5 Feb 08
Most file encryptors use methods that rely on the theory of computational security, that is the difficulty of key factorisation prevents decryption of
the file. But this method may not work forever. It used to be considered that a 56 bit key was unbreakable to brute force attacks, but the government of
the USA now requires all Top Secret data to use keys of at least 192 bits. This bar will keep raising as computing power increases. (It is argued by some
though that this will never happen due to the laws of physics!) CryptIt is designed to use conventional XOR encryption on keys that are the same size as
the file to be encrypted. Furthermore, if you use an unpredictable file that is the same size (or larger) than the original file and you use this file
only once, this is known as a one-time pad and it is completely unbreakable, even to computers 1000 years from now. This is because there is no algorithm
at all, just a big key, and thus there is no pattern to follow once you have decrypted any part of the file. Thus attempts to decrypt it could result in
any file, and there would be no way to verify that it has decrypted correctly. CryptIt can also has some convenience features such as being able to
automatically use pad files generated by our program GigAlarm, generate key files (from a stream cipher and thus not best for OTP usage) and also analyse the
suitability of your chosen key file.
CryptIt also has a ability to use removable media (USB drives, CDs, floppies) as a key code book, further increasing the security and convenience
of the method. If your needs are more simpler then you can also use a word (string), but the advantages of the XOR method are lost then. Descriptions can
be stored within the encrypted file, as well as the file name of the code. Command line operation is also supported.
Command Line Options
Notes on XOR encryption methods
System Impact Statement
Licence and Registration
Run "Setup.exe" and follow the instructions. To remove CryptIt, use the "Add/Remove Programs" option in the Control Panel. CryptIt
stores all its data files in the designated application data area, often "C:\Documents and Settings\USERNAME\Application Data\ACAPsoft\CryptIt". If
you would prefer that it saves in the same directory as CryptIt either run the program from a removable drive, such as a floppy of a USB drive, or delete
the "DefSet.txt" file from the CryptIt directory.
To EnCrypt a file, first select the file to be encrypted by either browsing for it, by pressing the "Choose" button, or by dragging a file
onto the CryptIt Window. Any file is acceptable providing it is less than 4GB and doesn't have the file extension of "cpt". Depending on your
needs either use the XOR mode (more secure) or the Classic mode (more options).
Now you select the EnCryption method. The best option is either "File" or "Drive". ("Drive" mode requires additional
preparation. See below for further details.) This enables you to use another file to encrypt the source. CryptIt can make this file for you if you press
the "Create" button, or you can use your own. (It is better to use your own if you have a good file to use.) You can also get CryptIt's rating of
the file by pressing the "Analyse" button. To select the file wanted you must use the
"Choose" button next to the edit box. You can also choose a large file, but not use it all. To do this you simply enter in a lower number in the
"Use XXX Bytes" window. If not using XOR mode, to make DeCryption easier you can also have CryptIt save the name of the code file by selecting
"Save File Name". However, if you want a password style encryption then the "String" option is probably more convenient. Simply enter
in your chosen word(s) into the edit box. In this case CryptIt will repeat the string until it is at least 32 bytes (256 bits) long. ("String"
mode is not very secure.)
Next you select where the output files will go, the default being the same folder as the source. Change this if you prefer something else, but make
sure that there is no new directory in your selection. (I.e. New directories will NOT be created.) You can select it by using the "Choose"
button, or by dragging a directory onto the "CryptIt" window. There is also buttons to reset the output, to add a folder the same name as the
file to the path, or to change the output directory to the desktop.
If you want, you can add a comment as well that will be displayed prior to the file being EnCrypted. In Classic mode, simply tick "Use" in
the "Description" box and type it in. This can be a maximum of 300 characters and the comment is not Encrypted. (Thus you could make the comment
a question to help you remember the Encryption String or file.)
It is extremely important to note that the file is Encrypted, not password locked. The difference being that there is no storing of the code itself
anywhere - the whole file is mathematically scrambled based on what you enter/select. If you forget/lose the Encryption String/File there is no easy
way to decrypt the file. (I.e. We cannot help!)
Once you are ready, press the "Go CryptIt!" button and the file will be encrypted. If in Classic mode the the file name extension will be
replaced with "cpt" and in XOR mode "XOR" will be added to the start of the file name.
As an additional feature, CryptIt can be set to be an On Top window. Simply Right Click on the title bar and select "On Top Toggle".
If using XOR mode is encryption is exactly the same as decryption.
Double click the EnCrypted file and CryptIt will load. (Alternatively you can load CryptIt, and the select the file using the "Choose" button
or by "dragging" it.) The comment, if any, will be in the comment box and you can then select the directory that you want the file to be created
in. If the file was EnCrypted using the "String" method then you simply enter in your chosen string. Alternately, if the "File" method
was chosen then you must ensure that the correct file name is in the file edit box. If "Save File Name" was selected then there should be a file
name in the box, but that does not mean that the file was found. To determine this, look to see if the "Save File Name" box is checked. If it is
then you are ready to DeCrypt, otherwise CryptIt could not find the file in the given path, but you can still use the File Name as a guide.
(It is possible to EnCrypt a file using a String, and DeCrypt it using a File, and vice-versa, but they must be exactly the same and both must be
greater than 32 bytes.)
Last of all you press the "Go DeCrypt!" button and the original file is DeCrypted into your chosen output folder.
Below is further explanation of some of CryptIt controls.
|File to EnCrypt/DeCrypt
||This is the file for CryptIt to process. You can select it via the "Choose" button or by dragging a file to the window.|
||Selects either the XOR or the Classic mode. In Classic mode the filetype is changed to "cpt" and you have extras features like the description
option. XOR mode simply processes the file and creates a new file of the same name with "XOR" in front. The XOR mode is more secure
simply because it is hard to tell has been done to the file. A person who comes across a XORed file might think the file is corrupted and ignore it,
while a search for a "cpt" file might result in CryptIt. (This is Security by Obscurity.)|
||When using Classic mode you can use this field.
||Selects the key file source. String is only available in Classic mode. Drive mode is further explained below.
||Asks CryptIt for a rating (Excellent/Good/OK/Bad/Very Bad) of your selected key file. Files get penalties for being smaller than the source file,
having repetition of bytes (especially null bytes) and for not having a good spread of numbers. It needs to be stressed that this routine is just a
simple check, designed to help the user determine if a file should be used or not. It does not use any official test for randomness, and it does have
some flaws, such as a random 1 MB file repeated 50 times will be seen as a good key file for a 20 MB source, while the same 1 MB file by itself
will not be. (Testing files for repetitions like that takes too long.) In short, this test is not for checking cypher streams, it is more for testing
existing files for potential key usage. (Cipher streams will almost always be rated as Excellent, even if they are predictable, and thus insecure.) Please
read here for more details.
||Creates a key file of suitable size and saves it in the output directory. If you have any method that produces a random file then you should
use it in preference to this built in one. While this function will produce acceptable files that will be different most of the time,
they are still a stream cipher made using the same algorithm (RC4) and thus are more predictable than a method chosen by the user. Using this feature
makes CryptIt little better than normal password based encryption.
||Our program GigAlarm has a built in pad file generator which makes files based on the variance
between the CPU clock and the system clock. This function allows the output of this function to be used easily. Simply press the KeyStore button, and if
there is enough data a key of the right size will be generated, moved to the desktop and the data removed from the KeyStore. Please note that this function
in most cases is only suitable for smaller messages of under 100KB due to the speed of GigAlarm's generator.
||This is where the XORed/encrypted file goes. It will by default be the same directory as the source, but this can be changed.
CryptIt when used with removal media becomes easier and more secure. However, it does involve more preparation, thus this explanation is separate from
the rest. To use CryptIt in this mode you must include in the root directory of the media a file by the name of "KeyRing.txt". There is an
example file in the CryptIt directory, but in short it is a text file consisting of a line of a name, and then a file name. Below is an example of this.
#The line below tells CryptIt the maximum files that it should allow for. The default without this line is 10
#First you list a name for the file
#... then the file name
#There must be a new line at the end. Enjoy!
If CryptIt recognizes your file then you will be able to select what drive and then what filename you want to use. After this you simply use CryptIt as
Command Line Options
It is also possible to use CryptIt with command line functions. Four switches control the operation in this mode.
|/o||Output directory (Not required if using same directory)
|/f||File to use as encryption key
|/s||Word/String for encryption key (Must be one word)
"C:\Program Files\CryptIt\CryptIt.exe" /i=c:\EnemyList.xls /s=secretcode
Encrypts "EnemyList.xls" to the same directory using the word "secretcode" as the key
"C:\Program Files\CryptIt\CryptIt.exe" /i=c:\EnemyList.xls /o=c:\Love /s=secretcode
Decrypts "EnemyList.xls" to the directory "c:\Love" using the word "secretcode" as the key
"C:\Program Files\CryptIt\CryptIt.exe" /i=c:\EnemyList.xls /f=c:\Heart.txt
Encrypts "EnemyList.xls" to the same directory using the file "Heart.txt" as the key
Notes on XOR encryption methods
Any encryption is breakable... except if you use an unpredictable key file that is equal or larger than the file itself and you use it once only.
When keys are used like this it is known as a One-Time Pad encryption. One-Time Pad encryption is un-breakable because it is just as likely that the file
anything other than the original file. Attempts to decrypt it could result in any file, and there would be no way to verify that it has decrypted
correctly. If you use the key again then there is a chance that a hacker could
use parts common to both and partially extract the key, and then be able to partially extract the original files. This is extremely hard with only two
files, but if you used the same key on varied files for 10+ times and you then lost all of these files then there is a decent chance that someone with
sufficient time, motivation and skill could extract most of the key. (Less biased and better explained details can be found on
Wikipedia and Here.) The
key also cannot be any form of a stream cipher as this negates most of the advantages of the method. This is because once any part of a stream cipher encrypted
file is decrypted, it is possible to then decrypt the rest of the file given sufficient skill and processing power. However, if a non-stream cipher is used
then even if some part of the file is decrypted, that does not mean the whole file is compromised.
(The Blum Blum Shub pseudorandom number generator generator is one of the current exceptions to this rule, as while it is believed to be possible to
reverse a stream from it, there are no cases of it actually happening.)
Unpredictable keys are hard to generate, and it is even harder to be sure that they are actually unpredictable. Some scientists believe that even
radioactive decay follows predictable patterns. If you are using CryptIt for small messages you could seriously consider generating your own the old fashion way
(picking letters out of a hat) but this method is not practical for large files. When designing these programs we initially felt that people making/finding
their own unique keys was part of the security, but in hindsight, this concept was wrong. It is too hard for many people to do this, even if they do
understand the concepts of what makes a good key. For this reason we have written our own and included it in our program
GigAlarm which makes files based on the variance between the CPU clock and the system clock. The
results from the CPU clock function have been excellent when tested using ent, a well respected random file
In short, CryptIt encrypts files by logically applying "Exclusive Or" to each byte, using the Key file/string. The key needs to be
unpredictable and not contain repetitions, especially of "nulls", to be secure. The weakness of the method is that you need to have a way of distributing
the keys as well if you want to send an encrypted message. If you have a secure method of transporting the keys (one user gives CDs full of keys and then
encrypts his EMails) then the method works well. Otherwise it is best used for encrypting personal data where there is no need to transport the key.
OTP encryption is often dismissed as "Snake Oil". This is largely because of a few software companies using stream ciphers and claiming that
it is a OTP and thus unbreakable. CryptIt and XorIt are not like that. We do not use any secret algorithm, the only formula in CryptIt and XorIt is
"XOR" itself. Nor do we provide raw key material, claim that the OTP does not need to be transferred or that it is easy to use. Please do not
group us in this category. If you want easy and secure encryption, use any other method. If you want unbreakable encryption, try CryptIt or XorIt.
Aside from a general revision, the main purpose of this version is the addition of the KeyStore. This allows easy usage of the Pad files that GigAlarm can
generate. Next version I plan to expand on this.
CryptIt is programmed using MASM32 assembly language and has been tested on Win2000, WinXP and Vista. I no longer support Win9x or
pre-Windows 2000 NT on new releases. Maintaining support for 9x has been preventing me using several new OS features for a while. Please note that we used to
be known as "Sinner Computing".
System Impact Statement
We go to great lengths to reduce system impact, but we feel that it is still important to explain here what our programs do to your
system. If you feel we are missing something, or you need further clarification, please contact us.
|Registry||CryptIt uses the registry to set it as the .cpt file handler. The installer that comes with CryptIt uses the
registry only for the required un-installation data, and not at all if you use the "Extract Only" mode or if you install as a low privilege user.
|System Settings||CryptIt will set it as the .cpt file handler.
|Files||All of its program files are stored in the chosen installation directory, and all of its data files are stored in the
designated application data area, often "C:\Documents and Settings\USERNAME\Application Data\ACAPsoft\CryptIt". If you would prefer that
it saves in the same directory as CryptIt either run the program from a removable drive, such as a floppy of a USB drive, or delete the
"DefSet.txt" file from the CryptIt directory. These directories can be opened via the About box.
|Network||CryptIt and its installer do not access the internet in any way, but the ReadMe does have three graphic files that are
stored on the internet. (They are not used as web-beacons, merely spacers and images for the payment processors.)
|CPU||CryptIt can be very demanding on the CPU when encrypting.
|Memory||CryptIt needs around 50 MB while encrypting.
|1.10||Command line operation
|1.20||Pure Vernam mode, Drive Mode and speed enhancements
|1.21||On Top Toggle
|1.3||Create and Analyse Key functions, Interface tweaks.
|1.4||KeyStore, interface and speed tweaks.
Licence and Registration
Permission is given to evaluate CryptIt for a period of 30 days. After this time you are required to either register or remove CryptIt.
Permission is given for all forms of distribution, including CD compilations and Websites, providing the ZIP file is unaltered and it is
made clear that CryptIt is a Shareware program and that registration is required for continued usage. CryptIt can be registered using PayPal,
Reg.Net or Mail. For details on the terms of our licences and of our Buy-Three-Get-All policy please refer to the
CryptIt is a copyrighted work and thus permission is not given for you to decompile, disassemble, modify, translate, enhance or create
derivative works from this program. If you feel that you need to do any of those actions, and that those rules do not apply to you, contact
|PayPal $8.00 USD||
|Reg.Net $8.50 USD Bulk deals are also available here.||
|Mail, Cash $8.00 USD or $10 AUD||Postal details in About box
|Mail, Australian Cheque $10 AUD||
|Mail, Non-Australian Cheque $15.00 USD||
|PayPal $100 USD||
|Reg.Net $100 USD||
|Mail, Cash or Cheque $100 USD or $120 AUD||Postal details in About box
ACAPsoft accepts no liability for this software to the maximum extent allowable by law. Installing this software is the decision
of the installer, and signifies that you agree with this liability statement. Thus, any damage/loss caused by the use of this software is
not in any way the responsibility of ACAPsoft. This includes, but is not limited to, physical damage and loss of income/time. In no
event shall the maximum liability of ACAPsoft exceed the registration fee paid by the user, if any. Because some jurisdictions do
not allow the exclusion or limitation of liability for consequential or incidental damages, in such jurisdictions the liability of ACAPsoft
shall be limited to the extent permitted by law. If at any time you do not find these conditions agreeable you are required to
remove this software.
Advice/insults (on the subject of the program, not the programmer) are always welcome. To help users keep up to date we send out
newsletters whenever there is a major new version of CryptIt. To join this list simply send an
EMail with "CryptADD" in the subject. To be removed from this list, write an EMail
with "CryptREMOVE" in the subject. (ACAPsoft does not sell your EMail address or any other personal information to anyone.)
In addition, we have a RSS feed that is updated whenever there is a new version of any program.