UCRYPT: the use of the UCRYPT command
=====================================

After having archived a set of files with UC, you might want to
protect them from being accessed by others. To achieve this, you can
use UCRYPT.

UCRYPT protects the archive with a password, chosen by you. The
password is case sensitive. This increases the amount of possible
passwords.

This document contains the following paragraphs:

        - A. Command summary
        - B. Encryption
        - C. Encryption with destruction of the original archive
        - D. Decryption
        - Z. Summary


1.A COMMAND SUMMARY.
====================

General: UCRYPT command archive-name

Starting UCRYPT with no command gives an explanation on screen about
the use of UCRYPT.

Possible commands are:

   C   for protecting an archive with a password

   E   for protecting an archive with a password and destroying the
       original archive

   CF  like C, but uses 'faster' encryption

   EF  like E, but uses 'faster' encryption

   D   makes an archive accessible again


1.B ENCRYPTION.
===============

Command: UCRYPT C archive-name

   With this command the archive will be protected with a password.
   The original unprotected archive still exists after the execution
   of UCRYPT.

   After having entered the command, the password will be asked.
   The password must consist of at least eight characters and at
   most sixteen.

   Every keystroke will be represented by an asterisk, so the password
   is never visible.

   When you are not sure about a keystroke, use <BACK SPACE> and
   the keystroke will be undone.

   As usual with passwords, you will be asked to enter the password
   twice. When a difference between the passwords is detected, the
   encryption will be terminated and you have to start again.

   Encrypting an archive in another directory gives an encrypted archive
   in the same directory as the original archive.

Command: UCRYPT C archive-name "password"

   This command has the same function as the former command.
   With this command the archive will also be protected with a password,
   but the password is entered on the command line, between double
   quotes.

   Now you will not be asked to repeat the password, but the protection
   will be done at once. Of course the password is visible, when entered
   on the command line.

   You can also use 'faster' encryption by using the CF instead of the C
   command. The normal encryption uses triple-DES (Digital Encryption
   Standard) encryption and has some enhancements crippling brute force
   attacks. This makes the normal encryption safe according to all
   common standards. The 'faster' encryption uses a less proven method.
   It is not as established as triple-DES, but for most practical
   purposes reliable enough.


1.C ENCRYPTION WITH DESTRUCTION OF THE ORIGINAL ARCHIVE.
========================================================

Commands: UCRYPT E archive-name
          UCRYPT E archive-name "password"
          UCRYPT EF archive-name
          UCRYPT EF archive-name "password"

   The E and EF commands work the same as the C and CF commands, the only
   difference is the deletion. This deletion is not an ordinary deletion,
   but a real destruction of the archive.

   On systems with integrated datacompression (e.g. Stacker), or systems
   with a very slow deferred write caching, the destruction might fail.
   These systems do not allow destruction.

   On C2 compliant operating systems (e.g. Windows NT) it is sufficient
   to use the C and CF commands, since these systems already destroy
   deleted files.


1.D DECRYPTION.
===============

Commands: UCRYPT D archive-name
          UCRYPT D archive-name "password"

   The (encrypted) archive is decrypted.

For decryption of the archive the password is required.
After decryption the encrypted archive still exists.
The way passwords are handled is the same as in paragraph 1.B.

Entering a wrong password mostly terminates the program with an error
message.

The time UltraCrypt needs to determine that a password is wrong is
almost the same as the time needed to decrypt an archive with the
correct password. This is necessary, since other approaches would
allow someone to try passwords much faster (brute force atack).

The UCRYPT data-encryption format has more specific features to make
brute-force attacks much harder. A side effect of this is that there
is a chance of 1 to 256 the archive will be decrypted into garbage
after entering a wrong password, without an error message.


1.Z SUMMARY.
============

UCRYPT                     gives explanation about the use of UCRYPT
                           on screen
UCRYPT C name
UCRYPT C name "password"   protects archive, keeping the original
                           archive
UCRYPT E name
UCRYPT E name "password"   protects archive, destroying the original
                           archive
UCRYPT CF name
UCRYPT CF name "password"  like C but uses 'faster' encryption

UCRYPT EF name
UCRYPT EF name "password"  like E but uses 'faster' encryption

UCRYPT D name
UCRYPT D name "password"   makes archive accessible again