C-CIPHER

A program to encrypt/decrypt a file using the AES-CTR-256 cipher.

It can be used to store passwords (or any other kind of sensible information) locally, in a private way.
The user only needs one password to both encrypt and decrypt the information.

---

Details on Security

The algorithm is implemented in C, using the OpenSSL's Encryption API.

The Encryption Key has to be 256-bits long; it is generated by computing SHA256(p), with p being the user's password.¹
The same key is used for both encryption and decryption.

The Initialization Vector IV is a string of 16 bytes.
The last (LSB)² 8 bytes contain a counter which will be incremented at every new encrypted block.
The first (MSB) 8 bytes contain the "nonce": a random sequence of bits.
When encrypting, the nonce is filled with random bytes; these will be prepended to the ciphertext in order to read them during the decryption procedure.

The block length n, is an important parameter for determining the concrete security of the cipher.
Being the IV a uniform string of n-bits, it is expected to repeat after having performed "only" 2n/2 encryptions.³
In our case n is 128 bits; this means that only 264 blocks - or 2*105 Petabytes - can be safely encrypted without ever changing the IV.
This is more than safe for a regular text file.

Tampering

It must be noted that this mode of encryption provides no security against data tampering.
If the ciphertext were to be modified even by just one bit, the integrity of the information would be lost.

The scope of this project however is to provide a trivial example of encryption, to be used for simpler "protection" against adversaries who know little to nothing about cryptography.

¹ The usage of a PBKDF (Password-Based Key Derivation Function) would further improve security.
² In big-endian order.
³ Similar concept to 'The Birthday Problem'.

---

Installation

Take a look at the dependencies listed below.

To download and compile the program:

git clone https://github.com/marcoplaitano/c-cipher
cd c-cipher
make

The executable file is ccipher.
To install it globally:

sudo make install

This will simply copy the executable to /usr/local/bin/ and the manpage to usr/local/man/.
Uninstall with:

sudo make uninstall

---

Usage

ccipher in-file out-file mode password

The program needs the following 4 command line arguments, in order:

• in-file
  Input file on which the cipher will be applied
• out-file
  Output file storing the result
• mode
  A string: either encrypt, e, decrypt or d
• password
  A string chosen by the user

Note: using this approach means that anyone with access to the computer can learn the password since it is stored in the shell's history. A workaround might be requesting the 4 arguments inside the program, at runtime.

Example

The first time you run the program, the in-file should be the plain text file containing the private information.
The output file will store the encrypted version of it.
It is at this point that you must choose the password to use. It can contain any ASCII character and can be of any (reasonable) length.

ccipher input.txt private.dat e Password123

The following times, the plaintext version can be recreated with the command:

ccipher private.dat output.txt d Password123

Notice how the two paths have been swapped, the mode is now decrypt and the password remains the same.

---

Dependencies

• gcc
• make
• libssl3

---

Author

Marco Plaitano

---

License

Distributed under the MIT license.