Dec 272017
IRIS is to be used by users with a need to store or exchange sensitive information in a secure manner. Fully secures any file.
File PC-IRIS.ZIP from The Programmer’s Corner in
Category File Managers
IRIS is to be used by users with a need to store or exchange sensitive information in a secure manner. Fully secures any file.
File Name File Size Zip Size Zip Type
DECRYPT.BAT 128 65 deflated
DEMO.BAT 2432 955 deflated
ENCRYPT.BAT 128 69 deflated
INSTALL.BAT 256 141 deflated
IR.BAT 128 22 deflated
IRIS.DOC 48512 15058 deflated
IRIS.EXE 90161 43000 deflated
KEYS.DAT 1664 876 deflated
LOCK.DOC 1408 641 deflated
LOCK.EXE 12051 7907 deflated
MERLIN.DOC 2816 1274 deflated
MERLIN.EXE 42227 17976 deflated
OZY.TXT 768 393 deflated
READ-ME.DOC 8448 3504 deflated
REGISTER.DOC 3456 1090 deflated

Download File PC-IRIS.ZIP Here

Contents of the IRIS.DOC file


A Cryptographic Security System

Version 3.7

July 1989


A goddess, the daughter of the Titan Thaumas and
the Oceanid Electra. Iris carried the messages of
the Gods. Iris means 'rainbow' in Greek, and the
personification of this phenomenon was considered
by the Greeks to connect sky and earth; hence her
function as messenger. Callimachus portrays Iris
as sleeping under Hera's throne, ever shod so as
to be ready to carry her messages on the instant.


Introduction Overview of IRIS
The Data Encryption module
The RSA cipher
The DES cipher
The VERNAM cipher
The PLAYFAIR cipher
The BAZERIES cipher

Reference IRIS startup
IRIS command reference
Maintaining key files
Future enhancements

Appendix A - IRIS syntax conventions
B - IRIS error messages
C - Bibliography

Overview of IRIS

IRIS implements commercial cryptographic techniques under the DOS

RSA public key cryptography

DES cryptography

VERNAM (XOR) cryptography

PLAYFAIR cryptography

BAZERIES cryptography

CRC (checksum) generation

Secure file erasure

IRIS is intended to be used by users with a need to store or exchange
sensitive information in a secure manner.

A file containing sensitive information such as a spreadsheet detailing
company annual results prior to publication, may be encrypted by IRIS
effectively precluding unauthorised disclosure. The (encrypted) file may be
copied to floppy disc and send via public mail (an insecure channel) to
another party, who, having access to IRIS and the KEY used to encrypt the
document, will be able to decrypt the file, producing the original

The IRIS software is written in the 'C' language, and has been ported to

The RSA cipher

'Defendit Numerus'
[ There is safety in numbers ]

In 1976 Whitfield Diffie and Martin Hellman introduced the revolutionary
concept of a public key cryptosystem. Unlike classical cryptosystems, the
public key cryptosystem has two separate keys, an encryption key and a
decryption key.

The major concept of this encryption scheme is that publicly revealing
the encryption key does not reveal the corresponding decryption
key. This has two important consequences:

o Couriers or other secure means are not needed to
transmit keys, since a message can be enciphered
using an encryption key publicly revealed by the
person who wishes to receive the message, and this
publicly revealed key yields no useful information
about the decryption key.

o A message can be 'signed' using a privately held
decryption key. Anyone can verify this 'Digital
Signature' using the corresponding publicly
revealed encryption key.


o Electronic mail - A public key cryptosystem can
ensure that the two most important properties of
'paper mail' are preserved: (a) Messages are
private, and (b) Messages can be signed.

o Key distribution for conventional cryptosystems -
Since conventional cryptosystems rely on the
privacy of the 'key' to ensure privacy of the
message, distribution of the key requires a secure
channel, A public key cryptosystem can provide
this channel.

The Limitation of Conventional Cryptosystems

A conventional cryptosystem uses only one key, which must be made
available to both the encryptor (Sender) and decryptor (Receiver).
Therein lies the most serious problem of conventional cryptosystems:
Some secure method must exist for distributing secret keys to the
encryptor and decryptor, if that secure method exists, then surely it
could be used to transmit the secret message.

This is known as the 'Key Distribution Problem'

A public key cryptosystem has two keys which have the following,
almost magical properties:

o For each encryption key there is a decryption key
which is NOT the same as the encryption key.

o It is feasible to compute a pair of keys,
consisting of an encryption key and a
corresponding decryption key.

o It is not feasible to compute the decryption
key from knowledge of the encryption key.

Because of these properties, two people can use a public key cryptosystem
to communicate privately without transmitting any secret keys. To set up,
you generate a pair of keys, and send the encryption key to, say Mary
by any convenient means. It need not be kept secret. It can only
encrypt messages - not decrypt them. Revealing it discloses nothing useful
about the decryption key. Mary can use it to encrypt messages and send
them to you. No one but you, however, can decrypt the message (not even
Mary!), as long as you do not reveal your private decryption key.

Digital Signatures

Very closely related to the RSA cipher is the concept of digital
signatures. One problem with corresponding electronically, such as via a
large scale computer network, is that messages can easily be forged -
you usually cannot be certain that the sender of a received message is
actually the person claimed in the message. A public key cryptosystem,
however can be used to provide positive identification of any sender
who has a public key. If, for example Mary has filed a public key in
some public access file, she can digitally sign a message by decrypting
it with her private decryption key before publishing the message. Anybody
can reveal the plaintext by encrypting the message with Mary's public
encryption key; if the plaintext is revealed, then Mary must have authored
the message.

One can take this idea a step further, Mary can decrypt a message
with her private decryption key, then encrypt it with your public
encryption key. To reveal the plaintext, you must decrypt the message
with your private decryption key, then encrypt it with Mary's public
encryption key. The result is a message which only Mary could have
created, and only you can read!

The Rivest Shamir Adleman (RSA) cryptosystem

In 1978, a group of researchers at MIT published a paper describing the
now celebrated, RSA cryptosystem.

The security of the RSA cryptosystem is based on the fact that although
finding large prime numbers is computationally easy, factoring the product
of two such primes is at present computationally infeasible. In fact,
this is an ancient problem which has resisted attack by the worlds
greatest mathematicians for many centuries. Fermat (1601?-1665) and
Legendre (1752-1833) both developed factoring algorithms; some of
todays more efficient algorithms are based on the work of Legendre.

'The problem of distinguishing prime numbers from
composites, and of resolving composite numbers into
their prime factors is one of the most important and
useful in all of arithmetic.... The dignity of
science seems to demand that every aid to the solution
of such an elegant and celebrated problem be zealously

- K.F. Gauss, Disquisitiones Arithmeticae, Art. 329 (1801)

The Mathematics of the RSA Cipher

The RSA key has three elements, 'N' & 'E' which can be made public
knowledge, and 'D' which must be kept private to the individual who owns
the RSA key, as 'D' is the means of decrypting a text which has been
encrypted using 'N' & 'E'.

Assuming that we have computed a 125 digit prime, p and a 130 digit
prime, q, a 250 digit RSA key can be computed thus:

N = pq

Any Random integer in the interval 3 ... phi(n) -1
provided gcd(E,phi(n)) = 1

where phi(n) is the Euler totient function (p-1)(q-1)
and gcd is 'greatest common divisor'

D = multiplicative inverse of E mod phi(n)

The number of 250 digit keys producible is much greater than 10 to the
power 200. (It is worth considering that the number of atoms in the known
universe is roughly 10 to the power 80.)

IRIS supports RSA keys of up to 500 digits in length.
Encrypting and Decrypting

For the purposes of encryption and decryption, the plain / cipher text is
converted into its numeric ASCII equivalent.

For example, the text:


Becomes the integer:


(since in ASCII 'I' = 73, 'T' = 84 etc)

The text may now be treated as a simple (but large!) integer.

RSA Encryption:

ciphertext = plaintext ^ E modulo N

RSA Decryption:

plaintext = ciphertext ^ D modulo N

For example

N = 11023
E = 11
D = 5891

Plaintext = Ho
= 3314

Ciphertext = 3314 ^ 11 modulo 11023
= 10260

Plaintext = 10260 ^ 5891 modulo 11023
= 3314
= Ho

nb: IRIS converts characters into 3 digit integers (0-255) in order to
support the full ASCII character set.
RSA Performance

The generation of sufficiently large prime numbers is a non-trivial
problem, and this perhaps explains the scarcity of implementations of
the RSA encryption scheme. It is only since the arrival of fast
16/32 bit microprocessors that microcomputer implementations have become
feasible at all.

In order to use realistic RSA keylengths, ie: 80 digits and above, a fast
PC is essential. We advise the use of the following minimum hardware

12 Mhz 80286, 0 or 1 Wait states. Norton SI: > 11

Development and testing was performed on the following hardware

16 Mhz 80286, 1 wait state. Norton SI: 15.6

With CPU performance at this level, it is perfectly feasible to generate
300 digit RSA keys, although generation of keys of this size will require
several hours of compute time. The user may prefer to run IRIS RSA key
generation as a background task under a DOS multitasker such as DESQview,
to allow the PC to be used for other purposes during key generation.

Table 1 : Security of the RSA cipher

Key Length Estimated time to cryptanalyze cipher text

50 3.9 hours
75 104 days
88 11 years
100 74 years
150 1.0 million years
200 3.8 billion years
250 5.9 trillion years
300 4.9 * 10 ^ 15 years
500 4.2 * 10 ^ 25 years

( Assuming one computer operation per microsecond )

The reader may wish to consider that the Universe is considered to be
roughly 15 billion years old.

A key length of 100 digits provides reasonable security against attack
using current technology; using 150 digit keys ensures security against
forseable future developments. The user can select a key length to suit
the particular application, depending on the relative importance of
operational speed and security.

Unlike many conventional cryptosystems, there is currently no proven or
theoretical 'sneak path' method of attack to the RSA cryptosystem. It is
believed that the RSA cipher is unbreakable, even by government agencies.
The DES cipher

In 1977 the US Federal Bureau of Standards approved an IBM developed
cryptographic algorithm for data security. The Data Encryption Standard
(DES) was approved for non-classified governmental purposes. Since then,
DES has been widely adopted in industry in hardware and software. Its
dominance in the marketplace increases daily, and in respect of practical
cryptography, is the most important algorithm ever devised.

DES is completely specified in a Federal Bureau publication known as 'FIPS
PUB 46 - Data Encryption Standard'.

DES is very much a traditional cipher in the sense that it employs
traditional cryptographic techniques of transposition and substitution.
However, it is designed to interrelate them so as to produce an algorithm
that is so complex that mathematical cryptanalysis is impossible.

The DES algorithm is a 64 bit block cipher, and applies a 56 bit key to
blocks of data 64 bits in size. The DES key is generally represented as a
64 bit value, the redundant 8 bits provide parity checking for the key.

Although the DES algorithm is immensely complex, each step generally
consists of some simple bit-manipulation operation and the overall
algorithm runs rather quickly when compared to, say, RSA. (Of course
hardware DES implementations run much faster still).

Commercial users of IRIS are advised to use the DES algorithm for any
application NOT requiring the properties of a public key algorithm. This is
for the following reasons:

1. DES is an industry standard
2. DES provides a formidable level of cryptographic security
3. DES will be acceptable to any audit
4. DES uses keys that are short and easy to store and use
5. DES is fast

For these reasons, DES is the default cipher algorithm within IRIS
The VERNAM cipher

The VERNAM cipher is probably the fastest algorithm around - its speed is
limited only by the I/O rate of the PC's disk and controller. The key for
the VERNAM algorithm may be chosen to be any easily remembered sequence of

However, the user should be aware that VERNAM does not offer the same high
level of security as offered by DES or RSA. Whilst the VERNAM algorithm is
commercially secure, it is most certainly breakable by government agencies
such as the NSA and GCHQ.

The origins of this cipher go back to 1917, when MIT graduate Gilbert
Vernam proposed a new idea for enciphering teletype communications to his
employers AT&T. At the time, teletype transmission was by 5 bit wide paper
tape, utilising Baudot code. Vernam's idea was to run a second synchronised
key-tape during transmission, which would be XORed with the message tape,
thereby transmitting encrypted text. At the receiving end, an identical key
tape would be synchronised to run along with the incoming message, and the
teletype would churn out the decrypted text.

The IRIS implementation of VERNAM XOR's the plaintext / ciphertext with the
output of an additive type random number generator, which has a period of
roughly 2^55. The keyvalue used determines the start point of the random
number generator.

To achieve maximum speed from VERNAM, one should specify /BRIEF in the
cipher command, in order to suppress any output during cipher processing.

From a mathematical point of view, the VERNAM cipher may be considered to

ciphertext = plaintext XOR key-stream
plaintext = ciphertext XOR key-stream

Where the key stream is a pseudo-random number generator, the start point
of which is defined by the key used.

The PLAYFAIR cipher

The playfair cipher is a simple but effective polygram cipher which saw
active service with the British Army during the Boer War and First World

The cipher is named after an active Victorian public figure, Lyon Playfair,
but was invented by his long term friend, Charles Wheatstone, professor of
philosophy at Kings College, London. The Playfair cipher is well documented
in the literature, but here follows a simple description:

The key is provided by a 5*5 matrix of 25 letters, usually 'J' is ignored.
For each PAIR of plaintext letters m1, m2 the following rules are applied
to produce ciphertext c1, c2:


R1. If m1 and m2 are in the same row, then c1 and c2 are the
two characters to the right of m1 and m2.

R2. If m1 and m2 are in the same column, then c1 and c2 are the
two characters below m1 and m2.

R3. If m1 and m2 are in different rows and columns, then c1 and
c2 are the other two corners of the rectangle having m1 and
m2 as corners, where c1 is in m1's row and c2 is in m2's row.


S1. The first row of the matrix is considered to be below the
last row.

S2. The first column of the matrix is considered to be to the
right of the last column.

S3. If m1 = m2, a null letter is inserted between the two to
eliminate the double.

S4. If the plaintext has an odd number of characters, a null
letter is appended to the end of the plaintext.

For decryption, the same rules apply except for R1 and R2:

R1. If m1 and m2 are in the same row, then c1 and c2 are the
two characters to the LEFT of m1 and m2.

R2. If m1 and m2 are in the same column, then c1 and c2 are the
two characters ABOVE m1 and m2.

Creation of the key matrix:

The key matrix may be loaded by any means, but is usually loaded from a
'keyword mixed alphabet' allowing a simple word or phrase to be used as a

The IRIS implementation of PLAYFAIR

IRIS implements a 16*16 matrix which allows the entire ASCII character set
to be represented. The user should be aware that the NUL character is not
supported, and will be suppressed on input. Therefore, PLAYFAIR is not
suitable for binary data such as program images etc.

In terms of cryptographic security, PLAYFAIR is very effective, and may be
considered to be commercially secure, however PLAYFAIR will not withstand
attack by government authorities.

The BAZERIES cipher

The BAZERIES cipher is a cylindrical system devised by Commandant Bazeries
of the Black Chamber, the French Army's cryptographic department. The
Bazeries cylinder has been used by security agencies throughout the world,
and has survived the testing of several decades.

Historically, the Bazeries system used a cylinder made up from 20 disks,
each having 26 character positions around the rim. IRIS implements a
cylinder of 23 disks each having 256 character positions around the rim.
This improves security, and permits the full ASCII character set to be

The Bazeries cipher is reasonably fast during encrypt/decrypt operations,
but the key cylinder construction is somewhat slow, requiring some 90
seconds on a fast (16 Mhz) PC-AT class machine.

The keyvalue supplied is used in the following manner:

1: The 1st 8 characters are used to seed an additive type random
number generator (which has a period of roughly 2^55), which
then provides (pseudo) random data to be loaded into the cylinder.

2: The keyvalue is expanded to be at least as large as a cylinder row.
The bytes of the keyvalue are sorted, each byte-pair transposition
being duplicated as a transposition of the cylinder rows.

2: The keyvalue is expanded to be at least as large as a cylinder column.
The bytes of the keyvalue are sorted, each byte-pair transposition
being duplicated as a transposition of the cylinder columns.

4: The product of the value of cylinder coordinates [0][0] & [22][255]
are used to determine the initial cylinder row used by the bazeries
cipher function. The contents of these cylinder elements are, of
course, key dependent.

Users wishing to persue the workings of this algorithm are referred to the

Starting IRIS

The IRIS system is started by typing 'IRIS' at the keyboard:



Alternatively, a command line may be entered:

C:>iris checksum /filename = ozy.txt

In this case, IRIS will perform the command requested and then exit to DOS.
This is particularly useful when writing batch files which call IRIS.

Stopping IRIS

To finish using IRIS, type EXIT or CTRL-Z, at the command prompt.

IRIS may be interrupted at any time by use of the CTRL-BREAK function, but
this may leave temporary files in the curent directory. Temporary files

always have the extension '.XYZ' and are therefore easily found and
IRIS Command Reference

HELP - Display simple help screen




The help command displays a single screen of help information.


IRIS-cmd> help

PC-Iris v3.7-0 syntax summary

Commands ------ Help Set Show Cipher Genkey
Erase Checksum Listkey Register

Qualifiers ---- /plain = /cipher =
/output = /filename =
/keyfile = /keyname =
/keyvalue =
/keylength = /iterations =
/function =
/mode =
/algorithm =
/erase =
/crc =

Switches ------ /[no]echo_plain /[no]echo_cipher
/[no]brief /[no]binary /[no]debug
/[no]space /[no]control /[no]punct

SET - Set Default values


SET /plain = /cipher =
/output = /filename =
/keyfile = /keyname =
/keyvalue =
/keylength = /iterations =
/function =
/mode =
/algorithm =
/erase =
/crc =

/[no]echo_plain /[no]echo_cipher /[no]brief
/[no]binary /[no]space /[no]upcase
/[no]punct /[no]control /[no]debug


The set command allows the user to change a default value for a qualifier,
which will then be used for any command if the user does not explicitly
specify that qualifier in the command string.


IRIS-cmd> SET /algorithm=RSA

SHOW - Show current default settings




The show command displays the current default values for each command



PC-Iris v3.7-0 Current Defaults

Assignments --- Plaintext : Undefined
Ciphertext : Undefined
Output : Undefined
Keyvalue : Undefined
Keyfile : KEYS.DAT
Keyname : Undefined
Filename : Undefined
Mode : ECB
Function : Undefined
Algorithm : DES
CRC algorithm : CCITT

Switches ------ Brief : No
Echo plain : No
Echo cipher : No
Binary : Yes
Space : Yes
Control : Yes
Punctuation : Yes
Upcase : No

Sizes --------- Iterations : 10
Keylength : 100

CHECKSUM - Calculate CRC checksums


IRIS-cmd> CHECKSUM /filename=ozy.txt
/crc =


The checksum module enables the calculation of CRC polynomials on a per
file basis. The CRC values generated may be used to 'validate' or
'authenticate' an MS-DOS file periodically as any change, intentional or
unintentional will show a change in the CRC value generated.

Five CRC algorithms are provided:

CCITT polynomial: X^16 + X^12 + X^5 + 1
CRC16 polynomial: X^16 + X^15 + X^2 + 1
CRC16R reverse CRC16
BYTESUM simple arithmetic sum of each byte in the file (not a CRC)

A file checksum may be calculated thus:

IRIS-cmd> CHECKSUM /filename=memo.txt /CRC=CRC16

(The default CRC algorithm is CCITT)

GENKEY - Generate an RSA Key


GENKEY /keylength= /keyfile=
/keyname= /iterations=

Enter P0 seed:
Enter P1 seed:
Enter Q0 seed:
Enter Q1 seed:

Enter E seed, :


The GENKEY command will generate RSA keys of up to 500 digits in length.
The prime number search procedure is due to Knuth, and the primality test
algorithm is due to Fermat / Rabin.

In practice, the maximum size of keys which can be generated by GENKEY is
limited by the CPU power of the host computer since the generation of
large prime numbers is computationally expensive.


The minimum form of the command would be:

IRIS-cmd> GENKEY /alg=RSA /keyname=minotaur

Enter P0 seed:
Enter P1 seed:
Enter Q0 seed:
Enter Q1 seed:
Enter random E:

GENKEY will prompt for four separate 'seeds'. These seeds are used to
randomize the prime number search algorithm. in response to these
prompts, make random key depressions of your numeric keypad, when GENKEY
has enough digits, it will stop prompting.

When the four seeds have been entered, GENKEY will prompt for the 'E' seed.
One should enter a random number of a similar size to the key being
generated. Therefore, if you are generating a one hundred digit key, enter
a value of E with maybe, 80 to 120 digits. Whatever value of 'E' that you
enter, the algorithm will produce a suitably large 'E'.

Once GENKEY has been 'seeded', it will begin searching for large prime
numbers suitable for use in construction of RSA keys. This process is
likely to be lengthy, but progress reports are issued by GENKEY as
various milestones are reached.
It is possible to alter the number of tests performed by the probabilistic
primality test used by GENKEY.

By default, GENKEY will use 10 iterations of the primality test as proof
that a number is in fact prime. Since this test is probabilistic and
based on 'Monte Carlo' mathematics, the number being tested for primality
can only be said to be probably prime, not definitely prime. In fact, the
chance that this algorithm will fail when using 10 iterations is 9.53 * 10
E-7. (Over a million to one against failure).

One may adjust the number of iterations used by using the /ITER=nn
qualifier. Increasing the number of iterations will slow down the
generation of keys, but improve their reliability and vice versa.

When GENKEY has completed a key search, the computed RSA key values, 'N',
'E' & 'D' are stored in the key file with the keyname specified. This key
may then be used for encryption or decryption via the CIPHER command, by
specifying the same keyname.

A more advanced use of GENKEY might be:

IRIS-cmd> GENKEY /keyfile=mykeys.dat /keyname=minotaur
/keylen=115 /iter=12 /alg=RSA

This will generate a key of 115 digits length, called 'minotaur' to be
stored in the keyfile 'mykeys.dat'. Twelve iterations of the probabilistic
primality test will used during validation of primes.

The 'owned by user' field of the key as stored in the keyfile is intended
to indicate the name of the user who created, and therefore owns the key.
In order to allow GENKEY to load this field, define the following
environment variable in your AUTOEXEC.BAT file:

SET USER=your_name
ERASE - Totally erase the contents of a file


ERASE /filename=


The MS-DOS file delete command has a significant drawback from the security
point of view; it does not delete data!

Instead, 'delete' simply removes the filename from the disk directory,
leaving the data intact. A subsequent user of the PC may 'scavenge' the
disk and retrieve (possibly sensitive) data from these un-allocated disk

To overcome this deficiency, IRIS provides an 'ERASE' command which applies
the US Government Department of Defence (DOD) file erasure algorithm to
guarantee that erased files may not be retrieved.

Essentially, ERASE repeatedly overwrites a file with a changing pattern
before deleting the directory entry, thereby removing the data from disk.


IRIS-cmd> ERASE /filename=garbage.txt
LISTKEY - List key(s) held in a keyfile


IRIS-cmd> LISTKEY /keyfile=


The listkey command is used to display details of keys held in a key file.
The following command will display all key details held in the default
keyfile (KEYS.DAT):


To select just one key, issue the following command

IRIS-cmd> LISTKEY /keyname=condor

To write the output to a file, suitable for mailing to another person use:

IRIS-cmd> LISTKEY /keyname=condor /output=key.txt
Example output:
PC-Iris v3.7-0 Keyfile: KEYS.DAT

DES Key Found:
Key name ----------------- CLAUDIUS
Owned by user ------------- DEMO
Date & Time created ------- Tue Jan 03 21:51:27 1989
Keyvalue ------------------ f7-7c-88-cc-a2-54-66-88

VERNAM Key Found:
Key name ----------------- CHARON
Owned by user ------------- DEMO
Date & Time created ------- Mon Mar 20 15:15:22 1989
Keyvalue ------------------ Bewaretheidesofmarch

Key name ----------------- EREBUS
Owned by user ------------- DEMO
Date & Time created ------- Mon Mar 20 15:17:02 1989
Keyvalue ------------------ Mys-ti-cism

RSA Key Found:
Key name ----------------- HERMES
Owned by user ------------- DEMO
Date & Time created ------- Tue Mar 21 21:04:20 1989
Public key element N ----- 46575243895608955350340733197
Public key element E ----- 15525081298535680925471754839
Private key element D ----- Not revealed
Encryption key length ----- 29
Encrypt-Decrypt Blocksize - 8

REGISTER - Display IRIS registration details




The register command displays details of IRIS registration thus:

PC-Iris v3.7-0

UNMODIFIED copies of this program may be given to others for evaluation. This
program CANNOT be sold without written permission from Digital Crypto.

If you intend to make use of any Digital Crypto product, we would appreciate
your prompt registration. In return for registration you will receive:

The latest Digital Crypto disk
The latest full documentation set
A license agreement
Update notification & Telephone support

Single PC registration is $39.00 (USD) or equivalent local currency
South Glamorgan
United Kingdom CF6 2WB

Telephone UK: (0222) 711370 18:00 - 23:00 GMT

Contact Digital Crypto for details of VMS-Iris / UNIX-Iris / OS2-Iris,
access to source code / cipher libraries, customization, site licensing etc.
CIPHER - Perform MS-DOS file Encryption / Decryption


CIPHER /plain = /cipher =
/keyfile = /keyname =
/keyvalue =
/function =
/mode =
/algorithm =
/[no]echo_plain /[no]echo_cipher
/[no]brief /[no]binary /[no]upcase
/[no]space /[no]control /[no]punct


The cipher command is used to perform file encryption or decryption. A
minimum cipher command to encrypt a file is:

CIPHER /plain=ozy.txt /keyvalue=1C-72-9F-61-CB-A3-17-88 /function=encrypt

and to decrypt:

CIPHER /cipher=ozy.txt/keyvalue=1C-72-9F-61-CB-A3-17-88 /function=decrypt

The user may prefer to use the keyphrase packing feature thus:

CIPHER /plain=ozy.txt /keyvalue=bewaretheidesofmarch /function=encrypt
CIPHER /cipher=ozy.txt /keyvalue=bewaretheidesofmarch /function=decrypt

Note that IRIS overwrites the input file in both these cases, using the DOD
secure file erasure algorithm.

If the user wishes to retain the input file unchanged, the following
command may be specified:

CIPHER /plain=ozy.txt /cipher=ozy.cpr
/keyvalue=1C-72-9F-61-CB-A3-17-88 /function=encrypt

And to decrypt:

CIPHER /plain=ozy.txt /cipher=ozy.cpr
/keyvalue=1C-72-9F-61-CB-A3-17-88 /function=decrypt


/plain Plaintext filespec
/cipher Ciphertext filespec
/function Cipher function:
/algorithm Cipher algorithm:
/mode= Cipher mode:
ECB - electronic code book (default)
CBC - cipher block chaining (Unsupported in v3.7)
CFB - cipher feedback (Unsupported in v3.7)
MAC - message authentication (Unsupported in v3.7)
/keyfile Specify name of keyfile holding key to be used
/keyname Specify name of key to be used
/keyvalue Directly specify key value or key phrase
/erase Select file erasure mode:
AUTOMATIC - erase the input file automatically
CONFIRM - prompt for confirmation before erase
NONE - do not erase input file
/[no]echo_plain [Do not] echo plain text as it is read / written
/[no]echo_cipher [Do not] echo cipher text as it is read / written
/[no]brief [Do not] inhibit display of key details being used
/[no]binary [Do not] permit use of binary data
/[no]space [Do not] permit space characters
/[no]control [Do not] permit control characters
/[no]punct [Do not] permit punctuation characters
/[no]upcase [Do not] convert lower case input to upper case
EXIT - Exit from IRIS to DOS




The exit command returns the user to DOS


Maintaining key files

Keys may be submitted to the CIPHER command via keyfiles. It is the users
responsibility to edit and maintain these files using a text editor. When
editing IRIS keyfiles, use your editor in ASCII mode, eg: 'non-document'
mode in Wordstar.

The format of an IRIS keyfile is thus:

hash[Keytype][Keyname][Keyowner][wkd mmm dd hh:mm:ss yyyy][key1][key2][key3]

For example:

#[DES][CLAUDIUS][DEMO][Tue Jan 03 21:51:27 1989][f7-7c-88-cc-a2-54-66-88]
#[VERNAM][CHARON][DEMO][Mon Mar 20 15:15:22 1989][Bewaretheidesofmarch]
#[PLAYFAIR][EREBUS][DEMO][Mon Mar 20 15:17:02 1989][Mys-ti-cism]
#[RSA][T3][][Mon Mar 20 16:36:01 1989][1062961][353639][624059]

Any line NOT beginning with '#' is considered to be a comment.

Each field has the following function:

Hash - Indicates start of record
Keytype - Indicates the type of key: RSA, DES, VERNAM, PLAYFAIR
Keyname - Indicates the name of the key
Keyowner - Indicates the owner (user) of the key
Date - Indicates when the key was loaded
Key1,2,3 - Keyvalue(s)

Future enhancements to IRIS

The next major release of IRIS is expected to contain at least the
following enhancements:

Encrypted keyfiles

Individual key records may be stored in DES-encrypted format
requiring the submission of a key prior to use by CIPHER.

Support for all common cipher modes

ECB (Electronic code book) is currently supported
CBC (Cipher block chaining) to be implemented
CFB (Cipher feedback) to be implemented
MAC (Message authentication) to be implemented

Support for further cipher algorithms

More historically interesting ciphers will be implemented such as
the German WW2 ENIGMA cipher, the 'RUSSIAN SPY' cipher etc.

Non-volatile setup parameters

The SET function will be modified to store changed parameters

Full screen menu

A full screen interface to IRIS with pull down menu's will be provided,
although the current 'IRIS-cmd>' command line interface will be retained
as an alternative.

Cryptogram support

IRIS will support ASCII cryptograms which will be able to be exchanged
via E-Mail and BBS services. Currently, encrypted output is binary
(except for RSA) which causes problems with simple message transfer.

The format of an IRIS cryptogram will be as follows:

<<<::: PC-Iris v4.0-0 :::>>>
<<<::: Cryptogram Start :::>>>

1C AE 00 07 F3 ... (up to 80 cols)
FA 3B 12 6D ... etc

<<<::: Cryptogram End :::>>>
<<<::: RSA Public Key is N:12345678912345 E:123456789 :::>>>

Comments and suggestions regarding enhancements are always welcome.
Appendix A - IRIS Command Syntax Conventions

An IRIS command is built up from three components:

i] Command verb
ii] Symbolic assignment
iii] Directive

(Symbolic assignments and directives are collectively known as qualifiers.)

Command verb

A command verb is the name of a command. Valid command verbs are HELP, SET,

Symbolic Assignments

A symbolic assignment occurs when a symbol is equated to some text; for
example /KEYFILE = mykeys.dat is an example where the symbol /KEYFILE is
equated to the text 'mykeys.dat'


A directive occurs when a part of a command demands a true or false
reaction. For example: /NOBINARY and /ECHO_PLAIN.

Command parsing and syntax analysis

The IRIS command parser has several properties:

i] It ignores all whitespace (LF, TAB, SP etc)
ii] It converts lower case to upper case
iii] It expects symbols to be separated with a foreward slash (/).
iv] It allows abbreviation of any command down to a single character,
and resolves ambiguities on a first found basis.
v] It is not concerned with the order in which
the various parts of a command are entered.

Therefore, the following command:

CIPHER /PLAIN = ozy.txt /KEYVALUE = AC-1F-43-6B-11-73-8D-9A

Could be expressed as:

Cipher /FUN=encrypt /plaIN = OZY.txt
/KEYV = AC-1F-43-6B-11-73-8D-9A

Appendix B - IRIS Error Messages

Message Classes

IRIS can produce two classes of error message:

i] Standard IRIS format messages
ii] Internal error messages

Standard IRIS format messages

Most of the messages produced by the IRIS software will be standard IRIS
format, and have the following format:



SEVERITY Severity level indicator, can have the
following values:


IDENT An abbreviation of the message text

TEXT The explanation of the message

QUALIFICATION Not always present. Describes problem in
more detail.

Internal Error messages

Internal errors should never occur. An internal error is produced when a
software trap detects an exception condition which should not exist.
Receiving an internal error message is an indication that there is a
serious problem with the computer hardware, operating system or IRIS.

Internal errors have the following format:

Appendix C - Bibliography

R.L. Rivest A method for obtaining digital signatures
A. Shamir and public key cryptosystems
L. Adleman - Communications of the ACM
February 1978

Donald E. Knuth The Art Of Computer Programming
Volume 2 / Seminumerical Algorithms
- Addison Wesley

John Smith Public Key Cryptography
- Byte
January 1983

Martin E. Hellman The Mathematics of Public Key Cryptography
- Scientific American
August 1979

Whitfield Diffie Privacy And Authentication: An Introduction
Martin E. Hellman To Cryptography
- Proceedings of the IEEE
March 1979

D.W. Davies An Annotated Bibliography of recent
W.L. Price Publications on Data Security and Cryptography
- National Physical Laboratory
January 1980

Brian Beckett Introduction to Cryptology
- Blackwell Scientific

Meyer CRYPTOGRAPHY: A new dimension in computer
Matyas data security
- Wiley Interscience

David Kahn The Codebreakers
- Macmillan. New York.

 December 27, 2017  Add comments

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>