Wednesday, December 8, 2010

How-to: Crypto Quick Guide. #imwikileaks

Just because I'm paranoid, doesn't mean they're not out to get me.

Julian Assante and Wikileaks released a file, "insurance.aes256", just before all the attacks. He knew he had something big. What was in that file? No one knows. If someone does, they ain't tellin'. Some people have poked around the file and have tried some passwords, such as ROUTER and ONION, to no effect. Some say that it's just random data. I ran a quick head command. Typically the first characters would identify the file type, but this file read Salted! 

I'm not remotely an expert in cryptography, but I wonder if the original encrypted file is wrapped with some salt? I have no clue.

Here's a Cheap and Easy way to encrypt a file or folder with 7-zip File Manager.

  1. Install 7-zip.
  2. Collect your files and folders into a single folder.
  3. Right-Click the folder, Select 7-zip > Add to Archive or drag the folder into a 7-zip File Manager window.
  4. Change the Archive name .7z extension to something less obvious (I used .aes256 for fun.) 
  5. Enter a passphrase (Passwords are too easy.)
  6. Check Encrypt file names
  7. AES256 is selected by default.
  8. Click OK, it should be done.

You too can share secrets in an encrypted file, distribute it, and create a timebomb that will release the passphrase if something happens to you. If someone figures out to open the archive in 7zip, it will ask for the pass-phrase.

If you're serious about encryption, you should install an OpenPGP application, and learn how to use it. You can encrypt any file and it's particularly useful for sending encrypted messages. I won't get into the technical details or the history of PGP, because plenty of information can be found on the net. Look up PGP, Phil Zimmerman and Digital Signatures.

These are the basics of PGP, and email encryption:

  1. You need an OpenPGP package, such as GnuPGP, FileCrypt or PGP. (They're available free, on all platforms, and compatible with each other. I use GnuGP and Cryptophane.)
  2. Generate a PRIVATE or SECRET KEY (Use a really strong pass-phrase, never share or even hint to what this is.) 
  3. Use your SECRET KEY to create a PUBLIC KEY (This will be shared to everyone.)
  4. Create a REVOCATION CERTIFICATE (In-case your secret key gets compromised, this will invalidate it.)
  5. Collect the public keys from everyone that you expect to recieve and send messages.
  6. Manage all these keys in your KEYRING. (Different OpenPGP packages may call them managers or UIs for GnuPG.)

You can now use PGP to sign and/or encrypt messages. You can sign any message, and those with your public key will be able to VERIFY your messages as authentic. You can also send encrypted messages to any individuals that you have on your keyring. You should distribute your PUBLIC KEY far and wide by posting the plain text block on your site, or sharing the .pgp .asc or .txt file. You can also upload your public key to various keyservers

This is mine, if you want to share: 

-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.11 (MingW32)  mQENBERkz0kBCADRaQMJ2ahkGzqkbU2zakafA2CgW5zLkXc84jDRKlQ3lffS24X5 cPCpE4s3uGlEYcN6dzE6uJVZCuQGSvk9TMYdkg1zc6dk6LG85/l7tl0kLBeUcVa0 YLhgRnusmK+7oqmoIZCjTne3FKNtuuu6Yhk0kfIRQap5SpX4N5nb9sAZO1a7Oo12 leU7coe0QMT1R8V99gXtWLxQ2PU4mCnli/xsQb/VsQEA4DVlVOpcmaiJpqCVsn+/ 9hOWKzBDUyMmcdD2b0SRFW6P4NmaN6BqI9zVvCRgwLq0Y8hqoZ1tmbA+g4HAp9tL m3m15fu3pKiEiK2bgozvnglOnTyPSrnPeM2fABEBAAG0JkRhayBKLiBVbHRpbWFr IDxkYWsudWx0aW1ha0BnbWFpbC5jb20+iQGHBBABAgBxBQJEalVbMBSAAAAAACAA B3ByZWZlcnJlZC1lbWFpbC1lbmNvZGluZ0BwZ3AuY29tcGdwbWltZQcLCQgHAwIK AhkBGRhsZGFwOi8va2V5c2VydmVyLnBncC5jb20FGwMAAAADFgIBBR4BAAAABBUI CQoACgkQh9JY1cgFQMj4qwgAunNO9eZEgfreK+qI3CWBL8cQFShd6qaqhGEAAPn+ 617rugKykID5g1udeVZh2Xm5YVlJUxzM5BeqnhVsl4vbYMneYBgnV/ZWkFlGqA32 8IMrEjG051drCDZQJBcvbTQI+Guedd+dCDUTkDVBK1IAKqenfb9xmLT0QIzr0iKa No3pGvhlZPjlfD8/gUFcMWL9b+JHi1eg9Qg9yrN15wsBC7rOFUY2Brcwx+OXXm9K V+gIxy8TzYZP9HgWvDBJYOp+gA73J/BSoCNfII0QnRiUvOwjnUBmjVDM5H+TEKUf dfxU1lV2JCX2/uWsZ9vcXWI6+iCABRsDV6O2iYS8cKi/4IkBIgQQAQIADAUCRGp6 IQUDABJ1AAAKCRCXELibyletfFt5CACVO6D6LAdu/c8Hiyt3vocq6YI2jSSktO2i O7297NMuhm6QWSSgiNgS28YwPfAp84iFqiRY9OpAR9XgnOeYvwm2IqpLrmR1j2Iw 8pG2Q68A7HTj4GtOZ0PntLtN7RWwmZ+z/+nBpOlsw9nX8ZI++jyjrfd5/dazPRxv ftimxME5odflKI7XetVSXGWTkL34MLTLJ4Edw0rQhdeD1+sOsV7/4T4c5FwIsYQZ 4J01aPieCpBVQj+TEYzhj3ofxIzqoXLFGpEn+8gg6urLe9v+aAVOu74SAcy+dsyf dC1haqyX7BQ/3Ka0LObTyYTCmGUjF1hlCtsFSw75Rsv+gwpusexRtC1EYWsgSi4g VWx0aW1hayA8ZGFrLnVsdGltYWtAc3RyYXljb3VjaGVzLmNvbT6JAYQEEAECAG4F AkRqVVswFIAAAAAAIAAHcHJlZmVycmVkLWVtYWlsLWVuY29kaW5nQHBncC5jb21w Z3BtaW1lBwsJCAcDAgoZGGxkYXA6Ly9rZXlzZXJ2ZXIucGdwLmNvbQUbAwAAAAMW AgEFHgEAAAAEFQgJCgAKCRCH0ljVyAVAyEmrB/9BFTatJywEpFjIUYcpwoc0UMI1 Be1n4OsrITAqXYDdCKwhPpJKFxs2oAi0McA1WrlfW2g4cMUfRsz/vqUWkGyt+i1b 1vnGgTsAVEauyt6J+JJLcH7P/Ex0iZaAj3jzmXQDifBtLI5Xo+iBXD9aiHFveGK/ x7Hc+1Bue4hutKkQhGR1V2+3l4AoMCZiCZTgSkg07kvABp3yx46/xuj7oWB+ApdU 1dkpcjjyNMEdS9JS0XwBil1xoy8QT7/Kzm3R8aX5Jqw/xKITCHZ7HHXNODvRf/9E 2FYY14dv5lfYZk799Ir69hxIl3K0zfIDI17wMpemd8od0KqxUI9BCRggZDDmiQEi BBABAgAMBQJEanohBQMAEnUAAAoJEJcQuJvKV618RbsH/0BWkbeseVzpDbuWxkES v1XNHUem5pgM+WjJIhIAc+AeMNK0Xl6xwIpM9aIKdiBQ3K6jKKx0eU/UINkR3mS5 1JAx0WrRJOxPLrbTSzcgMGvpTQYBr812aDcCXSl6ZvsMIIn0Zcgwkd17w+RbYxGc vx0FU6a0Jk85CvZ8Q9Uukk0f+E3c2gqthEOWrPUayUcebBH2J+JY9JChTnPyFCaH HtKALpnTP2BVLR9TsfM4NfupWJuO9GSdhObtxLaBdlVHlLeG4WHPCxCy9wgUCW20 7WxVD4nRcyorMAE11x/X1aMs3LflzeQwrVXC5ApYW/3aSKcpqkk88p3r4ia87oWj WcG0JURhayBKLiBVbHRpbWFrIDxkYWtAc3RyYXljb3VjaGVzLmNvbT6JAYQEEAEC AG4FAkRqdRMwFIAAAAAAIAAHcHJlZmVycmVkLWVtYWlsLWVuY29kaW5nQHBncC5j b21wZ3BtaW1lBwsJCAcDAgoZGGxkYXA6Ly9rZXlzZXJ2ZXIucGdwLmNvbQUbAwAA AAMWAgEFHgEAAAAEFQgJCgAKCRCH0ljVyAVAyHdfCACQOLbRNwgL7tCpnyfJQAEV KN/2Y8FCgtuckVKWc2lOsU9T6hqxBMBCTcqFpbccN2SoSMmZaw3jN08pU31Ww98A FlncVGYxUYTQb84L8BeNsSE51VjptWaRg4Q6q3/lSca5QVc1zyII7CCLEC+KRuwq GAVQLZJGnlYAdToYhG3Ci5KkPbXsCFpvk2MK0o7C0SUDGpQ8+TLv2ok7d4Lo8Oir UJHZtMRsT7F1h97KWc0rFZgfpBS/NFuK0DgBiUFfBRMzJOW5sFx6xeraLlyqTY5W ubMBRo+ejRnNr02YiiQus2HpGMmNTzUZVGDAwWKYR1QlJcnqZ+ie87Lr/gl0l3Uk iQEiBBABAgAMBQJEanohBQMAEnUAAAoJEJcQuJvKV618LCkH/3WneC3VXRsD/04T Rwal4eiHJcjj7x/roFocrw5rPW+/zlPTvIigzJwRlIvLbRDJk3GnLXCQ3wGp0lnT knkhOzfViij7QleOUSpaDHsC/5M8TzCzz0iQmW9kSRuAgCTC8t0BiwnVK+T/k9jF o/RMBrExW30dPUvSdtrygbWEXJxWqow+mfv/1BSSboTBVLYhTUxP1sk3jGoqBft4 4ewbuyZYqQ+FWl6KW6hmBcgALQw/A8zqxkMrkZhyEJMJGg7yZtsb4xJrdPqg1qtv tOnWczYJZdQ7d6nIUmju0HuozQTLZ3UN9rFOuAIQ1A8Fp6E/d1aTCM4grMgLku3g 5fTg0gu5AQ0ERGTPSQEIAM0aSAHktoqQ4HejzYMnKkdRZlVsLrz5jYOyWAIbg2S3 0B99oab9vTNUscauL9fPh/aJSgrdikYZLJpPQTa8aKetVl01n2JD28tubyPJ9RhL 2o9QKyQGLtFbvKJRogM/8lbYRNpcNJM5F/lCHpp1ISDqDmIYu8qGUSqNgMI6nWew l6V1B2fneNH4KZD3iisqxRlbb3aSxWhNbFWqLxL0AezP8pcmDEEsb2JrLiutJ5nq Wak525fMrcbwPgsiNxM5KIxFCNnelDcE4G5ExkWYvdbT+0qrnHuT7PLcg4josfL5 i629QaO1B3SvCu1q5FR7OfEapj+nr/tTukO/lfxd6YsAEQEAAYkBIgQYAQIADAUC RGTPSQUbDAAAAAAKCRCH0ljVyAVAyN4VCACOw7pO2dbeqxZ3tADUoha+yKp2yBum Smlj29V7u7R6FleM4qMz3TbParvq8NY53jP9wqkll4UmTkeZTnPQTFE01XbEoHSo jKXhEKf5kyIDsn2hof5csTeURhzW/KrINKahjrDkBaBIUJ7B4NdJ9VTgNn1leOgE oGWKWrbCEkgQY0WkUhJEUj3WD1l08S3B+Kmd2h+uS5CGPQIDtveZgUwHDJjEa74u EkCCGA/TjsVFz5M9bKCOlk3DhSXgqSqznGZtdWD/fFScdt7ZUxc7C1/u2y0Qa0Mm GqJkEDcwtp/6//h1AsmrVD2PR+J7uwV1Tv6SWvDVQPGbT78DyY0X+8PK =Sboc -----END PGP PUBLIC KEY BLOCK-----

Encrypting and decrypting email varies depending on the utility you use. Some email programs, such as Thunderbird or Outlook, have plug-ins that make it as simple as clicking a button and entering your pass-phrase. I use Cryptophane, which is also my keyring manager. 

To encrypt or sign a message using Cryptophane (your milage may vary, but the steps will be similar:)

  1. Using a text editor or your email program, draft your message. 
  2. COPY/CUT the message into your clipboard.
  3. OPEN Cryptophane, Click on FILE > Message
  4. PASTE the message into the window. Click OK.
  5. Select the public keys of any recipients or, if public, Encrypt with shared pass-phrase. Click Process.
  6. Enter your pass-phrase if it isn't cached, enter a new shared pass-phrase.

Paste this into your email or blog entry. Only those with the proper credentials will be able to read it.

To read messages sent to you, some can click Decrypt/Verify in your email program. Or COPY/PASTE the complete block of text, and enter it into the same Message window in Cryptophane. You will be asked for either your passphrase or the shared pass-phrase.

Now, if you are afraid of getting down and dirty with OpenPGP, the quickest and simplest way to encrypt and decrypt email is to get a hushmail account. It will do all the work for you. You will have to create new, but secured, email account and you will still have to export your PUBLIC KEY and distribute it. Note, with free accounts, if your account goes idle for too long it will get deleted.

Have fun!

 

-----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.11 (MingW32)  jA0EAwMCH2BZNGCkqVJgycElEBHd26olifnua5oeLeVMb5iV8E7ueKPLqGEjJbos wYJMzGhthPjFbY59AM9kZ3YTZsFUQVjWFhxDIYD2cfB2CQhsL0jsNwbW/9xNpQph x6bkJxiojlbqOtVWKs4jM8VME5NUA+US5Wu7vXVTkiwO/uzDq9szFvivP02WdyVe zM/GP0IunYCk27FbyL18Iu/8KKrZHR77EYnN/CGRfzrDb2JWK9h96/ECQuxmsmyN BlI2PlaMOMR8oVGuLGaSsyoN+jAjizYComjmY+QBRZOiFJ4SU2fx7BEGcgpPNhG2 KbnawsmWRto4dAQ3nEB4O6yAIUPvhLYG8p8EbcuJioqQN3FxzZSr7v+T2+Mtuqnz OvJ1BQcEJuxAJJMEnq/r8AaSuRZtF6pKzwS2Kp6sWrYtJzUoZXka/y/TjcteaxpL PFh4lqNmCPd12ULCkyGqKowmJjSWxwIg0BQ/0/CTWqiW9/oFFEmC/aZtubfazMwO rzDqToZjO7lA3cbuQHP/mcZX0FMEFPdj5aSMxhodTB4La7Yk4mrDYnmtmP9ijXXr Ki2dF8VWUiGjqTT/e5B7PHZQxgPxjYFbG783eq01trnEgoOyZcWLLl1ff919Dn+O 07Ckp01TTrTpowoWlQqHi5cPJEgtkc8= =LM+h -----END PGP MESSAGE-----

 

 

 

Posted via email from Th' Reverend Dak Post

No comments:

Post a Comment