Bifroest Mr. Tines MacCTC CTCjava Manual Pages
Bifroest Mr. Tines CTC Home CTClib MacCTC CTCjava Manual

MacCTC User Manual

MacCTC is a PGP-compatible Macintosh encryption program. It is not truly a version of PGP as it is a nearly complete rewrite of PGP.

Commerically Usable

Unlike most 'official' versions of PGP (since version 2.3), CTC is still commerically usable Freeware. See the legalities page for further details.

General Points

  1. Most operations that take a long time can be stopped (aborted) by holding down the Command key and pressing '.' (period).
  2. Most windows have Balloon help. If you are using the program for the first time you may find it helpful to switch it on Balloon help.

Hints

  1. Reading in keys. There isn't an explicit read-a-key function. Reading a key, or decrypting a file are the basically the same operation. MacCTC reads the file, and the file format tells the program whether it is keys, cyphertext, signed plaintext, etc. Any of the decryption operation from the Encryption menu will read in keys.
  2. There can be long delays. Some operations especially using very long keys or keys using the new PGP5/6 algorithms can be very slow. (e.g. On my 120Hz 603, it takes 5 minutes to encrypt to a 4096 bit ElGamal key.) I am afraid that you just have to wait. The implementation is not particularly inefficient. There really is a vast amount of arithmetic to do. [If corresponding with other CTC users, use Elliptic-Curve keys. They are very  fast.]

Text Editor

MacCTC functions as a simple text-editor at about the level of SimpleText. This allows the user to read, compose and edit text documents. This is the normal method of manipulating plaintext. The whole of the File, Edit  and Windows  menus are entirely straight forward text edit operations with no cryptographic functions. (Unless you count the ROT13  operation in the Edit  menu as cryptographic.)

Preferences

On first start up you need to select all your preferences. If you don't understand what any of the entries are about, switch on Balloon Help.

Program Facilities

There are a bewildering variety of potential operations. However they mostly fall into two categories:-

"Encryption"

Converting normal files into PGP-format files. This may include any mixture of MacBinary[1] conversion, compression, encryption, signature-generation and ASCII-armouring. To do any of these with MacCTC select encrypt from the encryption menu, and then select the options that you want.

"Decryption"

Converting PGP-formated files into normal files. This may include any mixture of unArmouring, signature-verification, decryption, decompression, and MacBinary extraction. In addition, this is also the operation used to import keys.

Cryptographic Operations

Most encryption/decryption operations are controlled from the encryption  menu. Currently the only exception is the automatic encryption of incoming Eudora e-mail.

Encryption

There are three variants of the encryption operation, allowing the encryption of the current window, the current clipboard or a file. In the last case, you must select a file to encrypt with a normal file open panel. Once the document to be encrypted is selected, the Encryption panel is displayed. This allows the selection of the various encryption options.

N.B. Not all combinations are meaningful.

Algorithm

This selects the Symmetric Cipher used to encrypt the message itself.

Encryption Mode

There are five options here.

None (Armour Only)
This merely ASCII armours the file. Note that in doing so it wraps the file in a PGP-format file. This means (regretably) that this option with uuencode armour is not extractable purely with Unix uudecode.
Sign Only
This generates a signature without encrypting. Whether it is a plain-signed block or a detacted signature depends on the File Format selected.
Encrypt Only
This encrypts without signing. If you choose this option or Sign & Encrypt you must select some recipient keys.
Sign & Encrypt
This signs the message and then encrypts it to the recipients selected.
Conventional Encrypt
This is to encrypt based on a pass-phrase, rather than two one or more public keys.

You can only sign (with or without encryption) if you have previously selected a signing key. You select a signing key with the Signing Key  sub-menu of the Keys  menu.

File Format

The following output formats are available:-

None (Binary)
The output is a binary file. This is only valid if the Destination is a file
PGP Plain-signed
The text is wrapped in a PGP plainsigned block. This is only valid if the Source is text and the Encryption Mode is Sign Only.
PGP Armour
PGP style ASCII-armour.
UUencode
UUencode style ASCII-armour.

Text Source As

This defines what (if any) preprocessing is done on the file prior to encryption.

Text
means that the file is preprocessed into PGP's standard text format so that it can be converted to the right local format on the recipients machine. This is appropriate for ASCII text documents.
Binary
means no processing at all. This is appropriate for most files, but it will loose the resource fork of the file.
MacBinary
means processing into a MacBinary (data and resource forks together) so that the whole file can be recovered on another Macintosh. Don't use this when sending to people who don't have Macintoshs. This is a Mac. specific format.

Destination

Defines where to send the ciphertext. This may be to a file, to the clipboard or into Eudora's OUT box as mail message.

Recipients

Unless using conventional encryption you must select at least one recipient.

Tip: If you select a recipient by accident, you can delete it by double clicking on the name in the recipients list.

Once you have selected all the right options click on Okay.

Decryption

Decryption is simpler than encryption as the format of the file tells the program what to do with it. If it needs a pass-phrase it will ask for it. If it needs store a binary file it will ask you where to put it. If it finds text it just displays it. If it finds a key it will ask if you want it added to the key-ring. The same operation is done if Eudora receives incoming mail and MacCTC finds any PGP-format blocks.

Eudora

The Eudora interface (via AppleEvents). This is the most advanced bit. If you have selected an Eudora settings file with the "Mail Program" in preferences and you then select "mail" as encryption destination, the ciphertext is automatically inserted into Eudora's OUT box addressed to the mail addresses extracted from the key Id.s.

If you have selected "Process mail on Arrival" then Eudora will send notification of all mail messages to MacCTC. When it finds any with PGP-armour in it grab the text, moves the message to the "Read Messages Folder", and then decrypts them.

Key Management

In MacCTC (as in PGP) the management of session keys is automatic and not normally a direct concern of the user. Hence the user will have to generate and manage PKE key pairs. There are two key-ring  files that are used for this. The Public Key ring contains all the Public keys available to the user and the Secret Key ring that contains the Secret keys.

MacCTC reads the whole of both on startup. It reads everything from the Secret Key ring and closes the file. However it doesn't load the whole of all the Public keys into memory, so it keeps that file open to refer to it. It generates a lookup table for the whole of the public key ring so that it can directly access any key if it needs it. This makes MacCTC's key access very fast.

Any key that is added during the course of the program run is initially only added to the in-memory tables. If you want to save the key permanently you have to save it to the appropriate key-ring file. MacCTC will remind you on closing if there are unwritten-back modifications to the in-memory key-rings.

Key Generation

To generate a new key pair, select "Generate Key" from the "keys" menu. MacCTC will generate RSA or Elliptic keys. Elliptic curve are generally only usable for communicating with other CTC implementations. MacCTC will generate normal PGP-classic dual-use keys, or later-version encrypt-only or sign-only keys. MacCTC will not encrypt with a sign-key key. However it will verify signatures with any key. (If the owner of the key has since modified to be able to sign with a formerly encrypt-only key, who am I to prevent you from verifying the signature.) I recommend against generating encrypt-only or sign-only style keys as older variants of PGP cannot use them. There are three possible prime number selection algorithms. In each case, the random starting point is selected. The top few bits are selected (partly randomly) to mean criteria, like the modulus being the requested length and the primes not being too close in value, and the rest of the starting point is fill in with good quality random data. The variation is in how we search from that value for a prime.

Increment by 2
This is the simple approach. The candidate value is successively incremented by 2 until a prime number is found. This has the (very slight) weakness that it is biased towards primes that and much larger than the next smallest prime.
Random increment
This approach is the same except that the increment is not 2 by a random 32-bit number. (Not quite random; it must be mutually prime with the starting point or we would never find a prime.) This should reduce the bias towards some prime numbers. The improvement is pretty margin, but the extra time taken is negligable.
(N-1)/2 Prime
This is the same search method as Random Increment  but candidates are rejected unless (N-1)/2 is also a prime number. This is much slower. Whether this is really an advantage is arguable. It is up to you.

You must also select the length of the key and the exponent value. MacCTC currently generates keys between 512 and 4096 bits in length. Keys longer than 1024 are not handled by all versions of PGP. Keys longer than 2048 are hardly handled by anything, apart from CTC. (As far as I know CTC has no limit on key size below the PGP file-format level of 65535 bits, but there is no justification generating such keys.) I recommend the default of 1024. The length field is ignored for Elliptic curve keys. These are a uniform size.

You must also select a name for your key. I strongly recommend that this should include your e-mail address in angle-brackets "Your fullname <your-username@your.domain>". This is especially important with MacCTC as it extracts the e-mail address from the key name when sending mail. If you don't do this it will make it harder for other CTC users to send you e-mail. Once all options are selected press okay.

MacCTC will then ask you for a Pass-phrase to protect your key with twice. Make sure this is something that you can remember. Once you have done this there will be a pause of a few minutes (it varies with search algorithm, key-length, processor speed and plain luck).

MacCTC automatically signs the key and the name you have allocated to it with the key. This proves that the owner of the key intended the key to have that name. For this reason, you should always sign your own keys this way, so MacCTC does it for you.

When the key generation completes you will be asked for two file names. One for the new public key file (for circulation to friends, servers, etc.) and a key revocation certificate.

Generating a key revocation certificate (i.e. a file saying "this key is no-longer valid") on generation may seem a little odd. However it is insurance against your forgetting your pass-phrase. This file cannot compromise the key but can be used to revoke the key at any time. Keep a back-up of this file and then you will always be able to revoke the key. However don't send it to the servers until you mean it.

Edit Key Window

This is accessed (for any key) from the Edit Key... window.

Many of the operations in this window require secret keys. If the key has not already been decrypted MacCTC will prompt for the pass-phrase when required. If the key itself is being modified (e.g. adding a new username, or changing pass-phrase) then MacCTC will prompt for the pass-phrase even if it has been given. (This is deliberate to minimise the risk of an unattended machine being used to modify a key.) Note that while the window is open the Signing Key menu remains available to allow the user to select a new signing key.

The edit key window is in three parts. The top section shows the basic attributes of the key (algorithm, size, fingerprint, etc.). As yet CTC does not manipulate secret keys that consist of separate encryption/signing keys. Accordingly it treats such public key pairs as a single key with two algorithms and sizes. There are four buttons in this section which apply to the key itself.

Enable/Disable Key
This toggles whether the key is enabled; the button text changes it indicate the operation current available.
Discard Key
This deletes the key from the current key-ring and dismisses the window.
Revoke
This revokes the key; this button is only enabled in the secret key is available.
Change pass-phrase
This changes the pass-phrase for the encryption of the secret key; this button is only enabled in the secret key is available.

The middle section displays the usernames of the key. This will display up to four usernames without having to scroll, but will display any number. You may select one (but only one of these usernames).

Discard Username
This deletes the selected username from the current key-ring. This is available only if a username is selected.
Add Username
This adds a new username to the key and is available only if the secret key for the key being displayed is available.
Sign Username
This signs the selected username using the current signing key. This is only available if both a username and signing key are selected, and the signing key has not already signed the username

The bottom section displays the signatures for the selected username. The first character on the line indicates the status of the signature.

Tick character
The signature has been checked, by the program. (Note: MacCTC does not trust "Trust Byte"s for this. Signatures only get a tick if this run of MacCTC has actually verified it.)
?
The program has not checked the signature yet. If it hasn't got the public key to check it with or the key is for an unknown algorithm it will never be able to check it.
!
The signature has been checked and did not verify.

At the bottom there are the following buttons.

Discard Signature
Delete the selected signature from the key ring.
Signature Details
Displays a signature details panel for the signature.
Check Signatures
This checks all the displayed signature for which the keys are available. (It typically reduces the number of signatures marked with '?'.)
Okay
Dismisses the window.

Signature Details Window

This is displayed as the result of clicking on the 'Signature Details' button in the Edit Key Window. This is a read-only window that displays the full details of the signature.

Collecting Random Data

MacCTC needs a lot of random data to generate a public-key pair. It uses a lot of random data to make the key selection as random as possible. Unlike early PGP, MacCTC does not have a randseed.bin  file, as this file can be tampered with. MacCTC gets all its random data by sampling mouse position during the program run. It does this in background so if the program has been running sometime it may have enough. However if you are do a key generation immediately after starting it, it won't have enough yet. In this case, the random panel appears requesting that you move the mouse around a bit to accumulate data. It doesn't usually take long. If the bits needed count stops reducing, click the mouse in the window occasionally as you move it. (This sometimes happens; I am not sure if it is the window failing to refresh or genuninely not collecting data.)

How random data is collected is a critical subject for cryptography so I expect a lot of interest in how MacCTC does it. Simply it is by sampling mouse position, about 10 times per second. It treats each co-ordinate (X and Y) independently. First it checks if the value is close to its maximum or minimum value. That is if the cursor is on the edge of the screen. If so it rejects the value completely. Then it checks how far the value has changed since last time. If it has changed 16 pixels or more, it takes the least significant bit of the value as random. If it has changed 32 pixels or more it takes the second least significant bit as well, and so on until it takes 4 bits from a move of 128 pixels or more. It never takes more than four bits from a single value. This raw data is then hashed through MD5 to produce the bytes actually used by as random by MacCTC.

Anyone requir