Sunday, November 24, 2013

Secure your online files with asymmetric encryption

One of the greatest benefits of asymmetric encryption is that it allows you to keep encryption and decryption keys separate from each other. In other words, the key, which was used to encrypt the data cannot be used to decrypt it.

Why is that useful? Imagine you are running online backup. Pretty much every online backup facility allow you to generate your own encryption key, but this key is symmetric. Which means, that attacker could take your computer and extract that key. Another scenario: lets imagine one is archiving recordings from a security camera, and does not want government to be able to view those recordings without his consent (yes, this is about NSA). If symmetric key, such as password is used, it is possible to confiscate the device, and all files will be as good an unencrypted.

However, when files are encrypted using asymmetric encryption, this problem is mitigated by supplying public key to device and keeping private key safe. Public key will be used to encrypt data, but it will not be possible to decrypt data with it. This way government, malware, or hackers could pwn your computer, but they will not have the private data.

I recently was struggling to find a tool, which allows me to do just that. Part of the problem is that with widely popular RSA algorithm, only a very small amount of data could be encrypted. Also, encrypting data with RSA is very slow. It is therefore necessary to chain RSA to a symmetric algorithm, such as AES to get the best of both worlds. This is how your browser protects the session.

As I mentioned before, I couldn't find the tool to perform such task online. I therefore decided to write one myself. It is a console application, code of which could be found here: https://github.com/galets/AsymmetricCrypt . It is a console application, and it has four modes of operation:

  1. Generate key
  2. Extract public key which you could then use on untrusted machines
  3. Encrypt using public or private key. Obviously, it makes sense to use public key at this point. The tool will nicely pack all necessary data into a single file
  4. Decrypt. Naturally, this will only work if you have private key.
If you find this tool useful, I would be curious to know how you use it. Please post your use case here. I could also use some support, if you got some bitcoins you wish to tip me with, I will gladly accept at 175iyCxfHoD76GaL2Ms3MN8Qhrwe2R6U2r.