                          .--------------------.
                           !Q-Lock !Help file 
                          '--------------------'

Version: 1.5.1b (3 August 2014)

Author: Nat Queen <software@queen.clara.co.uk>

Primary distribution site: http://www.queen.clara.net/pgp/acorn.html

*** NOTE *** This version is intended for users of Virtual Acorn systems. If
you are using 'native' hardware, you should get version 1.5a from the same
URL, which you will find somewhat more efficient. See the section "Why is
there a separate version..." below for an explanation.


What does it do?
================

!Q-Lock enables you to encrypt all your sensitive data or to retrieve it, in
a very simple manner. You can encrypt and decrypt not only single files, but
a whole directory structure in a single operation.

The encryption will completely hide not only the data, but also the nature
of the directory structure, the filenames, etc.

!Q-Lock can encrypt not just one directory structure, but many, each with
its own passphrase. For example, each member of a family can use the same
program to process only his or her own private directory. Or you can have
separate directories for your private correspondence and for your work. By
dividing all your data among separate directories, you can encrypt or
decrypt any part of it faster than processing all your data at once. These
separate directories are referred to below as 'working directories'.

Many commercial programs claim to provide 'virtually unbreakable' encryption
without revealing the encryption method. As Phil Zimmermann, creator of PGP,
said in his PGP manual, "Beware of snake oil." The encryption system in
!Q-Lock relies solely on the renowned Blowfish cipher, whose source code is
freely available and has been scrutinised by numerous experts. Moreover,
this software is free.

As an extra security measure, !Q-Lock automatically erases all traces of the
original files from the disc after they are encrypted, thus preventing
anyone from recovering them. When a file is 'deleted' by RISC OS, only its
entry in the directory structure is removed, but all the data remain on the
disc surface and can easily be recovered by means of a disc editor or an
'undelete' utility. !Q-Lock prevents such data recovery by overwriting the
original files 10 times with cryptographically strong random data..


How to get started
==================

First, decide how many distinct working directories you want, and what they
will be called. Each working directory can be encrypted independently, with
its own passphrase, into a single file, which will be inaccessible to anyone
who does not know the correct passphrase. If you wish, you may use the same
passphrase for different directories.

When you double-click on !Q-Lock, a directory window will open. In it, you
will see an application !DirManagr. This is a directory manager, used to
create new working directories, or to wipe existing ones in a secure manner,
so that they cannot be recovered.

If you double-click on !DirManagr, another directory window will open, in
which you will see the two applications !CreateDir and !WipeDir, used to
create new working directories or to destroy existing ones. To use these
applications, simply double-click on one of them and follow the on-screen
instructions. The application !WipeDir will automatically remove all traces
of a working directory, in either its plaintext or encrypted form.

Do not create or destroy working directories by hand. It is much simpler and
safer to use !CreateDir or !WipeDir.

Apart from !DirManagr, the directory window that opens when you double-click
on !Q-Lock also contains three other utilities (!Lock, !Unlock and !Erase)
and two directories ('Data' and 'Encrypted'). 'Data' is the directory that
will contain all your working directories, in which you can put any
sensitive files, directories or applications to be encrypted. The directory
'Encrypted' (which you need not normally open) will contain all your
encrypted data. The three utilities are described below.

The working directories are initially created as subdirectories of 'Data',
and also as subdirectories of 'Encrypted'. The subdirectories inside 'Data'
are destroyed after encryption. The subdirectories inside 'Encrypted' will
contain the encrypted versions of each of the working directories, but they
will remain present as empty subdirectories when the working directories are
not encrypted. Therefore the easiest way to check the full list of working
directories at any time, whether or not they are encrypted, is to open the
directory 'Encrypted' and look at its subdirectories.


Encryption
==========

Place the sensitive data that you want to encrypt in any of the working
directories inside 'Data'.

To encrypt your data, double-click on the !Lock icon. The program will first
ask which working directory you want to encrypt, and will then ask for a
passphrase. It is essential that you remember this passphrase. Bear in mind
that the passphrase is case-sensitive. If you forget the passphrase with
which you encrypt your data, there will be absolutely no way to recover the
data (unless you used a weak passphrase!).

After entering your passphrase twice for confirmation, the original working
directory will be securely wiped and replaced by a single encrypted file
inside the corresponding subdirectory of the directory 'Encrypted'.

Please note that once you have specified the directory to be encrypted, the
Escape key is disabled until the encryption/wiping operations are completed.
This is done to ensure that all remnants of the original data are securely
wiped after encryption.


Decryption
==========

To decrypt your data, double-click on the !Unlock icon. You will first be
asked which working directory you want to recover, and then for the
passphrase that you used to encrypt it. If you enter the correct passphrase,
the original working directory with all its contents will reappear inside
'Data', and its directory window will open automatically, ready for you to
access your data. If you enter the wrong passphrase by mistake, you may try
again, until you get it right.

If you want your data to remain secure, don't forget to use !Lock again when
you finish your session!

In the very unlikely event that any of your encrypted files are accidentally
deleted or corrupted, you will find a backup copy inside the directory
!Q-Lock.QlockDir.!Lock.Backups, which can be copied back to its normal
position inside 'Encrypted', from which it can be recovered by using
!Unlock. This backup is created automatically every time you encrypt your
data.


Destroying sensitive data
=========================

The easiest way to destroy a working directory is to use the utility
!WipeDir, as mentioned above. This will permanently destroy all traces of
the working directory, whether encrypted or not, together with any
previously created backup copy.

If you want to destroy any sensitive files or directories at any time,
whether or not they are part of a working directory, you can use the utility
!Erase, which is contained inside the directory whose window opens when you
run !Q-Lock.

Whenever you run !Erase, a subdirectory called 'scrap' will open. If
anything is placed inside this 'scrap' directory and you then run !Erase
again, it will give you the option of securely destroying the entire
contents of 'scrap' by overwriting it several times with random data. To
understand how to achieve maximum security when using !Erase in conjunction
with !Q-Lock (or, indeed, for securely wiping any data in general), please
read the file 'ExpertHelp' contained in !Q-Lock.Docs, and also the !Help
file of !Erase itself.

!Erase can be used as a stand-alone application. In fact, it is also
distributed separately.

Be very careful about what you put in 'scrap'. Do not simply 'delete' any
sensitive data; anything that is 'deleted' by RISC OS can be 'undeleted'
with appropriate software. In particular, it is not sufficient to copy
anything into 'scrap' and then 'delete' the original version; *move* it
instead.

You may use 'scrap' to destroy sensitive data from any other directory on
the disc. However, if you attempt to 'move' files from another disc or
filing system, RISC OS will simply 'copy' them and then 'delete' the
original copy, and this is not a secure procedure. A good solution in that
case would be to place a copy of !Erase in the other location and use it to
destroy the data.


Choosing a good passphrase
==========================

A chain is only as strong as its weakest link. The weakest link in !Q-Lock
is the passphrase used to encrypt the data. This makes it very important to
choose a sufficiently strong passphrase, which is easy for the user to
remember, but almost impossible for anyone else to guess. Some tips for
doing this are contained in a separate document, in the file 'PassTips'.


Other security considerations
=============================

!Q-Lock makes use of one of the strongest publicly available ciphers, which
has been found to be resistant to all known practical attacks.

If used properly, !Q-Lock will protect your data against any casual
snoopers. However, if you are seriously concerned about possible attacks by
expert hackers, you may want to take additional precautions. Some advice
about this for 'expert users' can be found in a separate document, in the
file 'ExpertHelp'.

When working directories are encrypted by means of !Lock, the original
contents are securely destroyed by overwriting all the data 10 times in
succession with random data. A similar facility is available when using
!Erase. By default it will overwrite the data just once, but there is an
option to use up to 9 overwrites (see the !Help file in !Erase for details).


Why is there a separate version for Virtual Acorn?
==================================================

The original version of this software contains the very powerful utility
'nuke', which does not work in such systems. Therefore a separate version
was created by replacing 'nuke' with a BASIC program to carry out a similar
function. However, this BASIC program is somewhat slower and more limited in
its security features than the original 'nuke'. !Q-Lock 1.5a retains the
original and more powerful 'nuke'.


Why is it called !Q-Lock?
=========================

Partly because Q follows P (as in 'PGP' - see 'History' below); partly
because Q might suggest 'Quick'; and partly because the author likes the
letter Q. :-)


History
=======

!Q-Lock is a stand-alone replacement for an earlier program !PGPlock, which
also required both PGP.

v1.00 - First release (9 November 1998)

v1.01 - Small bug fix (1 December 1998)

v1.1 - Multiple working directories; simplified 'scrap' (1 February 1999)

v1.2 - Added !DirManagr; improved security (15 June 1999)

v1.3 - Fully compatible with RISC OS 4; option for 'True Military' nuking
       (6 September 1999)

v1.4(a,b) - Replaced IDEA and MD5 by the more secure Blowfish and SHA-1
            (22 September 2004)

  [v1.4a is for RISC OS 3 or 4; v1.4b is for RISC OS 5 or Virtual Acorn]
  [v1.4b contains a new 'erase' procedure instead of 'nuke']

v1.5(a,b) - Updated 'nuke' in v1.5a; updated CryptRandom module and
            inner application !Erase in v1.5b (5 January 2009)

  [v1.5a is for use on 'native' hardware]
  [v1.5b is for Virtual Acorn systems]

v1.5.1(a,b) - Updated CryptRandom, SHA1, zip and unzip where appropriate
              (3 August 2014)


Legal notice
============

!Q-Lock is freeware. The copyright is retained by the author, Nat Queen. 
You may copy and distribute this software freely as long as none of the
files are altered or removed. If you distribute !Q-Lock in any PD library,
magazine cover disc or CD, or on any site on the Internet, please drop a
line about it in my mailbox, so that I can keep you informed about possible
future updates. Any distribution method is allowed, provided that you do not
make any profit from it. This software must not be distributed as part of
any other application without my prior permission.

This software has been thoroughly tested, but no guarantee is given as to
its suitability for any purpose. The author accepts no responsibility for
any data loss, crashes or other undesired effects caused directly or
indirectly by using !Q-Lock.

!Q-Lock contains utilities by other authors, who retain the copyright to
their respective utilities.


Thanks to:
==========

Tony Hopstaken, for invaluable help, suggestions and inspiration, all of
which made this a much better program.

Gareth McCaughan, for porting the Blowfish cipher to RISC OS and for making
it freely available.

Stefan Bellon, for recompiling the Blowfish module to make it compatible
with 32-bit systems.

Theo Markettos, for making his SHA1 and CryptRandom modules available to the
RISC OS community.

The info-ZIP group, for allowing their zip/unzip executables to be freely
used.

Jenny Queen, for help in designing the !Q-Lock icon.