Encryption

I was asked recently whether it was possible to encrypt text offline for security purposes. 

The query arose from recent reports of an upsurge of email hacking and the resulting release of confidential information. having been aware of the susceptibility of email  systems to hacking, I produced an Excel workbook some years ago to answer a need for this type of encryption of sensitive information in emails....and indeed in other communications. The Excel version uses a simple transpositional cipher, and I have also converted it to HTML/Javascript to perform the same task, and extend access to tablets and phones . 

The encoder / decoder can be run  online via this page, or if you prefer, offline using any browser without connecting to the internet. You can download both the Excel workbook and the HTML file from my downloads page of you wish to work offline. The HTML file is also compatible with phone or tablet use and should run in any browser capable of handling javascript.

Please read the instructions in the box below the Encoder window if you'd like more detail on how it works...and how to get the best out of it.

Happy encoding....

Encoder Lite: Introduction

Most electronic communications nowadays already involve some form of encryption. The problem for the user is knowing how secure it really is….

Modern day hackers are resouceful beasts, and by no means all built-in message encryption is immune to their efforts…so why not add another layer of protection to your communications to make life more difficult for them ?

This HTML/Javascript utility is designed to provide a simple encryption / decryption facility to ensure your private messages are not intelligible to other unauthorised parties. It relies on both the sender and the intended recipient of the message each having access to the software  - the online HTML format makes this easier by allowing the file to be run directly from any browser. An even easier option is to use the online tool available above this box. 

Once both sender and receiver have access to the software,  all that is then required to communicate securely is to ensure both sender and recipient have the same KEYWORD. This is used to encode and decode the message. If the software is used via a stand-alone HTML file offline, you can also be sure that your unencrypted  source data is safe.  

Always beware of using free web-based encryption software offered on the net - there is no guarantee that the software  will not eavesdrop on your data once you have entered it.

The encoding software used in this utility is written in HTML and Javascript and is open source and without restriction. 

Although the software will accomodate messages up to 1750 characters long, the system is primarily designed for encrypting short sections of sensitive text within messages.

How it works

The sender chooses a suitable KEYWORD (between 7 and 16 characters long) and enters it into the first box. (Any character string composed of LETTERS is valid - it does not have to be a dictionary word and preferably should be randomly arranged - you can use upper and lower case in any order).  

The sender then enters the portion of the text message that requires encryption in the box labelled 'Input' and clicks the ENCRYPT button. The system then encodes the message and displays it in the 'Output' box using the keyword provided. It also copies the encoded text to your clipboard. You can then transfer this  direct to your email or alternative communication system and send it to the recipient. You should also provide your recipient(s) with the keyword  separately   (as discussed below, please make sure this is via another secure electronic means and not the same email !).

The recipient, who must have access to the same software, then transfers  the encoded message text to their Input box, having first entered the agreed KEYWORD into the box above it. 

When the DECRYPT button is clicked, the system will decode the message using the KEYWORD and display it in  the 'Output ' box. 

As discussed, for security reasons the keyword should NOT be sent with the message, but emailed separately or, better still, agreed beforehand using another means of communication (e.g. a text message). Once again, the decrypted text is transferred to the clipboard for convenience, and can be pasted back to the received email, or stored elsewhere as appropriate.

Discussion and Comments

The level of security provided by this software is moderate to good, and should prevent access by all but the most determined hacker. Its power lies in the number of possible combinations of 26 upper and lower case letters in the KEYWORD.  An added level of security can be added by using the software as a 'one time pad' (i.e. keywords are never re-used) and messages are kept relatively short, avoiding obvious 'cribs' such as salutations or known names.  

NB: only those sections of the message you wish to keep confidential need to be encoded, although you should note that a message containing encoded sections may draw the attention of hackers to the message as a whole.

The number of possible combinations of 26 upper or lower case letters using keywords between 7 and 16 letters long is of the order of 5.6 x 10^25. 'Brute-force' code-break within a finite time would thus be difficult if not impossible with standard computing equipment.

The encrypted text is converted using an internal array matrix and transposed. Spaces between words are also encoded in this version, providing an additional level of protection.

Any alphanumeric text string containing the characters shown in column 2 of the code table may be encoded / decoded. Any unrecognised characters  will be omitted from the encrypted text.

Hints and Tips

·        To ensure maximum security, it is recommended that the system is used as a 'one time pad' i.e. using each code keyword once only. This minimises the risk of the code being broken.  

·     Remember to NOTE YOUR KEYWORD when encoding and supply it to your correspondent(s) before sending the message.

·     Please note that formatting information (e.g. paragraph spacing, carriage returns, etc. cannot be encoded, and will therefore be ignored by the encoder. Please ensure also that no formatting characters are included in the plain text for decryption.

How does the encoding and decoding actually work ?

The encryption used is based on a simple transpositional cipher. A detailed list of the steps carried out is shown below.

Encryption process:

1) The agreed keyword is entered 

2) The program assigns numbers to columns in a table matrix based on the alphabetic order of the keyword characters;

where the same letter is used is use more than once, sequential columns are assigned, with the first occurrence placed first (e.g. for the message: "The quick brown fox jumped over the lazy dog" column 1 would be assigned to letter C as the first alphabetically).

3) The minimum number of rows required to accommodate all encodable characters using the assigned columns is calculated (e.g. for the example message a 7 x 7 matrix with 49 positions is assigned to accommodate the 43 characters including spaces). Any vacant spaces on the last row of the table are assigned as "." Characters

4) Encryption is done by arranging the characters in each COLUMN sequentially, using their column NUMBERS

(e.g. for the example message, using the keyword ENCODER the text would start "e fpra." corresponding to column 1 and continue with "qrxdty." coresponding to column 2 etc.)

Decryption:

1) The agreed keyword is entered.

2) The system creates a table matrix corresponding using the keyword, as described above under encryption

3) The message text is split into strings based on the assigned column numbers

e.g. for our sample message, the first 7 characters "e fpra." would be placed in column 1, then the next 7 charcters ""qrxdty." in column 2, etc.

4) The end result of this process is that the original encryption matrix is recreated. 

5) The final step is to read each column using sequential column numbers and concatenate the text.

The final message decrypt may contain a few extra "." characters at the end - these may be deleted as required.

Use with Phones and Tablets

Although the program was originally designed for use on a pc platform, it works equally well from a tablet or phone. To access it, first transfer the HTML file to your phone's Download directory. You can either run it from a file manager, using your preferred browser as the vehicle, or directly via the browser itself (e.g. for Android chrome, type in the following URL to the top search box:    file:///sdcard/ 

Your browser should produce a directory listing, from where you can select the html file from your download directory - touch the file's listing and it should load and run.   I'd recommend you bookmark the file's full URL on first use - this will avoid your having to type it in each time you want to use the Encoder. You can of course use the encoder offline - just switch off your wifi / network connection and you can be sure of full confidentiality for your source material.