This is the Java 1.1 port of the ICE file encryption program.

The source contains a number of methods that are only available
in Java 1.1, namely the constructor String(byte[], int, int)
and the method String.getBytes().

If you do not have a Java 1.1 setup, you will need to get a copy
of the 1.0.x version instead.


The Java version of icecrypt has some limitations with respect to
the Unix C version. They are

- Does not suppress echoing of characters during keyboard entry
  of passwords. I couldn't find a Java method to do it.

- Does not preserve file permissions when files are encryped and
  decrypted. Java does not seem to provide methods to get and set
  file permissions.

- Does not check the name of the executable, and automatically
  perform decryption if the name begins with "de". You'll have to
  use the -D switch instead.


The class containing the main function is "IceCrypt.class". It has
been compiled with executable permissions set, so if you have a Java
enabled operating system, such as Linux 2.x, you can run it as a
straight executable. Otherwise run it with "java IceCrypt".


Usage: IceCrypt.class [-C][-D][-N][-Z][-p passwd][-l level][filename ...]

IceCrypt is an application for encrypting and decrypting files using
the ICE (Information Concealment Engine) encryption algorithm.
The data is encrypted in Cipher Block Chaining (CBC) mode, with an
initialization vector by default obtained from the current value of
the Date.getTime() method.

The ICE encryption algorithm allows key lengths of any multiple of 64
bits by specifying the encryption level. Specifying a level greater
than 1 allows long passwords, and correspondingly higher security.
The drawback is slower encryption.

This program only uses the lower 7 bits from each character in the
password, so the first 10 characters are significant when using
levels 0 or 1. For higher levels n, the key size is 64n, so the
useful password length will be (64n + 6)/7. Short passwords will
be padded out with zeroes.

When encrypting, a new file will be created with a .ice suffix, and
the original file deleted. Before deletion, the original file is
overwritten with zeroes to minimize the chance that the data remains
in the filesystem. If no files are specified, data will be read from
standard input.

For decryption, the files must have a .ice suffix, or there must be a
file.ice for every file. The program  will check that the data is
ICE-encrypted, but it will give no indication as to whether the correct
password is being used, so beware.

The encrypted file format contains "ice" as the first three characters,
followed by the value of the character '0' added to the ICE level being
used. The next eight bytes contain the initialization vector, followed
by the actual encrypted data. This information, plus padding of the last
block, will increase the file size by between 13 and 20 bytes.

Options

  -C	Send encrypted/decrypted output to standard output.

  -D	Decrypt the data.

  -N	Do not ask for confirmation of the password when an interactive
	password is required. By default, the user has to type the
	password twice.

  -Z	Use a zero initializing vector. Only useful if identical files
	have to encrypt identically. The initializing vector is otherwise
	set from time of day information. In the case of decryption the
	vector is read from the data anyway, so this flag is ignored.

  -p password
	The password used to encrypt/decrypt the data. If this is set,
	no interactive password is required.

  -l level
	The ICE level used to encrypt the data. Defaults to 1. This is
	ignored during decryption, since the level information is stored
	in the data.


Examples

The following command will encrypt the file "foo", and store the result
in "foo.ice". The user will be prompted twice for a password, which will
have the first 10 of its characters used.

	IceCrypt.class foo

The next example will encrypt the same file with a command-line
password using level 2 ICE.

	IceCrypt.class -l2 -p"The first 19 charac" foo

The resulting file can be decrypted with

	IceCrypt.class -D -p"The first 19 charac" foo.ice


This application was written by Matthew Kwan, who can be reached at
mkwan@darkside.com.au
