John Shelley created the excellent bcrypt utility, which Philip Stolarczyk ported to Windows. Bcrypt is a cross platform file encryption utility.
Unfortunately the Win32 port is quite useless IMHO because the passphrase is echoed to stdout (i.e. the console) whilst it is being keyed in.
I’ve created a tiny patch which fixes that. This hasn’t been tested very intensively, but it might work for you. This a a context diff (diff -c) and a statically linked Win32 binary is also available (statically linked means you don’t need the Zlib DLL) Note: due to the terribly simplistic interface, all non-printing characters including backspace will be added to the passphrase that is entered.
*** keys.c.original Mon Oct 17 19:28:09 2005 --- keys.c Mon Oct 17 19:49:36 2005 *************** *** 10,15 **** --- 10,37 ---- #include "includes.h" #include "defines.h" #include "functions.h" + #ifdef WIN32 + #include <conio.h> + #endif + + void key_input(char *key) + { + int i; + + for (i = 0; i < MAXKEYBYTES; i++) { + key[i] = getch(); + putchar('*'); fflush(stdout); + if (key[i] == 0x0D) { + key[i] = '\n'; /* remain compatible with fgets() */ + key[i+1] = 0; + break; + } + } + if (i == MAXKEYBYTES) { /* no enter pressed */ + key[MAXKEYBYTES] = '\n'; + key[MAXKEYBYTES+1] = 0; + } + } char * getkey(int type){ char *key, *key2, overflow[2], *ch; *************** *** 21,26 **** --- 43,49 ---- term = termsave; term.c_lflag &= ~ (ECHO | ECHOE | ECHOK | ECHONL); tcsetattr(fileno(stdin), TCSANOW, &term); + #else #endif if ((key = malloc(MAXKEYBYTES + 2)) == NULL) *************** *** 29,42 **** --- 52,73 ---- memset(key, 0, MAXKEYBYTES + 2); fprintf(stderr, "Encryption key:"); + #ifndef WIN32 fgets(key, MAXKEYBYTES + 1, stdin); + #else + key_input(key); + #endif /* blowfish requires 32 bits, I want 64. deal w/ it */ while (strlen(key) < 9 && type == ENCRYPT) { /* \n is still tacked on */ fprintf(stderr, "Key must be at least 8 characters\n"); memset(key, 0, MAXKEYBYTES + 2); fprintf(stderr, "Encryption key:"); + #ifndef WIN32 fgets(key, MAXKEYBYTES + 1, stdin); + #else + key_input(key); + #endif } if (memchr(key, (char) 10, MAXKEYBYTES + 1) == NULL) { *************** *** 52,58 **** --- 83,93 ---- memset(key2, 0, MAXKEYBYTES + 2); fprintf(stderr, "\nAgain:"); + #ifndef WIN32 fgets(key2, MAXKEYBYTES + 1, stdin); + #else + key_input(key2); + #endif if (strcmp(key, key2)) { fprintf(stderr, "\nKeys don't match!\n");
I’ve informed both John and Philip about it:
John, Philip,
I’ve created a tiny patch to your bcrypt utility (http://bcrypt.sourceforge.net/) which disables
echo of the keyed in passphrase to stdout. If you are interested, it is located at http://wiki.fupps.com/software/bcrypt
Kind regards,
-JP
— Jan-Piet Mens 2005-10-17 20:08
In order to easily transport the content of a bcrypt-encoded file (or any other binary file for that matter), I like converting its content into 7bit ASCII, enabling inline mail transmission (or even a printout!) for example. A uuencode or a conversion to Base 64 will do the trick. These invocations will do the trick nicely, depending on which tools you have. To encode (convert from binary to ASCII) use any of
uuencode file.bfe > file.ascii perl -MMIME::Base64 -0777 -ne 'print encode_base64($_)' < file.bfe > file.ascii openssl enc -a -in file.bfe out file.ascii
and to decode (i.e. convert from ASCII back to binary) use any of
uudecode file.ascii perl -MMIME::Base64 -ne 'print decode_base64($_)' < file.ascii > file.bfe openssl enc -a -d -in file.ascii -out file.bfe