                          .---------------------.    
                           !Stealth !Help file 
                          '---------------------'

Version: 1.2.1b (3 August 2014)

Author: Nat Queen <software@queen.clara.co.uk>

Purpose: To defeat the spooks and ensure total privacy

Primary distribution site: http://www.queen.clara.net/pgp/acorn.html

*** NOTE *** This version is intended for Virtual Acorn systems. If you are
using RISC OS on 'native' hardware, you should get version 1.2a from the
same URL, which you will find somewhat more efficient. See the section "Why
is there a separate version..." below for an explanation.

   "No one shall be subjected to arbitrary interference with his privacy,
    family, home or correspondence..."

   - Article 12, Universal Declaration of Human Rights


What does !Stealth do?
======================

!Stealth provides strong data encryption in combination with a form of
steganography (the process of hiding data), with the aim of making it
impossible for potential attackers, including law-enforcement agencies, to
detect the existence of the encrypted data. The basic human right to privacy
is being eroded in many countries. !Stealth is designed to give you the
maximum possible protection against invasion of your privacy.


How does it differ from !Q-Lock?
================================

Like !Q-Lock (available from the same download site), !Stealth enables you
to encrypt your sensitive data or to retrieve it, in a very simple manner.
You can encrypt and decrypt many whole directories, each with its own
passphrase.  The encryption will completely hide not only the data, but also
the nature of the directory structure, the filenames, etc.

If you need only strong encryption without necessarily hiding the existence
of the encrypted data, !Q-Lock may be more convenient for you.

!Stealth differs in some important respects. Its main purpose is to make it
impossible for any attacker to determine exactly how many directories are
encrypted.

Unlike !Q-Lock, !Stealth stores all its encrypted directories inside one
large container file, called a Stealth file. This Stealth file, with
filename 'Private!' in the main !Stealth directory, will be initially filled
with random data when you first run !Stealth. Whenever an encrypted
directory is saved, it is placed inside a certain segment of the Stealth
file. These segments, which may contain specific encrypted directories, will
henceforth be called 'volumes'. A potential attacker has no way to
distinguish encrypted data in a particular volume from completely random,
meaningless data. This is what makes the encryption impossible to detect.

It will be obvious to any potential attacker that the program is designed to
hide encrypted data. However, if you ever face a situation in which some
authority demands access to your encrypted data, you will be able to reveal
some of it, while denying the existence of more important secret data that
you are absolutely unwilling to reveal. Nobody without a knowledge of your
secret passphrases will be able to produce any evidence for the existence of
the hidden data. There is no known way to distinguish the encrypted data
from completely random data.

A more detailed explanation of how and why this 'deniability' works is
given in a text file 'Rationale', contained inside the !Stealth.Docs
directory.

The main drawback of !Stealth, as compared with !Q-Lock, is that each
volume in which encrypted data can be stored has a fixed limited size,
though this is user-definable when the program is run for the first time,
and there is a facility for increasing the size of all the volumes when
necessary. This limitation is due to the limited time that I have been able
to spend in writing this software. The 'wasted' space in the Stealth file is
the price that you will have to pay if you want the special 'deniability'
feature. However, the fixed volume size has a definite security advantage:
It hides the sizes of any hidden encrypted directories! Because it not only
encrypts your data but hides it as well, !Stealth is also a little slower
than !Q-Lock in some of its operations.


Security of !Stealth
====================

Many programs, both freeware and commercial, make unsubstantiated claims
about providing 'virtually unbreakable' encryption, often without revealing
the encryption method. As Phil Zimmermann, creator of PGP, said in his PGP
manual, "Beware of snake oil" - never trust a cryptosystem unless its source
code has been reviewed by cryptographic experts. The cryptosystem used by
!Stealth is the renowned Blowfish cipher, whose source code is freely
available and which has been analysed by numerous experts. Moreover, this
software is free.

As an added bonus, !Stealth erases all traces of the original files and
their filenames from the disc after they are encrypted, thus preventing
anyone from recovering them. When a file is 'deleted' by RISC OS, only its
entry in the directory structure is removed, but all the data remain on the
disc surface and can easily be recovered by means of a disc editor or an
'undelete' utility. !Stealth prevents such data recovery by overwriting the
original files and their filenames 10 times with cryptographically strong
random data.


How to get started
==================

Before using !Stealth, you must decide how many distinct directories you
want to be able to encrypt, as well as the available size of each volume.
When you run !Stealth for the first time by double-clicking on its icon, it
will ask you for this information. The default number of volumes is 5, but
you will be given the option to change it if you wish. Any number up to 255
is allowed.

When you have entered the required information, a Stealth file will be
created. For a large file, this may take some time. Please be patient. You
will need to do this only once, and the file will be prepared in such a way
as to provide the highest possible security.

Once the Stealth file has been created, a directory window will open,
showing a directory called 'TaskDir'. In it you will see five inner
applications, !Store, !Extract, !Erase, !NewVolume and !Extend, as well as a
subdirectory called 'Data'. These are explained below. You are now ready to
use the program.


Encryption
==========

Whenever you want to use !Stealth to encrypt or decrypt data, you should
first double-click on the !Stealth icon (as you have already done when
following the instructions just above). The TaskDir directory window will
then open.

All the data to be encrypted should be placed inside the directory Data. To
encrypt the data and hide it in a particular volume, double-click on the
!Store icon. The program will ask you to specify the volume in which to
store the data. These volumes are identified by number: 1,2,3,...  After
entering the volume number, you will be asked for a passphrase (twice for
confirmation).

Each volume has its own passphrase. You might find it convenient to use
different volumes for different purposes, and especially for data of
differing levels of confidentiality, reserving the most important ones
(perhaps those with the highest volume numbers) as 'deniable', as explained
above.

It is essential that you remember your passphrases. Passphrases may contain
any characters and are case-sensitive. If you forget a passphrase with which
you encrypted your data, there will be absolutely no way for you or anyone
else to recover the data (unless you used a weak passphrase!).

It is important that no two directories are encrypted with the same
passphrase, since the decryption program only asks for a passphrase, not the
volume number, and it will decrypt and extract the data from the first
volume that it finds (if any) for which the specified passphrase was used.

When you have entered your passphrase twice for confirmation, the entire
Data directory will be encrypted and stored inside the Stealth file, and its
original contents will be securely wiped, making it impossible to recover the
data from the disc.

If an encrypted directory is too big to fit inside one volume, the program
will report this fact and terminate, leaving your data intact. If a volume
is found to be more than 80% full during the encryption process, the program
will report this, in order to warn you that only a limited amount of data
can be added to that particular volume in the future.

The space occupied by the encrypted data inside a volume will in general be
smaller than the size of the original directory, since the program
compresses the data before encrypting it.

CAUTION: When encrypting a new directory, be sure to store it in a new
volume. Any encrypted data already stored in the specified volume will be
overwritten without warning. [It would not make sense to warn you, and in
any case there would be no way to do this - remember, the program is
designed to hide any evidence for the existence of encrypted data!] This
means that it is important to remember which volumes already contain hidden
data that you want to preserve.


Decryption
==========

To decrypt and extract your data, double-click on the !Extract icon. You
will be asked for a passphrase. If you enter the correct passphrase for any
particular volume, the contents of that volume will reappear inside the
directory 'Data', and its directory window will open automatically, ready
for you to access your data. If you enter the wrong passphrase by mistake,
i.e. one that does not decrypt any volume, you may try again, until you get
it right.

If you want your data to remain secure, don't forget to use !Store again
when you finish your session!

If you have extracted data from a particular volume and then re-encrypt data
to be stored in that volume, you may use any passphrase; the passphrase need
not be the same as before.


Choosing a good pass phrase
===========================

A chain is only as strong as its weakest link. The weakest link in !Stealth,
as in many good encryption programs, is the passphrase used to encrypt the
data. If any attacker ever tries to recover data encrypted with a strong
cipher, he is most likely to try to discover the passphrase, since he would
realise that cryptanalysis is useless. This makes it very important to
choose a sufficiently strong passphrase, which is easy for the user to
remember, but almost impossible for anyone else to guess. Some tips for
doing this are contained in a separate text file 'PassTips', which you can
find in the !Stealth.Docs directory.


Other security considerations
=============================

!Stealth makes use of Blowfish, one of the strongest publicly available
ciphers, which has been found to be resistant to all known practical
attacks.

If used properly, !Stealth will protect your data against any snoopers.
However, if you are seriously concerned about possible attacks by experts,
it is essential to take certain additional precautions when handling your
data. Some advice about this can be found in a separate document, in the
file 'ExpertHelp' inside the !Stealth.Docs directory.


Removing all traces of sensitive data
=====================================

Inside the directory TaskDir which opens when you run !Stealth, you will
find an inner application !Erase.  Whenever you run !Erase, a subdirectory
called 'scrap' will open. If anything is placed inside this 'scrap'
directory and you then run !Erase again, it will give you the option of
securely destroying the entire contents of 'scrap' by overwriting it several
times with random data. To understand how to achieve maximum security when
using !Erase in conjunction with !Stealth (or, indeed, for securely wiping
any data in general), please read the file 'ExpertHelp' contained in
!Stealth.Docs.


Adding an extra volume
======================

You may eventually decide that you need room for more encrypted directories.
You can add an additional volume to your Stealth file by running the
application !NewVolume in the directory TaskDir. The new volume will have
the same size as all the previously existing ones. You can repeat this
process as many times as you like, up to a maximum of 255 volumes.


Enlarging the size of each volume
=================================

This can be done by running the application !Extend in the directory TaskDir
and following the instructions. You will be asked to specify the new size
for each volume.


Why is there a separate version for Virtual Acorn systems?
==========================================================

The original version of this software contained the very powerful utility
'nuke', which does not work in those systems. Therefore a separate version
was created by replacing 'nuke' with a BASIC program to carry out a similar
function. However, this BASIC program is somewhat slower and more limited in
its security features than the original 'nuke'. !Stealth 1.2a retains the
original and more powerful 'nuke'.


History
=======

v1.0 - First release (12 August 2003)

v1.1(a,b) - Faster creation of Stealth file; added icon for Stealth file;
   updated Blowfish module; better progress messages; <Esc> key temporarily
   disabled to avoid accidental remnants of plaintext when encrypting;
   added utility for creating an extra volume (2 July 2004)

  [v1.1a is for RISC OS 3 or 4; v1.1b is for RISC OS 5 or Virtual Acorn]

v1.2(a,b) - Can now enlarge the volumes; improved 'erase' procedure; updated
   CryptRandom module; fixed a small bug if the user attempts to encrypt an
   empty Data directory; v1.2a (with updated 'nuke') now works in RISC OS 5.
   (5 January 2009)

  [v1.2a is for use on 'native' hardware; v1.2b is for Virtual Acorn systems]

v1.2.1(a,b) - Updated CryptRandom, SHA1, zip and unzip


Legal notice
============

!Stealth is freeware. The copyright is retained by the author, Nat Queen. 
You may copy and distribute this software freely as long as none of the
files are altered or removed. If you distribute !Stealth in any PD library,
magazine cover disc or CD, or on any site on the Internet, please drop a
line about it in my mailbox, so that I can keep you informed about possible
future updates. Any distribution method is allowed, provided that you do not
make any profit from it. This software must not be distributed as part of
any other application without my prior permission.

This software has been thoroughly tested, but no guarantee is given as to
its suitability for any purpose. The author accepts no responsibility for
any data loss, crashes or other undesired effects caused directly or
indirectly by using !Stealth.

!Stealth contains several utilities by other authors, who retain the
copyright to their respective utilities.


Thanks to:
==========

Gareth McCaughan, for porting the Blowfish cipher to RISC OS and for making
it freely available, and also for helpful comments about !Stealth.

Stefan Bellon, for recompiling the Blowfish module to make it compatible
with 32-bit systems.

The info-ZIP group, for allowing their zip/unzip executables to be freely
used.

Theo Markettos, for permission to include his SHA1 and CryptRandom modules
in this software, and also for helpful advice about the use of CryptRandom.

Tony Hopstaken, for helpful suggestions.

Jenny Queen, for designing the !Stealth icon.
