Commandline encryption and decryption

fpwdman uses SBC encryption to protect the file of passwords. To facilitate skeptical users' cryptanalytic attack on SBC, as well as to produce two useful little tools, the sbc subdirectory of the source distribution also builds two command line tools.

Under Unix, they are built by 'make all' in the sbc subdirectory. They are demonstrated by the script, which is invoked by the overall script Under Windows, they are built using the and project files under Dev-C++.

The command line tools are covered by the same legal disclaimer: use them entirely at your own risk. Like almost all software.


To SBC encrypt a file "mars.jpg" into "mars.jpg.sbc", issue the following command:

ensbc -file mars.jpg -key s03z5L6y6hlxztRa

You can provide a "-seed string" argument to specify a particular seed string for the PRNG that generates the file's random initial vector. This can be any valid string. Under Windows, this option is mandatory. Under Linux, if you do not provide a seed, it will use the default method of drawing random bits from /dev/random. If there is not enough entropy in /dev/random, it will wait until system activity provides enough. The Unix commandline "man urandom" will explain more. You can help it along by typing, moving the mouse, or otherwise stimulating the system to do something.

It will use the suggested default parameters of SBC, as described in the technical paper on SBC. The encrypted data includes not only the plaintext of the file, but also a digest of that file. This enables integrity checking after decryption. The 'digest' used by ensbc/desbc is a 4-char digest, while fpwdman uses a 3-char CRC digest. Hence, they can not read or decrypt the files used by fpwdman.

The 'key' argument obeys the usual Unix rules. For a simple string like the above example, no double quotes are needed. A key including spaces, like "Foo Bar Baz", would require double quotes.


To decrypt the provided file "mars.jpg.sbc" into "", issue the following command:

desbc -file mars.jpg -key s03z5L6y6hlxztRa +zlib

Notice that you do not need to provide either the sbc suffix on the input file or the cbs suffix on the output file. The mars.jpg file used by and the mars.jpg.sbc and files generated by the above commands are included as examples in the source distribution. Files encrypted on one OS are decrypted on any other OS on which the command line tools are available.

The "+zlib" argument means that zlib should not be used during decryption. This particular file was encrypted before zlib was added to the command line tools, so it must be skipped upon decompression. The default on both encryption and decryption is to use zlib; the "+zlib" argument skips it.

You should see the following MD5 digests for the example files in the source distribution:

The desbc program will check the digest of the decrypted message against the decrypted digest. They should match. If not, either the wrong password was supplied or the file was somehow corrupted. If the digests do not match, no .cbs file is generated, and a notice of the failed decryption is displayed.