volume file.
- The filename used is hard coded
to "inFile.dat"; obviously this may be changed as required.
- Open/Create the (output) plaintext volume file.
- The filename used is hard coded
to "outFile.dat"; obviously this may be changed as required.
- Generate an IV, if required
- The method of generating the IV may vary, dependant on how the
volume was encrypted
- Read in a sector's worth of data from the input (encrypted) file
- Decrypt the sector, block by block
- The key used here is hard coded
in the source, and must be the actual key that was used to encrypt the
data (obviously!)
- The way in which decryption is carried out is cypher, and
cypher implementation dependant
- Write the decrypted sector to the output (plaintext) file
- Repeat steps 3-6 until all data has been decrypted
- Close the output file
- Close the input file
Please note:
- This software is focussed only on decrypting data. They do not hash user keys, etc
- The hard coded keys must represent the actual encryption keys. In
the case of Linux volumes, this is the user's password hashed as
appropriate. In the case of FreeOTFE volumes, this is the "master key"
stored in the volume's "critical data block"
At time of writing, although a separate command line decryption utility
to decode a FreeOTFE volume's CDB/keyfiles has not been
implemented, the FreeOTFE GUI does incorporate this functionality
allowing developers to extract all of the information required
contained within a CDB/keyfile. (Note:
For obvious reasons, this requires the volume's password and all other
details that are required to use the CDB are known - it is simply not
possible to decrypt this information otherwise)
|