💾 Archived View for thrig.me › blog › 2024 › 04 › 27 › abba-encryption.gmi captured on 2024-12-17 at 10:10:54. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-07-09)
-=-=-=-=-=-=-
Note that you probably instead want "crypto_box_seal" not "crypto_box_easy" as the sender can also decrypt the message with "crypto_box_easy" which defeats the purpose of tying to encrypt things to prevent the sender (or anyone else meanwhile) from reading the messages at rest.
A better plan might be:
https://flak.tedunangst.com/post/reop
The notion here (and a mnemonic if you know your pop bands) is to have a crossed pair of keypairs. Alice sends to Bob. Thus Alice, the sender, needs Bob's public key, and Bob needs Alice's public key. So Alice uses Alice Secret and Bob Public (AB) to encrypt, and Bob uses Bob Secret and Alice Public (BA) to decrypt. ABBA.
In this particular case only the server (running on a computer managed by someone else) needs to encrypt files as they arrive from elsewhere (via SMTP), and only the client decrypt them; the files should be encrypted while up in the cloud so that they are more difficult to read. You could also encrypt the server's disk, but that makes mounting that disk tricky after a reboot. Also someone might gain access to the mounted filesystem, in which case they would completely avoid the disk encryption, because it's mounted right there. Probably they could read future messages by writing the incoming data off somewhere else before the encryption code is reached, but an encrypted disk would not prevent that, either.
Key rotation is a must, and generally the most difficult part. See for example the "Summer 2023 Microsoft Exchange Online Intrusion" where a master key had never been rotated off (a rotation broke something so those stopped being done?) and was used to access all sorts of things. Whoops? Anyways, you should have working and tested key rotation going from the start.
Why not use something standard?
The first most likely option we might consider is PGP or GPG. I hear other operating systems do so. The concerns I had using an existing tool were complexity, quality, and complexity.
http://www.openbsd.org/papers/bsdcan-signify.html
Another reason is that you do not get practice unless you write stuff yourself, and have to get down to details on key rotation, consider whether you need signatures, who exactly you are thwarting (or at least making life more difficult for), what an attacker would need to do to get around or eventually into the encryption, and so forth. A library will handle various primitives, but there are still a bunch of details to work out.
Or you could have a PGP keypair on a server and encrypt files to PGP on your client system, that could work, and might save you a bunch of time and coding effort.