For

DMSEnvoy is a file encryption product for Windows 9x, 2000 and NT. It is aimed very specifically at point-to-point messaging - hence the 'Envoy' part of its name. It is independent of the method of transmitting the message - it can be by courier on removable media, by email, by ftp, or any method of transmitting files electronically. DMSEnvoy also enables members of a workgroup to communicate securely on a one-to-one basis using any electronic messaging platform, or by allowing users' files to be saved on the departmental server in an encrypted form.

It is easy to install from the CD-ROM, and easy to use, with a point-and-click interface, but there are no hotlinks into commercial email packages so its use is not transparent to the user, who has to fire up DMSEnvoy and encrypt a file before transmission. If you want to encrypt multiple files to send together, DMSEnvoy can use a single key together with a combining and compressing algorithm in a manner similar to PKZIP with a password.

The security of a system such as DMSEnvoy is determined by the strength of the encryption algorithm: For a given key length, symmetric (secret key) algorithms are far stronger than public/private key ones. For this reason, DMSEnvoy was designed to use 256-bit symmetric random keys. DMSEnvoy implements a choice of Rijndael, Serpent and Twofish, three of the five short-listed algorithms destined to be the preferred choice for US government use as a replacement for DES. These have been reviewed in public competition for the last two years.

Like all symmetric (secret key) systems, the weakness of DMSEnvoy is the problem of secure key distribution - the risk that keys can be copied in transit or during storage. Although you can use a key from the previous keyset to encrypt future keysets for transmission or storage, the first time you use DMSEnvoy, you must use a simple password encryption option to exchange the first keysets, and therefore you must already have a secure (but perhaps slower) channel of communication to exchange passwords.

More seriously, with DMSEnvoy, the keysets must exist in an unencrypted form during use. It relies on the user to ensure that unencrypted keys are not left lying around. As we all know, even the most fastidious and paranoid of users is subject to human fallibility. This is unlike Pretty Good Privacy (PGP), for example, which demands a password (known only to a single user, and which never has to be communicated) each time its private keyring is accessed. The difference is only partly because PGP is an asymmetric algorithm (which means that only non-secret public keys need be exchanged), but also because PGP never stores private keys in unencrypted form.

DMS Limited makes a point of the fact that, "We use 256-bit symmetric random keys. No single key compromise in symmetric can have escalating damaging effects like in public/private key systems." This is not an accurate generalisation about symmetric keys, but is true only in DMS' implementation because keys are changed for every session or transaction. If the same approach of changing keys every time they are used were adopted with an asymmetric algorithm, there would be no risk of escalating damage. The real weakness with asymmetric algorithms, such as PGP, is that, because they have been developed to solve the key distribution problem by making it unnecessary to keep public keys secret, users are lulled into a false sense of security and fail to change the keys often enough.

DMSEnvoy generates a random set of keys, each of which is used once only to encrypt a collection of files. A set of keys is generated and exchanged. Once initial keysets have been exchanged, subsequent ones can be sent encrypted using the current keyset. The initial key exchange may be carried out using trusted couriers to exchange the keyset, which may be stored on floppy diskettes, for example. There is also a facility to make this initial key exchange using a simple password that is used to encrypt the keyset - this password can then be notified separately. The password should be at least 16 characters, but preferably 32. Although we have called this password approach simple, it uses the same secure algorithms. However, even a 32-character password is necessarily an order of magnitude less secure than a randomly generated 256-bit key because, although the former also comprises 256 bits, it is limited to printable ASCII characters. Each keyset comprises one thousand separate 256-bit keys, each of which is to be used only once. The randomness of the keys is assured by using a seed based on hashing three files chosen at random by the user from his desktop.

Each keyset is generated for a particular pair of users and is used for transmission of information one-way only. Another keyset is needed based on the same pair of users for transmission of data the other way between the users. Each user has a different licence number for DMSEnvoy, and only a user using his own correct licence number can decrypt information that has been encrypted for him by his correspondent. So, to encrypt a message destined for another user, you must have a copy of a keyset that has been generated for that purpose, and which is also based on his licence number. This means that DMSEnvoy is designed primarily for one-to-one secure correspondence between two parties. Using the random keyset generator, you cannot encrypt a file for storage on a file server, say, to be accessed and decrypted by more than one user. By using the simpler password technique, you can, of course, encrypt files that can be decrypted by anyone who has a copy of DMSEnvoy and knows the password.

DMSEnvoy is licensed as a two-user or ten-user workgroup version. It also has two enterprise editions for large user numbers: Enterprise Central, in which a central administrator prepares key disks for remote users who can exchange data with the centre only (applications include sales manager and salespersons, or tutor with students); Enterprise Distributed, in which a central administrator allocates licences to users (who may include your suppliers and customers) and produces a 'virtual organisational disk', which users load and choose with whom they wish to communicate. Support enquiries are invited by fax only - surprising in this day of the Internet.
  

SC On-Line
SC Magazine
www.scmagazine.com