1. 8

  2. 2

    The use case seems to be: you want to back up some small file on a machine you don’t trust much, or send it to a friend who uses this software also. (since it requires a readable password-less private key, there’s no point applying this to any local files). Since this adds no local-file security, I won’t mention the usual issue with unencrypted contents lying around in swap.

    It looks like it uses “AES-128 in CTR mode with HMAC-SHA-256” with a random IV. The file length is exposed, but the contents are confidential and tamper-proof.

    Looks like a fun “let’s use Go” hobby project. I imagine PGP has this use case pretty well covered (and doesn’t give up your secrets when someone takes your powered-off computer and pokes around).

    1. 3

      Here’s the use case:

      I want to give someone credentials for a machine (i.e. a shell server), including a password. By default, they send me their ssh public key. I can encrypt to their public key (and with the signing branch, which includes RSASSA-PSS), I can sign the file with my private key. These people generally refuse or can’t be arsed to use PGP, making my life more difficult.

      As for no local-file security, there are few good solutions for preventing unencrypted swap issues if you don’t control the machine. I assume this is being sent to someone who is going to read it on their personal machine. Encrypted or not, we automatically lose if they don’t apply proper security to their local machine. If you’re not encrypting your hard drive, for example, most of your secrets are already available “when someone takes your powered-off computer and pokes around”. This program provides security for message traffic, but doesn’t attempt to solve the data-at-rest problem; there are far better use cases for that.

      Obscuring message length is difficult without jumping through some hoops for files that aren’t of a given length; generally, it’s not going to be an issue.

      Up next, I need to figure out how SSH password-protects files and add support for that in. I have the pieces for ECDSA support (using ECIES for encryption), I just need to actually add them to this code.

    2. 1

      Last night, I added in support for password-protected keys and ECDSA keys. Might be more useful now. There’s an issue with signatures, namely that support for RSASSA-PSS is still only in Go-tip, but the pieces are there. I’m just waiting for it to become more widely available.