Archived Forum Post

Index of archived forum posts

Question:

Any Function to Detect if file is Encrypted??

Sep 23 '13 at 08:49

Hi,

Is there any way using the crypt library to tell is a .tif file has already been encrypted?

Thanks, Stanley


Answer

Symmetric encryption algorithms, such as AES, Blowfish, 3DES, RC2, etc. are simply mathematical computations that transform input bytes to output bytes having the characteristics of random byte data (where each byte value 00 through FF is equally possible, and the bytes are seemingly random). There is no file format. In other words, encrypting a file w/ any of these symmetric algorithms does not result in output that is structured in any way (i.e. no headers, no identifying structure, etc.) Decryption is simply the reverse mathematical computation.

To tell if a particular file is encrypted or not, you'll have to use something that is known about the file type. Most file types are such that they begin with a recognizable first few bytes. For example, for tif:

A TIFF file begins with an 8-byte image file header, containing the following information: Bytes 0-1: The byte order used within the file. Legal values are: “II” (4949.H) “MM” (4D4D.H) In the “II” format, byte order is always from the least significant byte to the most significant byte, for both 16-bit and 32-bit integers This is called little-endian byte order. In the “MM” format, byte order is always from most significant to least significant, for both 16-bit and 32-bit integers. This is called big-endian byte order. Bytes 2-3 An arbitrary but carefully chosen number (42) that further identifies the file as a TIFF file. The byte order depends on the value of Bytes 0-1.

The same kind of thing can be said for many file types: Zip, PDF, etc..