MyPlanetSoft.com

A2 Encryption Tool Help

MyPlanetSoft.com Freeware Download

A2 is an advanced command line password based free strong encryption program for Windows. A2 requires Microsoft .NET runtime (1.0 or any upper version) to be present in your system.

KittyXplorer has many more unique capabilities, and can directly view the encrypted archive data, featuring a graphical interface similar to the Windows Explorer.

Encryption

A2 supports several encryption algorithms (in CBC mode), that can be specified with the -a option:

  • AES128 AES192 AES256 - Advanced Encryption Standard (AES) with 128, 192, and 256 bit keys
  • BF128 BF192 BF256 BF448 - Blowfish with 128, 192, 256 and 448 bit keys
  • SER128 SER192 SER256 - Serpent with 128, 192, and 256 bit keys

The following algorithm:

  • RJ128, RJ192, RJ256 - Rijndael, is the same as AES, but uses .NET implementation

The following algorithms are also supported by the A2 tool, but not supported by KittyXplorer as they are weaker than the ones above:

  • DES64 - Data Encryption Standard with 64 bit key
  • TDES192 - Triple DES with 192 bit key
  • RC2_64, RC2_128 - RC2 with 64 bit and 128 bit keys

Default is RJ128 ( -a RJ128 ).

^ top

Command Options

For more help regarding the A2 options, other than explained here, refer to the 'a2.exe' command line help. The command line help has the following format:

An option inside <...> signs denotes a section name explained latter in the help. If an option is inside square braces [...], it means that is it optional. A pipeline | character separates alternatives. Only one of the alternatives can be used at a time. Braces (...) are used to logically group alternatives. Both minus sign '-' and slash '/' can be used to start the options. Options can be specified in any order, but the order of the arguments of an option must be respected. For example '-a DES64 -d' is the same as '-d -a DES64', but 'DES64 -a' is an error, whereas '-a DES64' is ok.

^ top

Encrypting and Decrypting Files

To encrypt / decrypt files with A2 you need to specify:

  • The encryption algorithm with -a option. Default is RJ128.
  • The password and the interation count (-t option).
  • The files or directories to be en / decrypted (use the -d option to decrypt).
  • Other options parameters such as the encrypted files' suffix etc.

The simplest way to enter the password is using the -p option:

To encrypt: a2 -a DES64 c:\data\*.doc "d:\my dir" -p "p a s s"
To decrypt: a2 -a DES64 c:\data\*.doc.a2 "d:\my dira2" -p "p a s s" -d

Any argument not starting with '-' or '/' is treated as a file, file pattern, or directory. Wildcards '*' and '?' can be used for only for file name patterns. They cannot be used to specify directory names. If a directory is specified, all its contents will be processed recursively. Only files and directories that exist, will be processed. A list file can also be specified with the -l option. Each line, in the list file, should contain a single file, file pattern, or directory (list files do not work with archives).

By default, encrypted / decrypted files are written in the same directory as the original file. Directories are written in a directory with the original name and 'a2' added to it in the same level. To specify another directory root use the -o option. The default encrypted file suffix is '.a2'. To specify another suffix for encrypted files use the -s option.

By default, A2 will throw an exception if a new file about to be written, already exists. However, if you specify the -eo option, A2 will overwrite existing files. Otherwise, if you specify the -er option, A2 will automatically rename the new file about to be written, to a unique name (by adding a number after the name).

^ top

Text Encoding

Text encoding is useful if you need to send encrypted data as text with email.

A2 clipboard operations encode encrypted text data, as text base64 by default (the -s64 option). To encode the encrypted data in base16 use the -s16 option. The text to be decrypted in clipboard must also be in the right baseXX form.

Base64 and base16 encoding options can be used also directly, to encode binary files as base64, or base16 text files. For example, if you save the encrypted clipboard text, which is base64 encoded in a text file 'encrypted.data.txt', you can convert it later to a normally a2 encrypted binary file using:

a2 -td encrypted.data.txt

The resulting 'encrypted.data' file will be in the binary form. To encode a binary file to base64 text use:

a2 -te encrypted.data

During text decode, all other characters, apart of 0-9, A-F, a-f for -s16; and 0-9, A-Z, a-z, +/= for -s64; are ignored. This means, for example, that NEWLINE has no meaning and you can break the lines freely.

^ top

Encrypting and Decrypting Clipboard Text

You can encrypt / decrypt the text in clipboard using the -c option:

To encrypt clipboard text: a2 -a DES64 -c -p "p a s s"
To decrypt clipboard text: a2 -a DES64 -c -p "p a s s" -d

You can also encrypt / decrypt files / directories at the same time:

a2 -a DES64 -c -p "p a s s" "d:\my dir" -l c:\listfile.txt

To encrypt email text, copy it in the clipboard, encrypt the clipboard text as above and paste it again to the email editor. To decrypt email text do the same, but run the decrypt clipboard operation.

^ top

Entering a Password

An A2 password is a text string. Optionally, you can also change the interation count (-t option), used to generate the internal key from the password.

There are several ways to enter the password:

  • By default, if you do not specify a password, A2 will ask you to type it (-pt option).
  • You can specify the password at the command line using the -p option. You can also use a more secure way of typing a password, using the -ps or -pl option.
  • The password can also be copied from a file (-pf option) or from clipboard (-pc option).

Only one of these methods should be used. If you specify more than one, the last one will be used.

Optimally, you can use the -g option, to generate a very long password, and store it safely if you cannot remember it:

a2 -g 8

The password generated by -g is written in standard error. To store it in a file use:

a2 -g 8 2> pass.txt

The -g option can also auto calculate a minimum safe password length based on the key length of an encryption algorithm (specified with -a). For example, if you are using RJ128, the internal key length is 128 and if you use:

a2 -g K128

Then a password of 22 characters will be generated. This option always round up the number after K to the nearest bigger key size supported: 64, 128, 192, or 256.

^ top

Compression

By default, the files encrypted by A2 are not compressed before encryption. If you use the -z option the files will be compressed (zipped), before they are encrypted. If files are encrypted as compressed, then -z must also be specified during decryption with -d.

A2 does the compression of the files in memory during encryption. During decryption of the compressed files, each file is decrypted in memory and then it is decompressed (unzipped). This means that the -z option may not be suitable for very large files. If you want to compress very big files, compress them before with another tool. Then use A2 to encrypt them, without the -z option. Otherwise, you can use -ze, -zd, to explicitly zip / unzip a big file, before encrypting or after decrypting it. The -ze, -zd options write the results in the hard disk and can be used to process arbitrary big files.

Because of the CBC mode of encryption supported by all A2 algorithms, there is no need to compress files to remove data patterns from them, before you encrypt them. The CBC mode properly hides any plaintext patterns. Its implementation in A2 also hides patterns between different files and between the different copies of a file encrypted with the same password data.

^ top

Verifying File Integrity

The -f option prints a secure hash value of 32 bit (parts) based on SHA256. You can use it to verify the integrity of a file, for example, of a key file.

a2 -f myplanetsoft.jpg

Using -f with text-encoded (base64 or base16) files may produce different results in different systems, because of the different ways different systems process NEWLINE and RETURN characters in the text files. Convert the base64 or base16 encoded text files to binary (with -td), before using -f.

The -comp command can be used to compare to files or two fingerprints or a file and a fingerprint (in any order), for example:

a2 -comp myplanet.jpg myplanetsoft.jpg or a2 -comp myplanetsoft.jpg "62 DD A6 FA 68 F0 ... B2 1C 18 A2 00 CC FE 87 73" The fingerprint string should be exactly the same as one outputted by the -f command. Fingerprints are compared as no-case sensitive strings, so you can compare also any two strings with -comp.

^ top

Working with Archives

A2 can create strong encrypted archives where all individual entries are encrypted and also the file names and other data, so no one can tell what is inside, unless s/he knows the original password used to encrypt the archive. The entry data are kept encrypted, so no one can tell where an individual file entry starts or ends. A2 archives preserve the file names and relative paths from the start of a given directory, so you can archive entire directories.

By default, A2 does not compress the entry files inside an archive, because data compression has no effect on encrypted files. However, if you use the -z option (when no -an is specified) the data will be compressed before they are encrypted. If you use -z, then you need to specify it also when you view or extract the archive.

As with file encryption / decryption, a key (algorithm, password and iteration count) is required for A2 archives.

To create an encrypted archive, named ar1.a2r, containing all files in directory 'C:\my dir', you have to type:

a2 -a RJ128 -p password -ac ar1 "c:\my dir"

If you do not specify the suffix '.a2r' after the archive file (at -ac), then A2 will create a file with the '.a2r' suffix. With -av, -ax and -axe, A2 will try both file names, without the .a2r suffix and with the .a2r suffix.

A comment can be added to the archive when it is created (-ac) with the -am option. The comment is part of head and is also encrypted. The comment, if any, will be printed out by any of -av, -at or -ax options.

To list the entries found in an existing archive use:

a2 -a RJ128 -p password -av ar1.a2r

To extract (and decrypt) all entries found in an archive use:

a2 -a RJ128 -p password -ax ar1.a2r

A directory named ar1 will be created in the current directory.

To extract (and decrypt) only one given entry found in an archive use:

a2 -a RJ128 -p password -axe ar1.a2r test/entry.txt

The path 'test/entry.txt' must match the one returned by the -av option. Both '/' and '\' can be used in an entry path.

By default, A2 encrypts the file names and files data. If you specify the -an option, A2 will encrypt (with -ac) and decrypt (with -ax, -axe) only the head (file names, and length data) section, but NOT the entry file data. This feature allows you to archive files that have been encrypted before with A2. It also allows you to use a different key (or keys) for entry files' data, and another one for the archive head (file names, offsets and lengths).

If the archive head (the tail of an '*.a2r' file) is corrupted, you cannot extract the files. If the body of an archive is corrupted, but the head is ok, then you can extract as much files as possible by using the -x option. With the -x option, A2 ignores any errors and continues with next entry file. Always verify the archive head with the -av command, after you create or copy an archive.

A cyclic redundancy check (crc) checksum is calculated for each entry. During extract, the crc value of an entry is compared with the crc of entry data. If the two crc-s do not match an error is reported. You can use the -anocrc option to skip crc check with -ax, -axe. Using -anocrc is, however, not recommended given that you may end up with corrupted files. Even if you use -anocrc, a corrupted entry's extraction may still fail, if the decrypt (or unzip) process finds errors. You can verify an archive's integrity with the -at option:

a2 -p password -at arfile.a2r

Avoid using directories which contain files, that result in identical archive paths. This may result in equal file paths during extract, if both directories have the same file names, at the same subdirectory paths. If this happens, use the -er option to properly rename the extracted files.

^ top

Wiping Data (-wipe)

The safe data wipe tool that comes embedded with A2 deletes files by overwriting them three times with random data and mangling the file and folder the names.

The files deleted with this tool cannot be recovered.

To wipe any files (wildcards ? and * are accepted for file names) or directories use:

wipe "C:\test\text.txt" "C:\test\data\*.bmp" "C:\test\data1\"

All the specified files and folders must exist.

If you specify the -f (fast) option a single random overwrite pass is used.

^ top

Hiding Data in Images (-stg)

Experimental option. The free image steganography tool can hide a file's data invisibly inside an image file. Read the following help completely before you use this tool.

To hide the data of a file named 'data.txt.a2' in the image file 'myplanet.jpg' use:

a2 -stge myplanet.jpg data.txt.a2

If everything goes well (see below), a file named 'myplanet_.png' will be outputted that contains the data of 'data.txt.a2' hidden invisibly in it. The file 'data.txt.a2' must exist and must not be empty.

To unhide the data from an image file use:

a2 -stgd myplanet_.png data.txt.a2

This will create 'data.txt.a2' from data hiden in 'myplanet_.png' if any such data are found.

The *_.png file must be the original file produced by -stge command, otherwise the process will fail.

The -stge option does an automatic in-memory check of the outputed *_.png file to verify that data unhide works, so you do not need to test it explicitly with -stgd.

If any of the output files exist, an error message will be shown. You can use -eo or -er BEFORE -stge or -stgd to override this behavior:

a2 -eo -stge myplanet.jpg data.txt.a2

This will overwrite 'myplanet_.png' if it exists.

Notes

  • The -stge hides the file data unencrypted in the image file! So encrypt a data file before using it with the -stge command! You can encrypt and hide the data at same time if you chain the commands (with &):

    a2 -p test data.txt & a2 -eo -stge myplanet.jpg data.txt.a2

    The reverse process can be done also in a single command as follows:

    a2 -stgd myplanet_png data.txt.a2 & a2 -p test -d data.txt.a2

  • Any image, that can be converted to a 24bit color raster image, can be used as input with -stge. Colored BMP files, JPEG (JPG) files, etc. fulfill this condition and can serve as valid input files. For other files may the process may fail.

    With both -stge and -stgd the name of the input image file does not play any role to guess the image type. Any image file name (and suffix) will do. Both commands can guess correctly the type of the input image.

  • The output of -stge and the input of -stgd is always a 24bit BMP file encoded in a format without loss of data. By default, the output format is PNG and the file suffix *_.png. PNG produces the smallest files without loss of data. You can change the output file format to TIFF or BMP by using -stgtiff or -stgbmp before -stge. For example:

    a2 -stgbmp -stge myplanet.jpg data.txt.a2

    will produce a 'myplanet_.bmp' file as output. Usually, the relative sizes of the output file for the three formats stand as: PNG < TIFF < BMP. You do not need to use -stgbmp or -stgtiff with -stgd, because it does not need any help to guess the right type of image.

    Important: The *_.png files (or *_.bmp or *_.tiff) outputted by -stge must not be changed in any way. You may change the file name, but you should not change the file format or file data in any way, otherwise the unhide process will fail.

    The outputted image of -stge cannot be converted back to the input image given to this command. Also, if you reuse the BMP file outputted by -stge, e.g., 'myplanet_.png' as input for another -stge command, then only the last data will be found in the outputted 'myplanet__.png', any previous hidden data will be lost.

  • Hiding data in an image file is possible only for small data files. The program will print an error message if you try to specify a data file bigger that this with -stge. To find how many bytes of data you can save in an image file use:

    a2 -stgi myplanet.jpg

    If a file is bigger than the amount of data allowed in an image, consider splitting the file in parts and hide every part in a separate copy of the image or in different images.

    The maximum amount of data you can hide in an image depends only on the image resolution [width x height] and the output image quality. You can control the output image quality using the depth setting (-stga*) BEFORE -stge. Valid options for -stga* are: -stga1 (default, best image quality), -stga2, -stga3, -stga4, and -stgam (worst image quality). If you use a -stga* option before -stge, you need to specify it also before -stgd in order to successfully unhide the data. Example:

    a2 -stga3 -eo -stge myplanet.jpg data.txt.a2 a2 -stga3 -eo -stgd myplanet_.png data.txt.a2
  • A2 uses GDI+ to process image files and is vulnerable to GDI+ related attacks, so make sure the image files you use are really safe image files.

^ top

Exchanging Passwords (-rsa)

Experimental option. The -rsa options used the Microsoft .NET / Crypto API RSA implementation. The Microsoft .NET / Crypto API RSA writes the used keys in hard disk and is not so safe. Best, avoid using this option. It can be used, however, to exchange passwords.

The best way to send password data to a friend (or any third party) is to tell it personally to her / him. For example, you and your friend can meet and agree on the encryption algorithm and a part of KEY (password), and exchange other parts of KEY freely. If you cannot meet the friend personally or you want to send the KEY data securely via email, you can exchange passwords (or any data) safely via email with friends with the help of the A2 -rsa option. While this way is safe, it is unfortunately not trivial to follow.

Use the following steps to exchange a password (key data) with a friend:

  • Both you and your friend should generate a pair of public and private keys with -rsa -k option. An optional key size can specified with -z option.

    a2 -rsa -z 1024 -k

    Generates the two key files for example: 20050308-120735-pub.a2key and 20050308-120735-pri.a2key. The names of the files are not important but the two files for a single RSA key with the public and private parts. The fingerprints of the two key files will be printed in screen.

  • Send the public key file (*-pub.a2.key) (and the key size, preferably by phone or another channel) to your friend with email. Your friend should also send his own public key file to you, e.g: friend-pub.a2key.
  • Make sure the public key file you received, really comes from your friend. Use the -f option to get the key file finger-print and verify it with your friend in a secure way (not will email), for example, by telephone.

    a2 -f friend-pub.a2key

    Prints a 256 bit fingerprint of a file in hexadecimal.

    Note: Steps 1, 2 and 3 are not needed if you and your friend meet only once and change the public key files manually.

  • Encrypt the secret data you want to send to your friend with your friend's public key file, using the -rsa -e option. Send the encrypted file to your friend. In meantime your friend should also send some part of secret data to you encrypted with your public key file. The exact details of the data that you exchange, may vary, depending on your specific needs.

    a2 -rsa -z 1024 -e friend-pub.a2key my-data.txt

    An encrypted file named my-data.txt.a2data will be generated.

    If your text data are in the system clipboard use the -c option, instead of a file name:

    a2 -rsa -z 1024 -e friend-pub.a2key -c

    The encrypted data, encodes as text Base64, will be placed in clipboard, replacing the original text.

  • Make sure the encrypted file you receive (e.g: friend-data.txt.a2data) really comes from your friend, in the same way as in step 3.
  • Decrypt the file with your private key (*-pri.a2.key). Your friend should do the same. The decrypted data are the secret data your friend sent to you. Combine them as necessary with the data you send to your friend, and use that combined key data to encrypt / decrypt files using A2.

    a2 -rsa -z 1024 -d 20050308-120735-pri.a2key friend-data.txt.a2data

    Creates the unencrypted file data.txt (if key is valid).

The -rsa option uses public key cryptography. This means that, there is a pair of keys, the public key (*-pub.a2key) and the private key (*-pri.a2key). Data encrypted with either key (for example, the public key), can be decrypted only with the other pair matching key (for example, the private key). If you specify a key size with -z when you generate the key, then the correct key size must be specified in all encryption and decryption operations (-e, -d). The RSA implementation is based on .NET (Crypto API). The keys are stored locally in a hard disk store, so do not use RSA for encryption.

^ top

A2 File Suffixes

A2 uses or creates files with the following basic extensions:

  • .a2 - individual files encrypted by A2 have this suffix added to the original name by default. It can be changed with -s option. If you have changed the suffix during encryption, then specify the new suffix again with -s during decryption. This way, A2 will properly remove the suffix, otherwise '.data' will be added to the file name.
  • .a2r - the A2 archive files. A2 will not complain in -av, -at, -ax, -axe, if the file does not have this suffix.
  • .txt - text encoded files, -te adds '.txt' to the original file name. If during text decode (-td) the file does not end with '.txt', A2 will not remove the suffix, but will add '.data' to the file name.
  • .a2z - an A2 zipped file, -ze adds '.a2z' to the original file name. If during unzip (-zd) the file does not end with '.a2z', A2 will not remove the suffix, but will add '.data' to the file name.
  • .key - *-pub.a2.key is a public (*-pri.a2.key is a private) key file of the -rsa option.
  • .a2data - ecrypted files with the -rsa option. If file ends with this suffix when it is decrypted (-d) the suffix with be removed.

The -er option renames the files if necessary, from '*.*' to '*-rX.*', where 'X' is a unique integer.

^ top

Command-Line Console Hints

  • A2 Path - It is recommended to place 'a2.exe' in a directory that is in the system path.
  • Print A2 Help - To print the A2 command-line help, use a2 > help.txt. Then open 'help.txt' and print it.
  • Rules for Escaping Command Line Parameters - The following rules apply at the command prompt for command line parameters:
    • To enter parameters that contain space, close each parameter inside quotes. E.g.: "C:\my dir", will be read as [C:\my dir], (without the [] braces of course).
    • To enter a quote sign in the middle of a option, escape it with '\'. E.g: "my pass\"word", will be read as [my pass"word].
    • To enter a '\' in the end of an option closed in quotes or before an escaped quote sign, use double '\\', because the last '\' escapes the quote. E.g.: "c:\my dir\\", will be read as [c:\my dir]. And "my pass\\\"word", will be read as [my pass\"word].
    See 'cmd.exe' help for more information.
  • Enable Quick Copy - In a Windows command-line window (cmd.exe) you can click the system menu (the window icon) and select 'Properties'. There at 'Options' tab select 'Quick Edit Mode'. This will allow you to easily select in a command-line window. Also at the 'Layout' tab, you may change 'Screen Buffer Size' e.g., to 120 x 1400 and optionally 'Window Size'.
  • Windows Explorer Context Menu - Add a 'CmdPrompt' item to windows explorer context menu, by coping the following in a 'cmd.reg' file and executing it. Replace c:\\windows\\system32\\cmd.exe with the path in your system where 'cmd.exe' is found. Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\Folder\shell\CmdPrompt] [HKEY_CLASSES_ROOT\Folder\shell\CmdPrompt\command] @="c:\\windows\\system32\\cmd.exe"

KittyXplorer

Strong encryption archival software with integrated image viewer and many more.

KittyXplorer strong encrypted archives, image encryption, video encryption
Try KittyXplorer!

Get free with TrialPay!
Get KittyXplorer FREE! $0.00

Order KittyXplorer!
Buy KittyXplorer!

Normal price: $24.95
Only this summer: $19.95

KittyXplorer stores images and other files in safe encrypted archives. Secure file and history wiper, duplicate files finder. Strong encryption AES up to 256 bits keys, Blowfish up to 448 bit keys, Serpent up to 256 bit keys.

Get for Free
Write a review and get it free!



KittyXplorer Videos