



















                             FILE ENCRYPTION SYSTEM









                A Powerful System to Protect Your Sensitive Data
























                                                               Version 4.xS

                                     (C) Copyright, Bennett Scott 1985-1991









                                      PREFACE







                 The File Encryption System is a simple but powerful
            tool for keeping your sensitive data safe and secure.  It
            does this by encrypting (scrambling) the data in a file
            based on a password that you choose.  The encryption is
            performed automatically as you run your application
            programs.  The File Encryption System allows the user to
            select different levels of data security (1 - 2). (Note: a
            more powerful version is available with your registration,
            with 5 levels of encryption, with level 5 meeting the U.S.
            National Institute of Standards and Technology (NIST),
            formerly the National Bureau of Standards, Data Encryption
            Standard (DES).  See documentation on the distribution disk
            for more details.)  The encryption algorithm thoroughly
            randomizes the data and is virtually impossible to decrypt
            without the password. The File Encryption System is a shell
            program which allows you to run word-processing,
            spreadsheet, database or any other programs that use files
            for data storage. This capability can be very useful if you
            have proprietary information such as business plans or
            financial data that you do not want anyone to be able to
            access.

                 This manual describes how to use the File Encryption
            System.

                 Chapter 1 is an introduction to file security and how
            it is approached. Some fundamental theory is presented to
            give you a basic feel for how this system works and how you
            can use it.

                 Chapter 2 describes the utility programs included in
            the File Encryption System software.

                 Chapter 3 describes how to install the software on your
            computer.

                 Chapter 4 describes how to use the software.

                 Chapter 5 illustrates examples using different word-
            processing, spreadsheet, and data base programs.

                 Chapter 6 describes some limitations of the File
            Encryption System.

                                          1






                 Chapter 7 describes how to use the LOGIO file I/O
            logging program to analyze your application programs so that
            you can properly set up the File Encryption System.

                 Appendix A contains explanations of error messages that
            you may encounter when using the File Encryption System.

                 Appendix B contains information for configuring the
            File Encryption System for some of the widely used
            application programs in use today.

                 Appendix C contains a list of application programs that
            must be configured to use algorithm modification 1.

                 Appendix D contains a hexadecimal to decimal conversion
            table.

                 Before continuing with this manual, you should be
            familiar with the DOS operating system.  You need to know
            how data is organized into files, and how programs can use
            these files.  You will need to know what program files and
            what data files your programs use when you are ready to set
            up your secure system. The File Encryption System provides a
            utility program for analyzing what files are used by your
            applications programs if you need it.  This is explained
            later.





























                                          2






                                    INTRODUCTION







                 The File Encryption System is a file encryption program
            meant to protect your sensitive data. The File Encryption
            System includes a shell program that runs under PC/MSDOS 2.1
            (and later versions) that is loaded into memory by the user
            when running normal application programs.  Once in memory,
            the program remains active until the user exits the program
            and returns to DOS. This way, the File Encryption System is
            always ready to protect your files, no matter which program
            you are running.  It will work with spread-sheets such as
            Multiplan(c), Microsoft EXCEL(c), and Lotus 1-2-3(c).  It
            will work with word processing programs such as Microsoft
            Word(c), Word Perfect(c), and Multimate(c).  In fact, it
            will work with just about any program that uses files for
            data storage.

                 In addition to the shell program, utility programs are
            included to encrypt the data in a file, to decrypt the data
            in a file, generate a configuration file (to configure the
            File Encryption System) and a file logging program to log
            file access I/O (so you can tell what files are used by your
            program).


























                                          3






                               HARDWARE REQUIREMENTS:



                 To run the File Encryption System you need

                 - An IBM PC, XT, 286/386, PS/2 or compatible PC
                 - At least 256K of RAM
                 - MS/PC DOS 2.1 or higher



                                     NETWORKS:



                 The File Encryption System is compatible with standard
            local area networks (LANs) networks, such as Novell or 3COM,
            since a file on a network file server looks like any other
            file to the program.



































                                          4






                         THE FILE ENCRYPTION SYSTEM AND DOS



                 The shell program (SECURE.EXE) works by sitting between
            the operating system (MSDOS) and your software (application)
            program, e.g., Lotus 1-2-3, dBase III, etc.  It continually
            watches for when your software program asks the operating
            system to either get data from a file or to put data into a
            file.  Then, SECURE steps in, intercepts the data, and
            changes it by encryption (scrambling) or decryption
            (unscrambling) before sending the data on its way again.

                 For example, if your program wants to put the line:

                      THIS IS A LINE OF DATA.


                 into a data file, the security system intercepts this
            data and may change it to something like:

                      Q%26,Kap+!Q,ORYkd74$#$=


                 before actually putting it in the file.  When the
            program wants to read this line from the file, the security
            system again steps in and changes what looks like "garbage"
            back to the original data.

                 Of course, the "garbage" data can be changed back to
            the good data only if the program uses the same password to
            decrypt (unscramble) the data that it used to encrypt the
            data.  If you write a file with a password, and then remove
            the password, anyone else who looks at the file will see
            nothing but garbage.

                 SECURE will work with almost any program that runs
            under MS/PC DOS (we have yet to find one that does not
            work). Whenever you give the security system a password, all
            data going to or coming from files will be encrypted or
            decrypted.  This is an advantage in that NO data need ever
            be put on a floppy disk or hard drive without being
            protected.

                 But if all files are encrypted and decrypted as long as
            a password is in effect, what happens if the software
            program needs to read in data from some other file, such as
            text in a HELP file, or another part of the program itself?
            If the security system changes this data, it might be
            disastrous.  This problem is solved by being able to tell
            the program which files are or are not encrypted.  This is
            done by specifying filename extensions (such as .EXE for
            programs, or .HLP for help files) when the security system
            is configured.  This will be covered in more detail later,

                                          5






            but it is important for you to know which files your
            programs will need to use without altering the data in them,
            on which files you want encrypted.




















































                                          6






                                   DATA SECURITY



                 The purpose of any data encryption system is to provide
            data security.  But the responsibility of data security is
            not a one-way street.  You need to take an active role in
            determining what needs to be secured, how it needs to be
            secured, and keeping it secured.  This section will help you
            make those decisions.

                 The File Encryption System was designed to make it as
            easy as possible to use.  Once the program has been properly
            installed, all you need to do is enter your DOS commands
            like always, but in addition, you will be prompted for a
            password.

                 The basis of any security system is PASSWORDS.  A file
            is encrypted based on a password.  Different files can have
            different passwords, or all files used by a particular
            program can have the same password.  You can change
            passwords by decrypting the file with the old password, and
            encrypting it with a new one. The password is not saved in
            any way with the file.  If you forget your password, you
            will have lost your data.  The File Encryption System is the
            electronic equivalent of a paper shredder.  Loss of your
            password will prevent your own access to your data.
            Passwords can be any printable character (any character on
            the keyboard) up to sixteen characters in length.  To the
            File Encryption System, upper and lower case letters are not
            the same -- "PASSWORD" is not the same as "password". Also,
            embedded spaces are considered part of the password ("pass
            word" is not the same as " password ").  Choose your
            password(s) with care; it is not a good idea to choose a
            password that is too "easy" to remember, such as your name -
            - such passwords are also too easy to guess by other people.
            Of course, you should protect your password(s); if everyone
            knows what it is, your data is not secure.

                 The File Encryption System has two (2) levels of
            encryption.  The level of encryption is determined by the
            configuration file.  The level you should use depends upon
            how "secure" your data needs to be.  Level 1 is known as a
            "polyalphabetic cipher". It merely substitutes characters
            for other characters, based on the password. While not the
            ultimate in security, it is good enough for many
            applications. The advantage of this level is that it does
            not add any time to get data from your files.  A level 1
            encrypted file could be broken by an expert in cryptography,
            but you need not worry about this unless your business deals
            in highly sensitive data.  Level 2 is based on the Data
            Encryption Standard (DES) approved by the NIST.  This is an
            extremely complex algorithm adapted as a standard way to
            encrypt data.  It is considered by many to be unbreakable.

                                          7






            The disadvantage to this is that it takes a long time when
            done in software.  Level 2 is actually a compromise.  It
            uses the same algorithm as the DES algorithm, but instead of
            16 iterations of encryption (as required by the standard),
            level 2 performs 1 iteration. The version sent to you with
            your registration will support 5 levels, with the 5th level
            being the DES algorithm in its entirety.

                 Level 2 is the default value suggested for use with the
            File Encryption System.  If you are using a slow PC (a 4.8
            MHz 8088), you may want to go to level 1.












































                                          8






                      COMPONENTS OF THE DATA ENCRYPTION SYSTEM







                 There are five files associated with the data
            encryption system.  They are SECURE.EXE, ENCRYPT.EXE,
            DECRYPT.EXE, EDITCFG.EXE and LOGIO.EXE.  Another file,
            SECURE.CFG contains configuration information used by
            SECURE.EXE.  Once the system is set up, only SECURE.EXE and
            one or more configuration files (default = SECURE.CFG) are
            required.

                 SECURE.EXE is a program file which acts as a command
            shell.  It allows you to give normal DOS commands, just as
            if you were giving them to DOS itself.  You will also give a
            password.  This program will take your password, enable the
            encryption system, and will then start your requested
            program running. Thereafter, all data read from files or
            written to files will be protected by encryption.   When
            your program terminates, the shell program will start to run
            again.  It will turn off the encryption system, and will
            then ask for the next command, and password.

                 The file SECURE.CFG is a configuration file which tells
            SECURE.EXE how to encrypt data.  This file contains
            information regarding the level of encryption, whether the
            desired files are to be included or excluded, the file
            extensions (e.g., .WK1, .PRN, etc.), valid passwords, and
            other options.  Although there is a SECURE.CFG file
            supplied, it can be changed by using EDITCFG.EXE.  You may
            also create your own configuration files using EDITCFG.  It
            should also be noted that multiple configuration files can
            be used.  SECURE.EXE uses SECURE.CFG as a default if no
            other configuration file is entered when SECURE.EXE is
            executed, but you may name your configuration file whatever
            you like.  You can have as many configuration files as you
            need, each having whatever name you desire.

                 The files ENCRYPT.EXE and DECRYPT.EXE are standalone
            command files (programs) which will encrypt and decrypt a
            data file.  These programs can be called from DOS, from the
            SECURE.EXE program, or any other way you would normally call
            a program.

                 EDITCFG.EXE is a configuration editor utility that is
            used to generate or edit the configuration file(s) used by
            SECURE.EXE.  The program displays screens that the user
            completes in order to configure the program.



                                          9






                 LOGIO.EXE is file I/O logging utility used to display
            what files are being used by a program.  By running LOGIO,
            the user can determine the extensions of the files being
            used by your application program.  The results from running
            this program can be used to determine the extensions that
            must be specified in the configuration file(s).

















































                                         10






                       INSTALLING THE FILE ENCRYPTION SYSTEM







                 This section is designed to assist you in installing
            the File Encryption System on your system.

                 To install the File Encryption System on a hard disk:

                 We recommend that you copy the File Encryption System
            to its own directory.  Use the DOS "mkdir" command to create
            the directory FES.  (You may use any name you like.) At the
            DOS prompt type:

                      mkdir c:\fes


                 and press ENTER.  Throughout this procedure, substitute
            the letter of the drive you want the File Encryption System
            installed on, if appropriate.  If you've named your File
            Encryption System directory something other than FES,
            substitute that as well.

                 Place the File Encryption System distribution diskette
            into your "A" drive and enter:

                      copy a:*.* c:\fes


                 You will now need to modify the "path=" statement in
            your autoexec.bat file so that DOS knows where to find the
            File Encryption System program files.  Append:

                      c:\fes;


                 to the end of your "path=" statement.  You must then
            reboot the computer for this change to be in effect.

                 To install the File Encryption System on a floppy disk:

                 Assuming you have two floppy diskette drives, begin by
            placing the your DOS diskette in drive A, then enter:

                      diskcopy a: b:






                                         11






                 DOS will respond with the message:


                 Insert SOURCE diskette in drive A:
                 Insert TARGET diskette in drive B:
                 Press any key to continue

                 Remove the DOS diskette from drive A and replace it
            with the original File Encryption System distribution
            diskette.  Then put a new diskette or one containing data
            you know longer need or want in drive B and press any key to
            start the copy process.

                 After you have made a master diskette, store the
            distribution diskette in a safe place, where it will be
            available if the master diskette ever becomes damaged.







































                                         12






                          USING THE FILE ENCRYPTION SYSTEM







                 This section is designed to guide you through setting
            up and running a secure system.

                 Once you have installed the File Encryption System, a
            number of decisions must be made before running the SECURE
            program:


                 -    encryption by inclusion or exclusion,
                 -    level of encryption (1 - 2),
                 -    encryption modification,
                 -    file extensions to be included or excluded,
                 -    definition of a menu screen,
                 -    running single or multiple application
                      programs from a single configuration file

                 These questions must be answered in order to properly
            set up the configuration file.  The utility program
            EDITCFG.EXE will allow you to generate a customized
            configuration file for your own secure system.

                 The first step is determining whether you want to set
            up your system to encrypt by inclusion (+) or exclusion (-).
            With the inclusion method, all files having the specified
            extensions are encrypted.  Using the exclusion method, all
            files except those with extensions specified are encrypted.

                 If you are using the inclusion method, you will specify
            the extensions of all the data files used by the application
            programs (e.g., .wk1, .wks, .dat, .doc, .dbf, .txt).  If you
            use the exclusion method, you will specify the extensions
            that the application programs use internally, such as device
            driver, dictionary, font, configuration and overlay files
            (e.g., .dvc, .dic, .fnt, .cnf, .ovl).  If the data file has
            no extension specified, you indicate the file by using a
            period (.) without any extension.  Since there is no
            difference, you may specify either upper or lower case
            letters (e.g., .WK1 or .wk1).  You may also use the question
            mark (?) as a wildcard character (e.g., .WK? for .WK1 and
            .WKS).  The commonly used extensions .EXE, .COM, .SYS, .BAT
            and .HLP are automatically excluded.

                 Determining whether to encrypt by using the inclusion
            or exclusion method depends on how you wish to configure
            your secure system and how your program stores its data in
            files. Note that either method can be used for any

                                         13






            application program; it's just that one method may be more
            convenient than another.  If you are running a single
            application program from a configuration file or there are a
            limited number of data files to be encrypted or the
            application program assigns the file extension, you may want
            to use the inclusion method.  If you are running multiple
            application programs from a single configuration file or if
            a large number of data files are to be encrypted or the user
            can assign the file extensions, you may want to use the
            exclusion method.

                 For example, if you are using Lotus 123 (c), all your
            worksheets will be stored in a xxxxxxxx.WK1 file (123
            release 2). It is very easy to use encryption by inclusion
            since you only need to specify the one extension: .WK1.
            However, if you are using Microsoft Word (c) as your word
            processor, even though Word uses .DOC as a default for its
            data files, you may be using quite a few different
            extensions for all your Word documents. In this case, you
            might want to specify encryption by exclusion, and specify
            all the program files that Word uses.

                 Identifying the file extensions to be specified in the
            configuration file requires you to determine which files are
            data files and which files are program files.  Generally,
            the application software documentation will describe which
            file extensions are data and which are programs.  If this
            cannot be determined from the documentation, a utility
            program LOGIO.EXE is included.  This program will log all
            file access I/O.  From this report, you should be able to
            identify the proper extensions to specify in the
            configuration file.  Even if the documentation specifies
            what files are used, you should run LOGIO to verify those
            files; many programs use temporary files that are not
            documented.  If these temporary files contain data, you may
            want to have these files encrypted as the program runs. If
            you do not, even though the files will be erased when the
            program is through with them, those files can be restored by
            several available utilities, and the data can be retrieved.
            More on how to use LOGIO is explained in Chapter 7.

                 The second step is selecting the encryption level (1-
            2).  Level 2 is the default level.  As discussed previously,
            the encryption level is determined by how secure you want
            your data.  It should be noted that the higher the
            encryption level, the more time involved in reading and
            writing the data to the disk.

                 Although the File Encryption System was designed to be
            transparent to most programs, some programs may not work
            properly, due to the method the encryption algorithms
            encrypt the data files.  Some programs require that the
            exact number of bytes be written in the data file.
            Therefore, it may be necessary to modify the encryption

                                         14






            algorithm to work with those programs.  This is accomplished
            by specifying a one (1) instead of the default zero (0).
            Most programs work fine with the modification parameter set
            to 0. Some will not work at all, unless you set this
            parameter to 1. A list of the known programs that require
            this parameter be set to 1 is listed in Appendix C. Most
            programs will also work fine with this parameter set to 1.
            The only difference is that when the algorithm modification
            parameter is set to 1, up to the last 7 characters in the
            file will not be encrypted. It is rare that any sensitive
            data will be contained in the last 7 bytes, or that the last
            7 bytes will make any sense by themselves, but why take a
            chance? We recommend that you start with the modification
            parameter set to 0. If you have a program listed in Appendix
            C, or your program does not work, set the modification
            parameter to 1. Note that there is no in between: your
            program will either totally work with the parameter set to
            0, or it will not be able to read and write data files at
            all.

                 If desired, you may define a menu that will be
            displayed when the SECURE program is executed.  You may put
            anything you like in this menu to make your application easy
            to use.































                                         15






                           SETTING UP YOUR SECURE SYSTEM



                 To set up your secure system you must first generate a
            configuration file with the desired features by running
            EDITCFG.EXE.  Sample configuration files are included for
            your examination.


                                 USING EDITCFG.EXE



                 The utility program EDITCFG.EXE allows you to generate
            a customized configuration file for your own secure system.
            To execute EDITCFG, at the DOS prompt type EDITCFG or
            EDITCFG <filename>.

                      C:\SECURE>EDITCFG    , or


                      C:\SECURE>EDITCFG DEMO1


                 The default filename used by SECURE is SECURE.CFG (this
            default is used by SECURE, not by EDITCFG).  If you don't
            enter a filename, you will be prompted to enter the name of
            a configuration file.  You can select any name you want for
            the configuration file.  You may enter a full pathname (the
            disk drive, directory, and filename) on the command line or
            in response to the prompt.  During the following discussion,
            references will be made to screens that appear when setting
            up a configuration file.  These are for example only; you
            may configure your configuration files for whatever purpose
            you might like.

                 Once you have selected a name for the configuration
            file, the utility will search all directories in the path
            for the named file.  If the file is not found you will be
            asked if you want to create the file.














                                         16






                 For editing purposes the following keys can be used
            whenever data is to be entered:


                 KEY                       FUNCTION

                 TAB, ENTER, DOWN ARROW  Next field
                 SHIFT TAB, UP ARROW     Previous field
                 LEFT ARROW              Move left one character
                 RIGHT ARROW             Move right one character
                 <SPACE>
                 <BACKSPACE>
                 <INS>                   Insert
                 <DEL>                   Delete single character
                 <CTRL><J>               Delete to end of field
                 <CTRL><LEFT><ARROW>     Move to beginning of field
                 <CTRL><RIGHT><ARROW>    Move to end of field



                 When using EDITCFG the function keys are predefined and
            allow you to go from one screen to another.  The function
            key definitions are shown below.


                 FUNCTION KEY               FUNCTION

                 F1                      File Extensions
                 F3                      Menu Screen
                 F10                     Save file
                 ESC                     Abort
























                                         17






                 After starting the EDITCFG program, and specifying the
            configuration file to edit, the Edit File Extension screen
            will be displayed.  On this screen, you select the
            encryption method, level, modification, and file extensions.
            In the file extension portion, the field must begin with a
            period (.).  To specify files without any extensions, use
            just a period in the field.  An example configuration file
            is shown below.


                                           Edit File Extensions

            Encryption by inclusion (+) or exclusion (-) : <+>
            Encryption level (1 - 4) : <2>   Encryption modification (0
            - 1) : <0>

            File Extensions:

            <.WK?> <.PRN> <.DAT> <.TXT> <.DOC> <    > <    > <    > <
            > <    >















            F1-File exts F3-Menu F10-Save
            Edit Configuration Utility - VX.XXX            (C) Copyright
            Bennett Scott, 1991

                 As you can see in this example, the configuration file
            will encrypt the files having the specified extensions with
            an encryption level of 2.  File extensions .WK1 and .WKS
            will both be encrypted since the wildcard (?) was used.












                                         18






                 Pressing F3 displays the Edit Menu screen.  This screen
            allows the you to generate a customized menu that appears on
            the screen when SECURE is executed. You can also use the
            extended character set by typing <ALT> <x> <y> <z> where xyz
            is the decimal equivalent of the character to be displayed
            (to do this, hold down the ALT key and type the numbers on
            the keypad).  You can use this feature to draw boxes and
            lines on the menu screen.  An example of a menu is shown
            below.


                                                        Edit Menu
            ------------------------------------------------------------
            --------------------

                                                       SECURE MENU


                                        Select one of the following
            commands





                         DATA    - Spreadsheet Program
                         WORD    - Word Processor
                         COMM    - Communication Program
                         FILE    - Database Program


                         EXIT    - Return to DOS









            ------------------------------------------------------------
            --------------------
            F1-File exts F2-Function keys F3-Menu F4-Passwords F5-
            Program F10-Save Edit
            Configuration Utility - VX.XXX               (C) Copyright
            Bennett Scott, 1991



                 Pressing F10 saves the configuration file.  You can
            return to any of the other screens by pressing the
            respective function key.  Pressing the ESC key aborts the
            configuration program without saving the file.

                                         19






                                 USING ENCRYPT.EXE



                 Now that you have setup the configuration file, you may
            still need to encrypt already existing data files in order
            to begin using the File Encryption System.  The File
            Encryption System utility program, ENCRYPT.EXE will encrypt
            a file given a file pathname, password, encryption level and
            algorithm modification.  The program is started by entering
            "ENCRYPT" at the DOS prompt.  The following screen will be
            displayed, prompting you for the required information.



















                         Enter data and press F1 to start encryption

            Current Directory = <current path>
            Pathspec = >
            <
            Password = >                <   Encryption Level = >2<
            Modification = >0<
            File Encryption Utility - VX.XXX           (C) Copyright
            Bennett Scott, 1991



                 Enter the filename you want to encrypt.  You may give
            both a disk and directory name in addition to the filename.
            The question mark (?) and asterisk (*) may be used as
            wildcard characters in the filename.  If the file cannot be
            found, you will get an error message.  Enter a password, up
            to 16 characters and an encryption level (1 - 2); level 2 is
            the default.  If necessary to modify the encryption
            algorithm, change Modification from 0 to 1.  The password
            you select will be required when you run SECURE.  Any
            password may be used here, regardless of whether or not
            passwords have been preassigned in a configuration file.

                                         20






            The encryption level that you select must be the same as
            entered in the configuration file.  Pressing F1 starts the
            encryption process.  The file is then read, encrypted, and
            written back to disk. The encrypted file is written directly
            over the original file, so no trace of the unencrypted
            original is left.  After the encryption is done, the program
            terminates.  If wildcards are used, the encryption procedure
            is repeated until all files are encrypted.

                 When encrypting files, you must be careful and not
            encrypt an already encrypted file.  The encryption utility
            does not know or care if a file is already encrypted; it
            will encrypt the file twice.  The file can still be
            restored, it is just a matter of using the decrypt utility
            (twice, in the reverse order that the encrypt utility was
            used).  You should also be careful to not interrupt the
            encrypt utility while it is running.  As a fail-safe
            feature, ENCRYPT first writes encrypted data to a temporary
            file and then writes the encrypted file over your original
            file. If the program is interrupted while it is running, the
            original unencrypted file will still be present, as well as
            the temporary file which is encrypted.

                 Pressing the ESC key before pressing the F1 key will
            abort the Encryption program.






























                                         21






                                   USING DECRYPT





                 The File Encryption System utility program, DECRYPT.EXE
            will decrypt a file given a file pathname, password, and an
            encryption level.  The program operates similarly to the
            encrypt utility, except that the file(s) are decrypted
            instead of encrypted.  The program is started by entering
            "DECRYPT" at the DOS prompt.  You can use DECRYPT to change
            the password or encryption level of a file by first running
            DECRYPT using the old information and then running ENCRYPT
            with new information.  You can use the ESC key to abort the
            decryption utility.  The following screen will be displayed,
            prompting you for the required information.



















                         Enter data and press F1 to start decryption

            Current Directory = <current path>
            Pathspec = >
            <
            Password = >                <   Encryption Level = >2<
            Modification = >0<
            File Encryption Utility - VX.XXX           (C) Copyright
            Bennett Scott, 1991










                                         22






                              USING THE SECURE PROGRAM



                 Now that you have created a configuration file and
            encrypted the necessary data files, you are ready to start
            the The File Encryption System main program (SECURE.EXE).
            At the DOS prompt enter the command "SECURE", followed by
            the configuration filename.  If you do not enter any
            arguments, SECURE will search for the default configuration
            file, SECURE.CFG, in the current directory, then in all
            directories specified by the PATH.  An error message will
            appear on the screen if the configuration file can not be
            found.  What you see on the screen depends on how you set up
            your configuration file.

                 Enter at the DOS prompt:

                      > SECURE   , or


                      > SECURE <configuration file>

































                                         23






                                   RUNNING SECURE



                 When you execute the SECURE program, you will see the
            menu that you defined in your configuration file.  Shown
            below is the menu screen that would appear if the
            configuration file used in a previous example was used.



                                                   SECURE MENU


                                        Select one of the following
            commands




                         DATA    - Spreadsheet Program
                         WORD    - Word Processor
                         COMM    - Communication Program
                         FILE    - Database Program


                         EXIT    - Return to DOS









            Directory = >
            Command >
            Password >                <



                 Lines 4 through 20 on the display is the menu defined
            in the configuration file.  This file is read once when the
            program starts to execute, then the file is not needed
            again.  As discussed in the previous section, you may put
            anything you like in this file to make your application easy
            to use.  This file needs to be in the default directory or
            in the PATH when SECURE.EXE begins to execute. You will
            receive an error message if SECURE can not find the
            configuration file.

                 Line 22, (Directory =) displays the current (or
            default) disk and directory.

                                         24






                 Lines 23 and 24 contain the prompts for the command,
            and the password. The command can be any DOS command you
            normally use.  The program will take the command and will
            try to execute it in one of two ways.  It will first look
            for a .COM or .EXE file which corresponds to your command.
            You can also give a disk and directory name as part of your
            command (such as B:\UTILITY\CHKDSK), however you must
            realize that a large number of programs require
            supplementary files which all must be in the default
            directory or path.  (This is the same restriction on
            PC/MSDOS itself, so you should be familiar with this.)  If
            the file cannot be found as a .COM or a .EXE file, then a
            copy of COMMAND.COM is loaded to execute your command.
            COMMAND.COM is the MSDOS command interpreter. This must also
            be done to execute internal commands (such CHKDSK and TYPE)
            and batch files.  If another copy of COMMAND.COM needs to be
            loaded, you will have reduced the amount of memory available
            to your program by the size of COMMAND.COM.

                 If you give the command COMMAND, a copy of COMMAND.COM
            will be loaded and control will be transferred to it.  This
            is similar to loading any other program file.  If the file
            COMMAND.COM is not in the default directory or path on the
            default disk, you may give both a disk and directory in
            front of the command (such as C:\SYSTEM\COMMAND). You can
            leave the command interpreter and return to the SECURE
            program with the command "EXIT".

                 The password can be any printable character (any
            character on the keyboard) up to 16 characters long.  Keep
            in mind that all characters in a password are part of that
            password.  For example the password "PASSWORD" is not the
            same as the password "PASS WORD", which has an embedded
            space.  It is also not the same as "password"; upper and
            lower case characters are different.  If you do not enter
            anything (by simply pressing the RETURN key), the encryption
            system will not be turned on.  This allows you to perform
            the internal and external DOS commands or execute any
            program which does not require encryption.  If your
            configuration file was created with passwords assigned, you
            must enter the correct password at this prompt (or no
            password).  An invalid password will give you an error
            message.

                 After your command finishes processing, control will be
            returned to the SECURE.EXE program. You will get the
            message:


                 Command terminated - Press any key to continue

                 At this point, press any key to return to the menu.



                                         25






                 The encryption system is automatically turned off when
            you return to the SECURE.EXE program.

                 You may be wondering what will happen if you do not
            turn on the encryption driver (by not entering a password),
            or turn it on with the wrong password.  When the program
            tries to read data from an encrypted file, it will read
            meaningless data.  Many programs, especially spreadsheet
            programs and some word processors, can recognize that the
            data does not make sense and will give you an appropriate
            message.  Other programs, like a text editor, won't care -
            one character is as good as another to them.  In this case
            you may see gibberish on the screen.  Other programs, like
            some older word processors, may not be able to detect
            meaningless data, but will try to use it and "crash" the
            system.  In this case you may have to reboot your system.
            It will not harm the files themselves.

                 While SECURE is active and expecting you to enter a
            program and password, the UP and DOWN arrow keys allow you
            to recall previously executed commands (up to 16).  If you
            decide not to perform a particular command after having
            entered it at the command prompt you can use the HOME key to
            wipe out the entry.  Pressing the ESC key or typing EXIT at
            the command prompt will terminate SECURE, returning you to
            whatever application was executing prior to running SECURE.





























                                         26






                     LIMITATIONS OF THE FILE ENCRYPTION SYSTEM







                 Although the File Encryption System was designed to be
            transparent to most programs, some programs may not work
            with the security system. This section details those areas
            that may cause problems.

                 The encryption algorithms used by the security system
            require that data be written in blocks of 8 bytes.  A
            program can write any number of bytes it wants, and the
            security system will handle the task of converting the data
            to 8 byte blocks.  Most programs will not care that the file
            size of their file is 800 bytes instead of the 797 bytes
            that they actually wrote.  However, there may be some
            programs that do not like it, and will not work properly.
            If the File Encryption System is off, 797 bytes written will
            yield a 797 byte file.  It is only when the data is being
            encrypted (a password is specified) that the data will be
            written in 8 byte blocks.  To allow the File Encryption
            System to work with these programs, during the set up of the
            configuration file, you can modify the encryption algorithm
            by selecting one (1).  If there are less than 8 bytes
            remaining to be encrypted, those bytes will not be
            encrypted.  A list of known programs that must use this
            modification are listed in Appendix C.

                 If a program opens a file for write access only, this
            is intercepted by the security system and changes to
            read/write access.  This is necessary if the program wants
            to write 1 byte in the middle of the file. The security
            system must read an 8 byte block, decrypt it, write the
            data, and encrypt the block before putting it back in the
            file. This should cause no problems.

                 There is a limit of 40 files with exclusion extensions
            that can be open at any one time with the handle method of
            file I/O.  This should be more that enough for most
            applications.  If this upper limit is reached, the
            application task may return an error saying that too many
            files are open. Note that the default number of files that
            can be open under MSDOS with the handle method is only 8, so
            unless there is a FILES= command in the CONFIG.SYS file that
            specifies more than 40 files, there is no chance of this
            even being a problem.

                 The security system works by intercepting the MSDOS
            function call interrupt (INT 21H). If a program changes this


                                         27






            vector without putting it back to its original value, the
            security system may be disabled.





















































                                         28






                          USING THE LOGIO UTILITY PROGRAM







                 It is not always a straight forward task to determine
            what files an application program may be using. Program file
            extensions (for encryption by exclusion) can usually be
            determined by merely looking at the directory containing the
            application program and noting all the extensions.  Note
            however, that even by doing this, you may have many files
            extensions that you may want to exclude.  But, it is not
            always an easy job to determine what data files (for
            encryption by inclusion) that an application program may be
            using.  For example, it may be readily apparent that your
            word processing program appears to be using the extension
            ".DOC" as a default for all your text files, and you plan to
            use only that extension.  But the word processor may really
            be writing to a file with a ".TMP" extension (for
            "temporary").  After this file is written to disk, it is
            renamed to ".DOC" after your original file has been renamed
            to ".BAK" (for "backup").  If you configure SECURE to only
            encrypt ".DOC" files, your file will end up unencrypted.
            This is because the file is unencrypted when writing to the
            ".TMP" file, since you did not specify the extension ".TMP".
            Renaming the file from "FILE.TMP" to "FILE.DOC" will not
            affect the encryption, since renaming the file only changes
            the name; the file has already been written under its old
            name.

                 The LOGIO utility allows you to look at what files any
            application may be using by logging all file access input
            and output (reads and writes) to a file.  By having this
            information, you can tell what files are being used by your
            program, so that you can correctly configure SECURE to
            properly encrypt your data files.

                 You should always run LOGIO as one of the first steps
            in setting up your configuration.  Remember, even if you
            think you know what files are being used by your
            application, if your data files are not being encrypted
            after running your application program from the SECURE
            program, it may be caused by the application program using
            temporary files for data storage.  If this is the case,
            running LOGIO will give you the information you need to
            correctly configure SECURE.






                                         29






                 In order to use LOGIO, enter LOGIO at the DOS prompt.
            The following screen will be displayed.



















            Current Directory =
             >

            File I/O Logging Program - VX.XXX         (C) Copyright
            Bennett Scott, 1985-1991



                 This screen looks very much like the SECURE screen, and
            in fact works much the same way. But instead of intercepting
            all data being read and written to the data files, the
            information that these data files are being used will be
            logged to a log file.

                 The current directory will be shown after the equal (=)
            sign.  If you need to change to another directory in order
            to run your application program, you can use the DOS change
            directory (CD) command entered at the > prompt.  The current
            directory should now displayed after the = sign.  You can
            now enter the command to run your application program.

                 Upon running your application program, the LOGIO
            program will store the names of the files that are being
            used by your application.  From this log file you will be
            able to determine what files are being used by your
            application program.  You will see messages that indicate
            when files are opened, created, renamed, and moved.

                 All files must be "opened" before an application
            program may use it.  Every file that the application program
            uses must be opened, and as such, the file's name will be
            printed.  A file must be opened whether it exists or not;


                                         30






            files that are opened may be either program files or data
            files.

                 A file that does not exist cannot be opened; it must be
            "created".  Usually an application program may try to open a
            file, find that it is not there, and will then create the
            file.  The create operation not only creates the file, but
            it also opens the file so that it can be used.  When you see
            an application program trying to open a file, then creating
            it, you may have caught your application program using a
            temporary file.

                 An application program, when through with a temporary
            file, will usually "rename" (or "move" the file).  Both
            these operations are essentially the same: the name of the
            file is changed.  This is usually done when a temporary file
            must be renamed to your data file.

                 All the messages logged by the LOGIO program are stored
            in the file "$$$LOGIO.LOG". This file will be put in the
            default directory selected when LOGIO is started. You may
            use any normal way you have to look at this file (type,
            print, edit, etc).  You may also send the output directly to
            your printer while the program is running by running LOGIO
            with a "/P" parameter, ie, when starting the LOGIO program,
            enter "LOGIO /P" at the DOS prompt.

                 The messages printed by LOGIO are as follows:


                 Opening file handle  : Filename = EXAMPLE.TXT
                   Hex values of extension = [54][58][54]

                 This is a typical "opening file" message.  The file
            "EXAMPLE.TXT" is being opened by the application program.
            The term "file handle" refers to the way that the
            application program is controlling the file.  A similar
            message will say "Opening file FCB".  This is an alternate
            way of controlling files in MSDOS.  As far as configuring
            SECURE, both messages give you the same information.

                 In addition to the name on the first line of this
            message, the second line repeats the extension in
            hexadecimal notation. Some application programs may use
            "nonstandard" characters in the extension name (such as the
            smiling face or mathematical symbols).  These are characters
            that are supported by PCs, but are outside the normal ASCII
            printable character set range.  These will be properly
            displayed on the first line of this message in the
            $$$LOGIO.LOG file, but if your printer does not support the
            full PC character set, and you print the log file, your
            printer may not print these special characters.  The
            hexadecimal notation is also useful if you need to enter the
            extension in the SECURE configuration file.  To do so, first

                                         31






            convert each character of the extension in hexadecimal
            notation to decimal notation by referring to appendix D.
            You can then enter the nonstandard character on the
            appropriate screen of the EDITCFG program by holding down
            the ALT key and pressing the three keypad digits that
            represent the character in decimal notation.


                 Creating file handle  : Filename = EXAMPLE.TXT
                   Hex values of extension = [54][58][54]

                 This is a typical "creating file" message.  The file
            "EXAMPLE.TXT" is being created, and then opened by the
            application program.  The term "file handle" refers to the
            way that the application program is controlling the file.  A
            similar message will say "Creating file FCB".  This is an
            alternate way of controlling files in MSDOS.  As far as
            configuring SECURE, both messages give you the same
            information.  This message also gives you the alternate
            hexadecimal notation for the extension.


                 Moving file : EXAMPLE.TXT => EXAMPLE.BAK
                   Hex values of extension = [54][58][54] =>
                 [42][41][4B]
                 Renaming file : EXAMPLE.TXT => EXAMPLE.BAK
                   Hex values of extension = [54][58][54] =>
                 [42][41][4B]

                 These two messages show a file being renamed.  Both
            these messages show a file named "EXAMPLE.TXT" being renamed
            to "EXAMPLE.BAK".

                 All these messages can now be put together into a
            sample LOGIO session.  In this case, we will edit a file
            "EXAMPLE.TXT" using our text editor "EDIT".  We have started
            the session by entering:

                      EDIT EXAMPLE.TXT


                 at the LOGIO command prompt.  The logging session may
            look like follows:


                 Opening file handle  : Filename = EDIT.CFG
                   Hex values of extension = [43][46][47]
                 Opening file handle  : Filename = EXAMPLE.TXT
                   Hex values of extension = [54][58][54]
                 Opening file handle  : Filename = EXAMPLE.TMP
                   Hex values of extension = [54][4D][50]
                 Creating file handle  : Filename = EXAMPLE.TMP
                   Hex values of extension = [54][4D][50]
                 Moving file : EXAMPLE.TXT => EXAMPLE.BAK

                                         32






                   Hex values of extension = [54][58][54] =>
                 [42][41][4B]
                 Moving file : EXAMPLE.TMP => EXAMPLE.TXT
                   Hex values of extension = [54][4D][50] =>
                 [54][58][54]

                 In this example, the first open is a file named
            "EDIT.CFG".  This is a configuration file that the editor
            uses, and is part of the application program.  The next file
            that is opened is "EXAMPLE.TXT".  This is our data file that
            we want to edit.  The next two logged messages show that a
            file named "EXAMPLE.TMP" was opened, then created.  Our
            editor is using a temporary file with the ".TMP" extension.
            Since the temporary file is not there, it cannot be opened,
            and must be created.  The last two messages show the files
            being renamed to complete the edit operation.  Our original
            file was renamed "EXAMPLE.BAK"; it is now a backup file.
            The temporary file was renamed "EXAMPLE.TXT", which is our
            newly edited file.

                 If we want to configure SECURE for encryption by
            exclusion, we would have to specify the ".CFG" extension;
            our editor uses a file with this extension.  If we want to
            configure SECURE for encryption by inclusion, we would
            specify the extensions ".TMP", ".BAK", and ".TXT".  The
            editor is going to use the ".TMP" and ".BAK" extensions for
            a temporary file and a backup file.  We want the temporary
            file to be encrypted so that the temporary file cannot be
            "undeleted" from the disk.  We want the backup file to be
            encrypted so that we can edit it later.  Note that the
            backup file will be encrypted, since it is really only being
            renamed; but we want to be able to edit the backup file.  We
            specify the ".TXT" extension since that is going to be the
            extension on all our encrypted data files; we could specify
            as many extensions that we want for data files.




















                                         33






                                     APPENDIX A








                            MESSAGES in ENCRYPT/DECRYPT



            Encrypting file <pathname>

                 The named file is currently being encrypted.

            Decrypting file <pathname>

                 The named file is currently being decrypted.

            *** No Files Found ***

                 No files matching the pathname specification could be
                 found for encryption or decryption.

            *** Error opening file <pathname> ***

                 An error was encountered when trying to access the
                 named file.  This error should not occur unless there
                 is a file subsystem (disk) problem.

            *** Error opening working file <pathname>  ***

                 An error was encountered when trying to access the
                 named file.  This could be caused by the disk being
                 write protected or the disk (or directory) being full.

            *** Error writing working file <pathname> ***

                 An error was encountered when trying to write to the
                 named file.  This could be caused by the disk being
                 write protected or the disk being full.

            *** Error reading file <pathname> ***

                 An error was encountered when trying to access the
                 named file.  This error should not occur unless there
                 is a file subsystem (disk) problem.






                                         34






            *** Error reopening file <pathname> ***

                 An error was encountered when trying to access the
                 named file.  This error should not occur unless there
                 is a file subsystem (disk) problem.

            *** Error reopening working file <pathname> ***

                 An error was encountered when trying to access the
                 named file.  This error should not occur unless there
                 is a file subsystem (disk) problem.

            *** Error reading working file <pathname> ***

                 An error was encountered when trying to access the
                 named file.  This error should not occur unless there
                 is a file subsystem (disk) problem.

            *** Error writing encrypted file <pathname> ***

                 An error was encountered when trying to write to the
                 named file.  This could be caused by the disk being
                 write protected, your original file being write
                 protected, or the disk being full.

            *** Error writing decrypted file <pathname> ***

                 An error was encountered when trying to write to the
                 named file.  This could be caused by the disk being
                 write protected, your original file being write
                 protected, or the disk being full.
























                                         35






                                 MESSAGES IN SECURE



            *** Configuration file not found ***

                 The specified configuration file could not be found in
                 either the current directory, or in any of the
                 directories specified by the PATH.  If no configuration
                 file was specified, SECURE.CFG could not be found.

            Command terminated - Press any key to continue.

                 SECURE has successfully completed execution of the
                 command given on the SECURE menu screen.  Press any key
                 to return to the SECURE menu screen.

            Command not able to execute - Press any key to continue.

                 SECURE was not able to find the specified program file
                 to execute, so it tried to load a copy of the MSDOS
                 command interpreter.  SECURE could not find the command
                 interpreter.

            *** Too many extensions in configuration file ***

                 This error indicates a corrupted configuration file.
                 The configuration file must be regenerated (from
                 scratch).

            *** Too many characters in menu text ***

                 This error indicates a corrupted configuration file.
                 The configuration file must be regenerated (from
                 scratch).




















                                         36






                                MESSAGES IN EDITCFG



            *** Configuration file <pathname> not found ***

                 EDITCFG cannot find the configuration file named in
                 either the default directory or in any directories
                 specified in the PATH.  EDITCFG will ask if you want to
                 create this file.

            *** Saving Configuration File

                 The new parameters are being saved to the configuration
                 file.

            *** Too many extensions in configuration file ***

                 This error indicates a corrupted configuration file.
                 The configuration file must be regenerated (from
                 scratch).

            *** Too many characters in menu text ***

                 This error indicates a corrupted configuration file.
                 The configuration file must be regenerated (from
                 scratch).




























                                         37






                                 MESSAGES IN LOGIO



            Command terminated - Press any key to continue.

                 LOGIO has successfully completed execution of the
                 command given on the LOGIO menu screen.  Press any key
                 to return to the LOGIO menu screen.

            Command not able to execute - Press any key to continue.

                 LOGIO was not able to find the specified program file
                 to execute, so it tried to load a copy of the MSDOS
                 command interpreter.  LOGIO could not find the command
                 interpreter.

            Opening file handle  : Filename = <pathname>

                 The named file is being opened for access using the
                 MSDOS file handle access method.

            Opening file FCB     : Filename = <filename>

                 The named file is being opened for access using the
                 MSDOS file control block access method.

            Creating file handle : Filename = <pathname>

                 The named file is being created and opened for access
                 using the MSDOS file handle access method.

            Creating file FCB    : Filename = <filename>

                 The named file is being created and opened for access
                 using the MSDOS file control block access method.

            Moving file : <old pathname> => <new pathname>

                 The named file is being renamed to the new name using
                 the MSDOS file handle access method.  (Note: the file
                 is really not being "moved" on disk.  That is only the
                 MSDOS terminology.  But it may be "moved" to a new
                 directory on the same disk.)

            Renaming file : <old filename> => <new filename>

                 The named file is being renamed to the new name using
                 the MSDOS file control block access method.






                                         38






                                     APPENDIX B







                 The following information may be used to set up the
            file extensions in the configuration file. The following
            information list filename extensions used by many popular
            software packages.  Both data files as well as program files
            are included to allow you to configure your system for
            either the inclusion or exclusion method of encryption.  To
            use the inclusion method of encryption, select the plus (+)
            and in the extension fields enter the extensions shown for
            your particular package (the data files).  If you want to
            use the exclusion method of encryption, select the minus (-)
            and in the extension fields enter the extensions shown for
            your particular package (the program files).

                 If you have selected to use the inclusion method, and
            are running more than one application program from a single
            configuration file, all extensions for each program must be
            from the inclusion list.  The opposite is true if you are
            using the exclusion method.  You cannot mix extensions from
            the inclusion list with the exclusion list.

                 SECURE.EXE automatically excludes the commonly used
            file extensions, .BAT, .COM, .EXE, .HLP, and .SYS.  It is
            not necessary to enter these extensions when configuring
            your system.

                 Many programs (especially text editors and word
            processors) let you use any extension you desire. This will
            affect encryption by inclusion, since you must specify all
            extensions of your data files. This will be indicated in the
            following tables with the entry ".xxx". This entry indicates
            that you must specify all extensions that you intend to use
            with your application.















                                         39






                                    SPREADSHEETS



            LOTUS 123 (Release 1 and 2)

                 INCLUSION -    .WK?, .PRN
                 EXCLUSION -    .CMP, .CNF, .DLB, .DRV, .DVC, .DYN,
                                .FNT, .FON, .LBR, .SET, .SCR, .XLT

            MICROSOFT MULTIPLAN (Version 1 and 2)

                 INCLUSION -    .xxx
                 EXCLUSION -    .LOD, .COD, .DAT, .INI


                                  WORD PROCESSORS



            MICROSOFT WORD

                 INCLUSION -    .DOC, .xxx
                 EXCLUSION -    .GLY, .INI, .LEX, .PRD, .STY, .SYN, .VID

            WORDPERFECT

                 INCLUSION -    .DOC, .xxx
                 EXCLUSION -    .SET, .FRS, .LRS, .PRS, .WPK, .STY, .MRS
                                .DRS, .FIL, .LEX, .THS, .CRS


                                DATABASE MANAGEMENT



            dBASE III

                 INCLUSION -    .BAK, .DBF, .DBT, .NDX, .TBK
                 EXCLUSION -    .DB, .CAT, .FRM, .FMT, .MSG, .LBL, .MEM,
                                .OVL, .PRG, .QRY, .SCR, .TXT, .VUE














                                         40






                                     APPENDIX C







                 The following programs must be used with algorithm
            modification 1:



                      Wordperfect









































                                         41






                                     APPENDIX D



                         HEXADECIMAL TO DECIMAL CONVERSION


            HEX DEC   HEX DEC   HEX DEC   HEX DEC   HEX DEC   HEX DEC

             00 000    2D 045    5A 090    87 135    B4 180    E1 225
             01 001    2E 046    5B 091    88 136    B5 181    E2 226
             02 002    2F 047    5C 092    89 137    B6 182    E3 227
             03 003    30 048    5D 093    8A 138    B7 183    E4 228
             04 004    31 049    5E 094    8B 139    B8 184    E5 229
             05 005    32 050    5F 095    8C 140    B9 185    E6 230
             06 006    33 051    60 096    8D 141    BA 186    E7 231
             07 007    34 052    61 097    8E 142    BB 187    E8 232
             08 008    35 053    62 098    8F 143    BC 188    E9 233
             09 009    36 054    63 099    90 144    BD 189    EA 234
             0A 010    37 055    64 100    91 145    BE 190    EB 235
             0B 011    38 056    65 101    92 146    BF 191    EC 236
             0C 012    39 057    66 102    93 147    C0 192    ED 237
             0D 013    3A 058    67 103    94 148    C1 193    EE 238
             0E 014    3B 059    68 104    95 149    C2 194    EF 239
             0F 015    3C 060    69 105    96 150    C3 195    F0 240
             10 016    3D 061    6A 106    97 151    C4 196    F1 241
             11 017    3E 062    6B 107    98 152    C5 197    F2 242
             12 018    3F 063    6C 108    99 153    C6 198    F3 243
             13 019    40 064    6D 109    9A 154    C7 199    F4 244
             14 020    41 065    6E 110    9B 155    C8 200    F5 245
             15 021    42 066    6F 111    9C 156    C9 201    F6 246
             16 022    43 067    70 112    9D 157    CA 202    F7 247
             17 023    44 068    71 113    9E 158    CB 203    F8 248
             18 024    45 069    72 114    9F 159    CC 204    F9 249
             19 025    46 070    73 115    A0 160    CD 205    FA 250
             1A 026    47 071    74 116    A1 161    CE 206    FB 251
             1B 027    48 072    75 117    A2 162    CF 207    FC 252
             1C 028    49 073    76 118    A3 163    D0 208    FD 253
             1D 029    4A 074    77 119    A4 164    D1 209    FE 254
             1E 030    4B 075    78 120    A5 165    D2 210    FF 255
             1F 031    4C 076    79 121    A6 166    D3 211
             20 032    4D 077    7A 122    A7 167    D4 212
             21 033    4E 078    7B 123    A8 168    D5 213
             22 034    4F 079    7C 124    A9 169    D6 214
             23 035    50 080    7D 125    AA 170    D7 215
             24 036    51 081    7E 126    AB 171    D8 216
             25 037    52 082    7F 127    AC 172    D9 217
             26 038    53 083    80 128    AD 173    DA 218
             27 039    54 084    81 129    AE 174    DB 219
             28 040    55 085    82 130    AF 175    DC 220
             29 041    56 086    83 131    B0 176    DD 221
             2A 042    57 087    84 132    B1 177    DE 222
             2B 043    58 088    85 133    B2 178    DF 223
             2C 044    59 089    86 134    B3 179    E0 224

                                         42