Gaming File encryption?

[LittleBigMods]

One thing that I've wondered for a long time is how file encryption works, for example if you open a Word (.docx) in Notepad, you'll a a bunch of characters that look random to the noob's eye. However, if you open a .rtf file with the same text in Notepad, you can see more, such as the character set, font, font size, and even the text of the document. It almost looks like a more complicated version of BBCode.

From what I understand, file types and encryption work like this (I'm using Word 2010 for my example):

Text is typed into Word > Word uses a key to encrypt and create a .docx file > The file is saved as *.docx

And decryption is basically the same thing, but in reverse:

The file, *.docx, is opened by Word > It is decrypted using the same key > You are shown the original document



So what I'm wondering, in a nutshell, is how I can make a program, such as a text editor, that can allow *.docx files to be edited (or .rtf) and how I can make my own file types and extensions.

Any help would be greatly appriciated

 

[Originality]

Docx files are not encrypted, they just have a special format. IIRC, at the beginning is the header and metadata for the file, and in the middle is all the formatting and actual body of the document. Someone with enough skill in pattern recognition (which isn't really that much) should be able to sift out the formatting from the text.

Encrypting pretty much means scrambling the very data of the file so that it cannot be accessed without both the correct decryption software and the correct key/phrase.

EDIT: to create your own file format, create a different way to compile/format/encrypt your data. However, start basic, then add extras afterwards.

 

[R4Liam]

@Originality that is pretty cool, I've always wondered what it actually does. I encrypted some folders using face recognition software called Veriface, it is pretty cool although I don't know how secure it is!

 

[FAST6191]

Security when it comes to encryption relies on many things which I am loathe to overlook for this example (stuff like you can encrypt a folder but if I looked in your temp directory and/or ran an undelete program would I see some stuff you are trying to keep secret to name but one potential pitfall) but to save the time I will have to. First there are two broad classes- public key/asymmetric and private key/symmetric (there are ways to mess around and do other things but for now there are those two methods).

Symmetric uses the same key to encrypt and decrypt. It relies on a long key being combined with the data to obscure it and only be able to be decrypted. AES and XOR being examples in relatively common use (although theoretically amazing and not too demanding on a system XOR has some serious shortcomings in practice).

Asymmetric uses one key to encrypt and another to decrypt- one you can make public and another you keep locked down tight although they can do different things depending on what goes. They are based on "hard maths" which is an actual technical term and is used to describe a problem that is easy to do but given only the answer and method is well hard to go back from- the two main methods are large prime numbers (as far as we known there is no pattern in primes and they are impossible to predict/generate simply) with RSA being an example of prime number based encryption and some of the maths underpinning elliptical geometry (ECDSA being an example).

You can combine the two as well- I encrypt a symmetric key with your asymmetric encryption key and send the result to you as you and only you can decrypt it at which point we then encrypt all that follows with my symmetric key. Symmetric is generally easier on processors and so it still has a place.

Different algorithms have different strengths (some of which do not work at all) and there are all sorts of attacks on the encryption and ways to fail in implementation (see most recent console hacks) but broadly speaking the longer the key the more awkward it is to work with but also the more secure.
In your example the key is probably points on your face (something like http://www.geekosystem.com/wp-content/uplo...12/facescan.jpg ) which nobody (at least not without a decent photo) will hopefully match to although what it uses underneath that is a different matter- the face thing is just a key generator (and possibly a bad one- injury*, the photo thing and well I can change a password but changing body parts is more of a pain- it is one of the major failings of biometrics).

*this is why I should have asked something like please give an emergency password.

On top of this you also have hashing and signing which are related to all this and play a key role in things.

"However, start basic, then add extras afterwards."
This works but it often easier on the long run to sit down and hammer out a bit of a spec first- I need the ability to do 1,2,3.... with the restrictions/need to comply with ? other specification......

 

[Rydian]

Docx is actually a container. You can open docx files with 7-zip and then get at the individual files which contain the plain text and formatting.