The pre-encryption data structure

The data must be correctly packed with all the necessary information in the appropriate locations before encryption. It is important to note that the data structure required for encrypting a byte array differs from that required for encrypting a file, although some data is common to both.

To encrypt an array of bytes, a single byte block is used in a single cycle, whereas to encrypt a file, one or more byte blocks are used in one or more cycles.

In the following examples 1 byte means 1 char.

The byte array data structure before encrypting (minimum size 65,536 bytes)
  • Single block of chars with 8 fields
    1. n1 chars is a sequence of random bytes chars for each key (max = 1024 chars). n1 depends on its checksum calculated with the SHA-512 algorithm. Detailed calculation of n1.
    2. n2 chars is the key checksum and depends on the algorithm used (*). The choice of algorithm is defined by the key first byte.
    3. 4 chars is the length of the byte array to encrypt.
    4. 1 char is the checksum flag, which indicates whether the checksum of the byte array will be calculated and which algorithm will be used (0 = none, 1 = MD5, 2 = SHA-1, 3 = SHA-256 and 4 = SHA-512).
    5. 1 char is the encryption execution flag, which indicates whether encryption will be executed. Can be 1 = encryption or 0 = no encryption. Default is 1. Theoretically, it should not be switched off (0), except to see how the data structure before encryption is formatted.
    6. n3 chars is the byte array to encrypt. Its length is defined in step 3.
    7. n4 chars is the calculation [65.536 – (n1 + n2 + 4 + 1 + 1 + n3 + n5)], otherwise 0.
    8. n5 chars is the checksum of the byte array performed with the algorithm defined in step 4. Can be long 0, 32, 40, 64 or 128 chars.

So the length of the byte block header is : n1 + n2 + 4 + 1 + 1 + n3 + n4 + n5

(*) The length of the hash is correctly stored as half of bytes used in EMA because it’s packed. For example, MD5 uses 16 bytes, SHA-1 uses 20 bytes, SHA-256 uses 32 bytes, and SHA-512 uses 64 bytes. In EMA the checksum stores its chars, so MD5 uses 32 chars, SHA-1 uses 40 chars ,SHA-256 uses 64 chars, and SHA-512 uses 128 chars.

The file data structure before encrypting (minimum size 65,536 bytes)
  • Single byte block of chars (first and last) with 21 fields
    1. n1 chars is a sequence of random chars fixed for each key (max = 32.768 bytes). n1 depends on its checksum calculated with the SHA-512 algorithm. Detailed calculation of n1..
    2. n2 chars is the key checksum and depends on the algorithm used (*). The choice of algorithm is defined by the key first byte.
    3. 2 chars is the length of the filename.
    4. 5 chars is the size of the file to be encrypted.
    5. 1 char is the checksum flag, which indicates whether the checksum of the file will be calculated and which algorithm will be used (0 = none, 1 = MD5, 2 = SHA-1, 3 = SHA-256 and 4 = SHA-512).
    6. 6 chars is the encryption date.
    7. 6 chars is the last file modification date.
    8. 6 chars is the creation file date.
    9. 6 chars is the last access file date.
    10. 2 chars is the file owner length.
    11. 2 chars is the file group length.
    12. 2 chars is file permissions/attributes length.
    13. 4 chars is the byte block size.
    14. 1 char is the encryption execution flag, which indicates whether encryption will be executed. Can be 1 = encryption or 0 = no encryption. Default is 1. Theoretically, it should not be switched off (0), except to see how the data structure before encryption is formatted.
    15. n3 char is the file owner. The length is defined in step 10.
    16. n4 chars is the file group. The length is defined in step 11.
    17. n5 chars is the filename absolute path included. The length is defined in step 3. Filenames use the UTF_16BE charset.
    18. n6 chars is the file permissions/attributes. The length is defined in step 12.
    19. n7 chars is the entire file to encrypt (converted into byte array). Its length is defined in step 4.
    20. n8 chars is, if [65.536 – (n1 + n2 + 43 + n3 + n4 + n5 + n6 + n7)] > 0, otherwise 0.
    21. n11 chars is the checksum of the file performed with the algorithm defined in step 4. Of course can be long 0, 32, 40, 64 or 128 chars.

In this case the length of the byte block header : n1 + n2 + (2 + 5 + 1 + 6 + 6 + 6 + 6 + 2 + 2 + 2 + 4 + 1)(43) + n3 + n4 + n5 + n6

  • Two byte blocks of chars, the first block with 19 fields and the last block with 2 fields
    1. n1 chars is a sequence of random bytes fixed for each key (max = 32.768 bytes). n1 depends on its checksum calculated with the SHA-512 algorithm. Detailed calculation of n1.
    2. n2 chars is the key checksum and depends on the algorithm used (*). The choice of algorithm is defined by the key first byte.
    3. 2 chars is the length of the filename.
    4. 5 chars is the size of the file to be encrypted.
    5. 1 char is the checksum flag, which indicates whether the checksum of the file will be calculated and which algorithm will be used (0 = none, 1 = MD5, 2 = SHA-1, 3 = SHA-256 and 4 = SHA-512).
    6. 6 chars is the encryption date.
    7. 6 chars is the last file modification date.
    8. 6 chars is the creation file date.
    9. 6 chars is the last access file date.
    10. 2 chars is the file owner length.
    11. 2 chars is the file group length.
    12. 2 chars is file permissions/attributes length.
    13. 4 chars is the byte block size.
    14. 1 char is the encryption execution flag, which indicates whether encryption will be executed. Can be 1 = encryption or 0 = no encryption. Default is 1. Theoretically, it should not be switched off (0), except to see how the data structure before encryption is formatted.
    15. n3 chars is the file owner. The length is defined in step 10.
    16. n4 chars is the file group. The length is defined in step 11.
    17. n5 chars is the filename absolute path included. The length is defined in step 3. Filenames use the UTF_16BE charset.
    18. n6 chars is the file permissions/attributes. The length is defined in step 12.
    19. n7 chars is the first part of the file to encrypt (converted into byte array). Its length is defined by the difference from the block size and all other fields.
  • ………………
    1. n10 chars is the last part of the file to encrypt (converted into byte array).
    2. n11 chars is the checksum of the file performed with the algorithm defined in step 5 of first byte block. Of course can be long 0, 32, 40, 64 or 128 chars.

Again the length of the byte block header : n1 + n2 + (2 + 5 + 1 + 6 + 6 + 6 + 6 + 2 + 2 + 2 + 4 + 1)(43) + n3 + n4 + n5 + n6

  • At least three byte blocks of chars, the first block with 19 fields, at least one inner block with 1 field and the last block with 2 fields
    1. n1 chars is a sequence of random bytes fixed for each key (max = 32.768 bytes). n1 depends on its checksum calculated with the SHA-512 algorithm. Detailed calculation of n1.
    2. n2 chars is the key checksum and depends on the algorithm used (*). The choice of algorithm is defined by the key first byte.
    3. 2 chars is the length of the filename.
    4. 5 chars is the size of the file to be encrypted.
    5. 1 char is the checksum flag, which indicates whether the checksum of the file will be calculated and which algorithm will be used (0 = none, 1 = MD5, 2 = SHA-1, 3 = SHA-256 and 4 = SHA-512).
    6. 6 chars is the encryption date.
    7. 6 chars is the last file modification date.
    8. 6 chars is the creation file date.
    9. 6 chars is the last access file date.
    10. 2 chars is the file owner length.
    11. 2 chars is the file group length.
    12. 2 chars is file permissions/attributes length.
    13. 4 chars is the byte block size.
    14. 1 char is the encryption execution flag, which indicates whether encryption will be executed. Can be 1 = encryption or 0 = no encryption. Default is 1. Theoretically, it should not be switched off (0), except to see how the data structure before encryption is formatted.
    15. n3 bytes is the file owner. The length is defined in step 10.
    16. n4 bytes is the file group. The length is defined in step 11.
    17. n5 bytes is the filename absolute path included. The length is defined in step 3. Filenames use the UTF_16BE charset.
    18. n6 bytes is the file permissions/attributes. The length is defined in step 12.
    19. n7 bytes is the first part of the file to encrypt (converted into byte array). Its length is defined by the difference from the block size and all other fields.
  • ………………
    1. n9 chars is an internal part file to encrypt (converted into byte array). Its length is defined in step 13 of first byte block.
  • ………………
    1. n10 chars is the last file part to encrypt (converted into byte array).
    2. n11 chars is the checksum of the file performed with the algorithm defined in step 5 of first byte block. Of course can be long 0, 32, 40, 64 or 128 chars.

Again the length of the byte block header : n1 + n2 + (2 + 5 + 1 + 6 + 6 + 6 + 6 + 2 + 2 + 2 + 4 + 1)(43) + n3 + n4 + n5 + n6

As you may have already guessed, the first block of chars is especially crucial for decryption with the EMA method. The first block of chars contains all the information required for proper decryption and all information about the origin file.

Example of pre-encryption of a block of data (file ‘C:\Users\guest\ema\src\DraculaBS.txt’) that uses a single block of bytes:

  1. n1 = 525 random chars (top header).
  2. n2 = 128 chars (key checksum, in this case SHA-512 algorithm because the key first byte >= 191).
  3. 3 to 14 = 43 chars (the sum of fixed chars).
  4. n3 = 30 chars (file owner, length defined @ point 10.).
  5. n4 = 0 chars (Windows does not have canonical groups, length defined @ point 11.).
  6. n5 = 72 chars (filename included path, length defined @ point 3.). Note the UTF_16BE charset.
  7. n6 = 581 chars (file permissions/attributes, length defined @ point 12.).
  8. n7 = 626 chars (the file content, length defined @ point 4.).
  9. n8 = 63.499 random chars random (65.536 – ( n1 + n2 + 43 + n3 + n4 + n5 + n6 + n7 + n11).
  10. n11 = 32 chars (file checksum, in this case with MD5 algorithm, length defined @ point 5.

Total = 65.536 chars/bytes (minimum byte block size)

ûãšaø½ˆV^×ÊÒÛ™Râ 7ýaqNƒ¿ÿr#Eµ„´djóØK9Yj»›»&UXNmÎ>A¡ã‚ûø~ˆ+ãWE..RÁ!^à"34g2ØSôŸû‰´DóAÍ„
u‹up=þrúR(4â¤b2MP‡±€–ÜýêUn[¶RPÖx¡Õ,—#äp”1é®nÏãü‚ŠWZ/&ںNj4EüJ‰ÃÎ
¿b®½å9;m¦ÙÇÃÐ'(F¬7áŸæ*¤2Ð0Äè\ëk}'Ëøð½JŸS\G"Ä'½˜Z^ðj’¹uy^ˆBÖž¶Ñ®.ñ,tÓ9Œ¶±Ùž«Â§„(8$ú"þ°Wƒ²³öîu«ø.0`ªí°Erb÷Ó׈_ƒ}õ´'ƒ,©
Æ²6lû.¡LÝ5/U½ã+)wq·2ˉ{­ÍÉ|žX€ù¦>Ž[T]r~‚~Èߌd÷”Ô/)Lˆ{â àÖŽ¥ˆØÒ-¡”Þ«nÝ6jòþΩN\1½ Õ±øɽ#ýçÕ³õD>y„%ÖPDçlòwr"áQsqæà–£]xÏT¿zôÞΡâ=BX§KVÔô˜[®àH(|ïÀ:¥JyÏŸ{­š59o}Í¿xüŠ¹ÑZ]1¼·8t©b”£Ǐ=Û°
Q=ùç͔ͳ]$M–¡>Eû¹b3e25186304c9f577fe3c9e69172a6c03f8a39e4b81fcfc5a07f113529143cdcec3c5288625adfc73288f57d6b879558b244328de5167f1c7f734c46eececf01 H  =	 Ž8cª‡Ž3£ILŽ3¢=JŽ3£IL   E    BUILTIN\Administrators (Alias)C:\Users\guest\ema\src\DRACULABS.txtNT AUTHORITY\SYSTEM:READ_DATA/WRITE_DATA/APPEND_DATA/READ_NAMED_ATTRS/WRITE_NAMED_ATTRS/EXECUTE/DELETE_CHILD/READ_ATTRIBUTES/WRITE_ATTRIBUTES/DELETE/READ_ACL/WRITE_ACL/WRITE_OWNER/SYNCHRONIZE:ALLOW, BUILTIN\Administrators:READ_DATA/WRITE_DATA/APPEND_DATA/READ_NAMED_ATTRS/WRITE_NAMED_ATTRS/EXECUTE/DELETE_CHILD/READ_ATTRIBUTES/WRITE_ATTRIBUTES/DELETE/READ_ACL/WRITE_ACL/WRITE_OWNER/SYNCHRONIZE:ALLOW, BUILTIN\Users:READ_DATA/READ_NAMED_ATTRS/EXECUTE/READ_ATTRIBUTES/READ_ACL/SYNCHRONIZE:ALLOW, \Everyone:READ_DATA/READ_NAMED_ATTRS/EXECUTE/READ_ATTRIBUTES/READ_ACL/SYNCHRONIZE:ALLOW_3 May. Bistritz._--Left Munich at 8:35 P. M., on 1st May, arriving at
Vienna early next morning; should have arrived at 6:46, but train was an
hour late. Buda-Pesth seems a wonderful place, from the glimpse which I
got of it from the train and the little I could walk through the
streets. I feared to go very far from the station, as we had arrived
late and would start as near the correct time as possible. The
impression I had was that we were leaving the West and entering the
East; the most western of splendid bridges over the Danube, which is
here of noble width and depth, took us among the traditions of Turkish
rule.ü ©Rƒ³)@’¶Ÿf¢m˜ÃW°zD;ïüí”Æ61<”¹ÕX±4\?òɬ€ôòNt€2o]x~}N	Î.æ’¸PÌé«c/äG–K;ᥖ0+àæbŸl¥0 ±MZSÀ5OC“ºÉ²¸øôiºçqäÓèò¦tì͍¦­¨ý‘YüâØPºÈÃþa±˜4O§Z×1eN'±ÀÔÅ/\¤SBb°òñJâ]ß½kªz5“ÈžT3úQ’ó	mÌm˘ðÓ®ÁUÕ2Õ=÷ Þlß݉7‰ì­‹x¡”DF3¬P˜Ž+<'ÈNŠ±¿ÎÓ~PØXºypÙÓ½€7kÓ8צ–¥Å¾qÎëyÈÅ•Ù¡ñLÃ{ÿíâ)äÝJi=`5qËàÁ“’€¨l±—Õ©ÉêXt_®Ï±öàÒö‰)EÊg‘êRöì™`ÀJÀ9>F‡Ty¤ÓMù®Àé­™€6‚0
âhIyHz¿I[H-‡!·Ëò£Œ}ù_eþiƒ:—æãåsù‹:…чüÖÿj[@”ÈT”%x*)>È0ìBác=uÍçiŒ6%~±,…ÚŸM䕨'Ýyļ%³34H:g‰ÌúQëP=$P5öý§&)JÐ{%¡V+-Óåœ?$GW~fßñ`+BÆœ1Ü­¹0½¬Ùm~gÌá¸àpÙ¿¶™µÖ€êE•味Tɜ؃ë¿sEºH
&`Ÿ2|ñ™ä¯³ò’:0Ùõ*ß5ZOãÊ©¦›Éª%ÑêhA4Y¨aot̝ՕæwuÏH.ò™wºÆÖ¸¶#¨r«2É[û¼ãÞ\{yüê¶8¦J“aÂÅ[¢‰ç$rVM .èêR ’ ½RBZ)§ôã?…"ÏŸÉڍóî¯vì¡GK:ÚUÍ÷ñ|1Åm$Çù¾Ôeܾ.D¤òÇÃΠO)dšm—B±ùÛQäØ…ü—OR¶Äc¶¶üyr4¢«à[¬_±«võ•	¬pdë¼oÌ›op=ߣGÛWÕ¬«Qb3‡æ~ÄvW4cËΗ®±
WõC2›‹EžãÁÍ¿m0ž«;l¯¾04TsF&»‰l Ka ñsUKÃüvoÅpîB”•R¾Â™ú
..........up to 63.499 bytes9451183dee94bae0055334ec9dfcc8b4

Note that the size of a block of bytes varies from a minimum of 65.536 bytes to a maximum of 1GB. In this case, it is a single block of the minimum size because the sum of the sizes of the fields from n1 to n10 does not exceed 65.536.

Detailed calculation of n1

  /**
   * wrap(byte[] key)
   * DO NOT TOUCH ANYTHING
   * Calculating the number of bytes (wrap) to add to the top of data (based on key).
   *
   * @param key The key data
   */
  @SuppressWarnings({"UnusedReturnValue"})
  public static void wrap(byte[] key) {
    // Calculating SHA-512
    String checksum = getCalcChecksum(key, getChecksumAlgorithm(4));

    // Extract a value from the checksum
    double value = Math.abs(Long.parseLong(checksum.substring(0, 8), 16));

    // Convert value to a string that represent a decimal from 0 to 1
    String result = "0" + String.valueOf(value).replace('E', '0').substring(1, 10);

    // Assign the number of bytes to wrap
    wrap[0] = (int) Math.abs(Float.parseFloat(result) * maxWrapFile); // bytes to add to the top header if data file
    wrap[1] = (int) Math.abs(Float.parseFloat(result) * maxWrapByteArray); // bytes to add to the top header if byte array
  }

File information contained in the first byte block

2024.04.15 07:58:24.904 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
2024.04.15 07:58:24.904 RUNNING fileDecryptedInfo() :: 
2024.04.15 07:58:24.904   GETTING INFORMATION ABOUT THE ENCRYPTED FILE
2024.04.15 07:58:24.904   C:\1713160704984670000_B74NoXQ6oEgtj8OfpqkefvMFIRMOPrYn.msk                            65.536-byte
2024.04.15 07:58:24.905   ..................................................................................................
2024.04.15 07:58:24.950   INFORMATION ABOUT THE ORIGIN (DECRYPTED) FILE
2024.04.15 07:58:24.951   C:\Users\guest\ema\src\Dracula.txt                                                        635-byte
2024.04.15 07:58:24.951   
2024.04.15 07:58:24.951    Directory              C:\Users\guest\ema\src
2024.04.15 07:58:24.951    Filename               Dracula.txt
2024.04.15 07:58:24.952    Size                   635-byte
2024.04.15 07:58:24.952    Filesystem type        NTFS
2024.04.15 07:58:24.953    Filesystem name        Windows
2024.04.15 07:58:24.953    Date of encryption     2024.04.15 07:58:24
2024.04.15 07:58:24.954    Last modified date     2024.04.14 18:51:24
2024.04.15 07:58:24.954    Creation date          2024.03.01 16:41:20
2024.04.15 07:58:24.954    Last access date       2024.04.14 18:51:24
2024.04.15 07:58:24.954    Owner                  BUILTIN\Administrators (Alias)
2024.04.15 07:58:24.955    Group                  
2024.04.15 07:58:24.955    Permissions            NT AUTHORITY\SYSTEM:READ_DATA/WRITE_DATA/APPEND_DATA/READ_NAMED_ATTRS
2024.04.15 07:58:24.955                           /WRITE_NAMED_ATTRS/EXECUTE/DELETE_CHILD/READ_ATTRIBUTES/WRITE_ATTRIBU
2024.04.15 07:58:24.955                           TES/DELETE/READ_ACL/WRITE_ACL/WRITE_OWNER/SYNCHRONIZE:ALLOW, BUILTIN\
2024.04.15 07:58:24.956                           Administrators:READ_DATA/WRITE_DATA/APPEND_DATA/READ_NAMED_ATTRS/WRIT
2024.04.15 07:58:24.956                           E_NAMED_ATTRS/EXECUTE/DELETE_CHILD/READ_ATTRIBUTES/WRITE_ATTRIBUTES/D
2024.04.15 07:58:24.956                           ELETE/READ_ACL/WRITE_ACL/WRITE_OWNER/SYNCHRONIZE:ALLOW, BUILTIN\Users
2024.04.15 07:58:24.956                           :READ_DATA/READ_NAMED_ATTRS/EXECUTE/READ_ATTRIBUTES/READ_ACL/SYNCHRON
2024.04.15 07:58:24.956                           IZE:ALLOW, \Everyone:READ_DATA/READ_NAMED_ATTRS/EXECUTE/READ_ATTRIBUT
2024.04.15 07:58:24.957                           ES/READ_ACL/SYNCHRONIZE:ALLOW
2024.04.15 07:58:24.957   ..................................................................................................
2024.04.15 07:58:24.957   
2024.04.15 07:58:24.957 FINISHED fileDecryptedInfo() ::
2024.04.15 07:58:24.957   
2024.04.15 07:58:24.958 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Scroll to Top