Dr Craig Valli and Dr Ian Martinus
Encryption is the process by which programs/algorithms are applied to data/information to make it extremely computationally difficult and normally expensive (time, electrical power) without the proper artefacts such as passwords or keys to turn it back into its original form.
Encryption is the mainstay of protecting data in transit (https://somewebsite.com) or at rest i.e a file on your hard drive or USB. The point is you use it most days without even giving it thought i.e its seamless for banking, chat engines, websites, email servers (in transit).
The following block is encrypted text
wcFMA4BhJt0O/WCIAQ//b1v650vMHuTj1UesavqDz8OD2MEV5q/QTzbLc7fk uckCyEY0XnDX6m8K1QcjOaqKvv6HKewlG/DzTdmTb7c10/ZRHiXUeB0EO0kf hN9L6Lt1rEHWB7CSSwoVqJisEAH76//1/6DEl7yBPXAvdwB9BszYjQwL9IFS UziCQ8qSv74rJRIOfBrJTGXyWXwgDEPRL//cwT3dn5+m2MvfCFwsoThPZgnb txHjjQE/TIt6B9tFP9dI4eEZCliht1OTNFau1xT7jCHTd2wDBbwNczh76LzU DMbj0Rr9Sl5UvifTB9SwduUouryw2Z5leiWqiPbUFVAm+XofgigrVHNxd+fc 2himeBY+fTP/8X4Nb1BAo3p7FDwCf3fjpT/NyJGuNUcaU0CLZ+Ro7rB6EQM3 RcyTR6W6li4PVUMY6YTeS0+13fuyBVSxWjCOVB2UJKbXZpeXAX59sZ9BCYFA k17llgmy7lLoDJ4FHPV5Z8eVCLV6qbr3aifv/B50A7spk7FDKTXEePQKlB6B E7RjpODJvoqY5cp3bOh1tbBkfKi3hrOB8P4AyOqPSy5S3LFHT8ZrzmRe4r/L 1hHF8KVYW3p82co0i0mIaY55DJT0DzYq/KldLQQ3aTTF7ssISzCm1iBo3jj8 VG3WexPcSzU5oIyOm+3mZZf0a2V0jPuBuWQZBf9IwLvBwUwD6JmofthkZ1sB EAC/9ZZ8GOUeKT1vkE8zKpHBQl6l7/hRQR5bgCtDQm95cw4Nt3qqpMyCzpbm U/0mQYw7pKlkG7Zk4CU8z+DD/qzfk8Simkt4RRQsEeuLFHOA0tJXaeyV7jHu Xm/gKxTPO8DIWutmove9KMtlbsDPnI6BWU/GfwV+l4y/P2ilBkQ2fsciJ2Bw No1QEtwm1wbPTQUoFmdMLWV0BZcipypiEaIvHA0FZ0OYxdWzzJVhYlYIaRwI x+VCMm6wYTVzOkV8pYJQK6I+cFcMhhKv0+z6fhk0o9E7BZSMeFH4wBrrq692 ulRTCN3IUQAZ3nEgNifX6vS/IdwnL0caUiYQKcK6S3aUe/Dq0zJNU2bEcFZ2 UtQJw6NU3op97gy5Lli1uz8WzwC0WUOD7/kfuJRnFf3ykrwZwiOB4RggMGyt 2WQwdpwlvWaqx1haKxUZjgVXw888LX2C/LVVCfwIxinETT8IL1ZxIQm9a/lg 34U7aYvx7JwFxl6mx0huFPE+B2z2SeJYt23hknaybWD3+l4XgiInmmJUN+00 c6J69Zh2zggqK70fMBeHNMlg+UqlQa2Plk0z5+sUArtg+ybTC5qKXTO1VdBD SY32RxJXH3Pjfi/BrHUxJNWFnTdDEgo9rQmVFa61Z2yif6EX5HrE/P2EQ3CX tx99EtD+uMxCNexYae31mcgUCNLAMwHDzRvGAJl9k2q66ZLc8pLBHwrijN8Q oIBUBDrigwizKEoAwyAtoj/2uNhOCz2XhH47/9yp5FeE7g26LLhGi+eC98/s 2NAr2TXEBMOJApk7lzvJNoT0Nhi7VhsFS4NKZChfdrZuS4t7dFaHKRONivNP 2Qscaf82xqqFv7wTXxZsZfklCy4PtpR6aI5O2kaM9Y0OodLhQmhx+yPRHCPP 6ODk0GF9gWpoPMaVjUPUyToVpcvSu/tVYM9/sxIy7DFBwpmURE6490cenMI1 hRAhOjDrjj0BA4HrTTd4k00uHZqrTIFyuzXJ4615nyQa3c+SNSxFLQ== =JHEB
The previous nonsensical block of text is the text of the first sentence encrypted with an encryption program called Pretty Good Privacy (PGP). As can be seen clearly the encrypted text bears absolutely no resemblance to the plain text.
Encryption is very effective at protecting emails and files in transit across the Internet. You can also use encryption to protect important documents at rest on your storage devices/spaces – computer hard drive, usb hard drive, usb stick, NAS/network drive.
Do you really need to understand how it works to use it?
Quite simply no, in our opinion too many guides go into explanation of cryptography itself and key exchanges which typically serve only to confuse most people. We as humans use more complex devices and tools without understanding the theory of operation or being able to explain how it works from first principles e.g car, food blender. microwave, digital watch everyday! But like those devices you do need to understand the traps and pitfalls of using it incorrectly that then compromises it use or is destructive similar to the effects of drying “out” your digital watch in a microwave which by the way = explosions!
The only concept you must get is that your private key should NOT be shared or stored unprotected. Once a criminal actor has your private key they can with impunity decrypt/unlock the secrets to your data you wanted to protect.
Protecting your private keys
Just as in the four other domains (land, sea, air, space) you need to protect your private keys/artefacts so that someone can not access them readily without your knowledge and hopefully consent.
Sadly one of the core ways of “protecting” cryptographic keys is you guessed it password. So once again high grade encryption is undone by a dilettante using a 6 letter password. For your crypto keys you should use long >50 characters, complex passwords but make sure they are easy to remember to protect the private key. This is one of those times where the prudent thing is to print out these passwords and store away from site and preferably in secure fire proof safe (bank or a high quality safe at trusted third party). Also make the print out cryptic i.e just password the keys with a tag that only makes sense to you and don’t name the file my_crypto_keys.doc…please don’t.
There are now hardware based tokens that can be used to store your keys and the best ones use multiple-factors to unlock the “safe”. We recommend the use of these for a relatively small cost of < $100 each they afford you a very high level of protection for you. We use Yubi keys for our devices and also for storing keys.
Sharing your public keys….
Your public key should be available from as many sources as possible.There are keyservers which store and serve public keys that people upload openly available on the Internet to facilitate sharing. So if you are communicating with person you can go to the keyserver and do a search for that person normally based on their email address. If the keyserver has the key then it provides it too you. Or a more cumbersome way is that you can “exchange public keys” via email the best is via ASCII encoded or .asc files as in-line text they can copy and paste or as attachments.
Here are some keyservers for you to query that are accessible on the Internet. Interact with them remember to upload your PUBLIC key not your private key and some servers will send you an email to confirm your key to your email address.
https://keys.mailvelope.com takes you to the search engine on the server to query or you can upload your key as well
PGP pretty good problem…not so much
This is how a computer science colleague 15 years ago described the setup for PGP it was not user friendly by any means. It has come a long way since then and there are usable commercial and non-commercial software on the major platforms and also web browsers. Remember it is good at protecting email between exchanging parties and also good at providing protection for files at rest on a secondary storage device e.g hard drive, usb stick.
Most of the programs mentioned below also have good howto documentation guides on how to install them and generate your keys. Browsers
Mailvelope – is a browser addon for Chrome and Firefox and is platform agnostic works on Win, Mac, Linux. We use this. Also there is a good accessible training guide for Mailvelope from Freedom Press
Windows
GPG for Windows (easy to setup works with Outlook) – Free – We use
PEP for Outlook – Commercial
Linux
Use kgpg to manage your keys There is native support in Evolution email
Macintosh
GPG Suite ~ $AU35
or the free utilities that are native to the MacOS…borrowed from BSD
iOS
Final Step is to backup your keys for secure and safe storage We advise it is critical that you back up both your public and private keys to a USB stick and store that stick in secure location, preferably offsite from where you have devices you use them on. if your old school and have a DVD/CD burner burn a copy to one of these as well. Simply give a copy to a trusted friend or relative, for more complete protection store in safe or safety deposit box at a bank. When ever you generate a key make sure you also generate a revocation key as well and store that on the stick as well.
Our keys are are
Craig Valli craig@safensecurecyber.com
Ian Martinus ian@safensecurecyber.com
Comments