SJEA version 1.0 - Simple Java Encryption Algorithm
sjea.sourceforge.net
Last update: 10.01.2009

*** SUMMARY

SJEA is a simple command-line binary encryption algorithm written in JAVA.
The type of the used method for the algorithm can be described as 'symmetric
block cipher': http://en.wikipedia.org/wiki/Block_cipher using XOR methods.
It uses a password and a byte-vector array that replaces each byte of
the input file and produces a new file with the '.enc' extension.
The output file will be exactly five bytes longer than the original.
Thats due to the nature of the 'block cipher'. Each byte of the original is
replaced and the following byte sequence is added at the beginning of the file -
%ENC%. MD5 check sum is used for output verification. The encryption is
efficient to a certain level. The algorithm should be considered mainly for
educational purposes but also as an open-source solution for private use.

*** SCENARIO

Here is an example scenario:
John and Kate both have the encryption/decryption package. And they have
shared a password. John wants to send a secure file to Kate. He uses the 'enc'
tool to encrypt the file using the shared password. The action results the
creation of two files <original file>.enc and <original file>.md5. John can
choose to send only the '.enc' file or both the '.enc' and the '.md5' (for
increased security). When Kate receives the '.enc' file she can decrypt it with
the password. If a third party intercepts the secure file during transfer he
won't be able to open the file even if he has obtained this package of tools
because he still will be missing the password. MD5 checksum can be used by Kate
to check for the authenticity of the encrypted file.

*** WEAKNESSES

- A hack is possible if a third party has obtained this package and modifies the
decryption algorithm to write a password hacking extension. But still the length
of the password used for encryption has no limit so for bigger files and more
complicated passwords, hacking would be difficult.
- It is possible to write another tool to decrypt the 'output' file without 
knowing the password by looking for repeating bytes in large files. This is a
well common method in cryptography. The vector-array which is explained below
makes this much harder.

*** USAGE

To run the programs you will need the latest Java Runtime Environment (JRE)
which is normally installed by default on some systems.
You can obtain the latest version from here: http://java.sun.com
After installing the JRE you can run pre-compiled JAVA binaries (.class)
with the 'java <classfile>' command.

To encrypt a file:
  java enc <input-file> <password>
To decrypt a file:
  java dec <input-file> <output-file> <password>
To checksum verification:
  java chk <decrypted-file> <checksum-file>

Example command line scripts are provided in windows batch (.bat) format.

*** CIPHER

Here is a rough scheme which explains the algorithm in action.

Example: password - 'HELLO' (uppercase), vector array is 16 bytes (0-9,A-F)
The vector-array is static but the bytes in it are completely random.

     (bytes) 
      input:  THIS_IS_A_BYTE_STREAM     + (sum)
     vector:  01234567890ABCDEF0123     + (sum)
   password:  HELLOHELLOHELLOHELLOH     =
     result:  E(]Ñ ÀŒããm¡T3•`B9YÂ‡
     
     (bytes) 
      input:  AAAAAAAAAAAAAAAAAAAAA     + (sum)
     vector:  01234567890ABCDEF0123     + (sum)
   password:  HELLOHELLOHELLOHELLOH     =
     result:  2!U¿¿}òãÂp“=(tR6+Q¸
     
As you can see there aren't much repetitions due to the two layer processing.
These two examples are located in the "/example" folder. You can try to decrypt
them using the 'dec' tool and the password 'HELLO'.

*** SOURCE

The source code of all the three tools is located in the '/source' folder.
To compile a '.java' source file you will need the Java Development Kit
from http://java.sun.com.
An example compiler script is provided in 'make.bat' (windows).
(Path to the 'javac' /bin is required)

Some of the lines in the source are commented. If you need more in detailed
explanations for you study please send an email to the given email address at
the end of this document.

In future versions of SJEA more complicated algorithms might be presented.  

The SJEA source can be easily ported to other languages.
You can check Toba's JAVA to C compiler for example:
http://www.cs.arizona.edu/sumatra/toba/

*** GPL

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.

*** AUTHOR

Lubomir I. Ivanov (liteon)
neolit123@gmail.com
http://neolit123.blogspot.com