Werner Almesberger
2016-05-20 16:19:44 UTC
Let's assume we have the following accounts:
Name: Mail
URL: foomail.com
Login: me
PW: Fohd3ien
Name: SocNet
URL: sidetome.com
Login: goatee81
PW: asdf
Someone who has access to the encrypted account database but doesn't
know the right keys would be able to see this:
% ./crypter.py default.bin
Length: 174 bytes
PKw: HWUZ-CSHI-M4TV.ZTGX-7NCR-LMSR.QFCC-7N7A-BYN3.XSIH-DOQY-TFJ4.MN3A
Nonce: N6TD-ZM6F-ASPY.G3I8-BFN8-XPII.JHH6-XMVG-JZLS.IIC
Readers: 1
PKr: HWUZ-CSHI-M4TV.ZTGX-7NCR-LMSR.QFCC-7N7A-BYN3.XSIH-DOQY-TFJ4.MN3A
EKr: W9E7-A7LF-E6BZ.AQ3L-8VVQ-MRTA.G4SF-3JYW-ZXYE.LO3R-ARFT-DSWU.NFTB
Payload: 53 bytes
28 4A 9F 37 F0 2F 25 8B 59 25 DE 9A 96 D6 D3 3B (J.7./%.Y%.....;
DC 1E 01 EE 91 DD 97 AE 77 94 88 5B 43 3E FC B3 ........w..[C>..
4E BA 39 27 A0 3E 11 7B 4F BF 88 00 9E 3A E4 4E N.9'.>.{O....:.N
1B 50 01 51 61 .P.Qa
Length: 179 bytes
PKw: HWUZ-CSHI-M4TV.ZTGX-7NCR-LMSR.QFCC-7N7A-BYN3.XSIH-DOQY-TFJ4.MN3A
Nonce: HFUI-AUGI-QWVJ.AAAU-DGQF-FKVU.HD9S-BXZ9-WSQN.OGA
Readers: 1
PKr: HWUZ-CSHI-M4TV.ZTGX-7NCR-LMSR.QFCC-7N7A-BYN3.XSIH-DOQY-TFJ4.MN3A
EKr: I4Z8-KS8T-O6DV.SP6I-74DA-JJ6I.X4WW-ENET-3F94.LZBV-VUHZ-LUZ8.CFRA
Payload: 58 bytes
59 9B C2 C1 04 DC 84 73 CD AD 96 38 00 21 68 EE Y......s...8.!h.
C5 8C 8F 63 68 06 33 E7 0D B6 45 D6 68 62 3A A6 ...ch.3...E.hb:.
8B A9 AA 61 3A E7 9A 83 17 15 BA DF 51 50 79 D0 ...a:.......QPy.
1C 96 86 7D 40 8A 13 09 57 B9 ...}@...W.
Keys are encoded in base32:
https://gitlab.com/anelok/anelok/blob/master/crypter/base32.py
PKw is the writer's public key. We have only one reader in this case,
with public key PKr. PKr is of course the same PKw, given that the
writer wants to be able to read what it wrote, too.
EKr and the encrypted payload just look like "noise". Now, if we have
the right key (i.e., the secret key corresponding to PKr), we can
calculate ShK, decrypt RK, and then decrypt the actual content. This
is the first record:
% ./crypter.py -k anelok.keys default.bin
Length: 174 bytes
PKw: HWUZ-CSHI-M4TV.ZTGX-7NCR-LMSR.QFCC-7N7A-BYN3.XSIH-DOQY-TFJ4.MN3A
Nonce: N6TD-ZM6F-ASPY.G3I8-BFN8-XPII.JHH6-XMVG-JZLS.IIC
Readers: 1
PKr: HWUZ-CSHI-M4TV.ZTGX-7NCR-LMSR.QFCC-7N7A-BYN3.XSIH-DOQY-TFJ4.MN3A
ShK: PT6I-X6UI-ZEV7.KOAX-68SY-4FVV.3CF7-LELV-QMF8.749A-DAP7-KSAA.9NFA
EKr: W9E7-A7LF-E6BZ.AQ3L-8VVQ-MRTA.G4SF-3JYW-ZXYE.LO3R-ARFT-DSWU.NFTB
RK: LJOZ-H4X4-CJVK.HZEJ-LBX3-AFXO.M8Z6-MNQX-BCJ4.ENT3-EP76-9ZEC.9HWB
Payload: 53 bytes
28 4A 9F 37 F0 2F 25 8B 59 25 DE 9A 96 D6 D3 3B (J.7./%.Y%.....;
DC 1E 01 EE 91 DD 97 AE 77 94 88 5B 43 3E FC B3 ........w..[C>..
4E BA 39 27 A0 3E 11 7B 4F BF 88 00 9E 3A E4 4E N.9'.>.{O....:.N
1B 50 01 51 61 .P.Qa
Decrypted:
00 00 04 4D 61 69 6C 01 00 0B 66 6F 6F 6D 61 69 ...Mail...foomai
6C 2E 63 6F 6D 02 00 02 6D 65 03 00 08 46 6F 68 l.com...me...Foh
64 33 69 65 6E d3ien
Next: implementation and future.
- Werner
_______________________________________________
Qi Hardware Discussion List
Mail to list (members only): ***@lists.en.qi-hardware.com
Subscribe or Unsubscribe: http://l
Name: Mail
URL: foomail.com
Login: me
PW: Fohd3ien
Name: SocNet
URL: sidetome.com
Login: goatee81
PW: asdf
Someone who has access to the encrypted account database but doesn't
know the right keys would be able to see this:
% ./crypter.py default.bin
Length: 174 bytes
PKw: HWUZ-CSHI-M4TV.ZTGX-7NCR-LMSR.QFCC-7N7A-BYN3.XSIH-DOQY-TFJ4.MN3A
Nonce: N6TD-ZM6F-ASPY.G3I8-BFN8-XPII.JHH6-XMVG-JZLS.IIC
Readers: 1
PKr: HWUZ-CSHI-M4TV.ZTGX-7NCR-LMSR.QFCC-7N7A-BYN3.XSIH-DOQY-TFJ4.MN3A
EKr: W9E7-A7LF-E6BZ.AQ3L-8VVQ-MRTA.G4SF-3JYW-ZXYE.LO3R-ARFT-DSWU.NFTB
Payload: 53 bytes
28 4A 9F 37 F0 2F 25 8B 59 25 DE 9A 96 D6 D3 3B (J.7./%.Y%.....;
DC 1E 01 EE 91 DD 97 AE 77 94 88 5B 43 3E FC B3 ........w..[C>..
4E BA 39 27 A0 3E 11 7B 4F BF 88 00 9E 3A E4 4E N.9'.>.{O....:.N
1B 50 01 51 61 .P.Qa
Length: 179 bytes
PKw: HWUZ-CSHI-M4TV.ZTGX-7NCR-LMSR.QFCC-7N7A-BYN3.XSIH-DOQY-TFJ4.MN3A
Nonce: HFUI-AUGI-QWVJ.AAAU-DGQF-FKVU.HD9S-BXZ9-WSQN.OGA
Readers: 1
PKr: HWUZ-CSHI-M4TV.ZTGX-7NCR-LMSR.QFCC-7N7A-BYN3.XSIH-DOQY-TFJ4.MN3A
EKr: I4Z8-KS8T-O6DV.SP6I-74DA-JJ6I.X4WW-ENET-3F94.LZBV-VUHZ-LUZ8.CFRA
Payload: 58 bytes
59 9B C2 C1 04 DC 84 73 CD AD 96 38 00 21 68 EE Y......s...8.!h.
C5 8C 8F 63 68 06 33 E7 0D B6 45 D6 68 62 3A A6 ...ch.3...E.hb:.
8B A9 AA 61 3A E7 9A 83 17 15 BA DF 51 50 79 D0 ...a:.......QPy.
1C 96 86 7D 40 8A 13 09 57 B9 ...}@...W.
Keys are encoded in base32:
https://gitlab.com/anelok/anelok/blob/master/crypter/base32.py
PKw is the writer's public key. We have only one reader in this case,
with public key PKr. PKr is of course the same PKw, given that the
writer wants to be able to read what it wrote, too.
EKr and the encrypted payload just look like "noise". Now, if we have
the right key (i.e., the secret key corresponding to PKr), we can
calculate ShK, decrypt RK, and then decrypt the actual content. This
is the first record:
% ./crypter.py -k anelok.keys default.bin
Length: 174 bytes
PKw: HWUZ-CSHI-M4TV.ZTGX-7NCR-LMSR.QFCC-7N7A-BYN3.XSIH-DOQY-TFJ4.MN3A
Nonce: N6TD-ZM6F-ASPY.G3I8-BFN8-XPII.JHH6-XMVG-JZLS.IIC
Readers: 1
PKr: HWUZ-CSHI-M4TV.ZTGX-7NCR-LMSR.QFCC-7N7A-BYN3.XSIH-DOQY-TFJ4.MN3A
ShK: PT6I-X6UI-ZEV7.KOAX-68SY-4FVV.3CF7-LELV-QMF8.749A-DAP7-KSAA.9NFA
EKr: W9E7-A7LF-E6BZ.AQ3L-8VVQ-MRTA.G4SF-3JYW-ZXYE.LO3R-ARFT-DSWU.NFTB
RK: LJOZ-H4X4-CJVK.HZEJ-LBX3-AFXO.M8Z6-MNQX-BCJ4.ENT3-EP76-9ZEC.9HWB
Payload: 53 bytes
28 4A 9F 37 F0 2F 25 8B 59 25 DE 9A 96 D6 D3 3B (J.7./%.Y%.....;
DC 1E 01 EE 91 DD 97 AE 77 94 88 5B 43 3E FC B3 ........w..[C>..
4E BA 39 27 A0 3E 11 7B 4F BF 88 00 9E 3A E4 4E N.9'.>.{O....:.N
1B 50 01 51 61 .P.Qa
Decrypted:
00 00 04 4D 61 69 6C 01 00 0B 66 6F 6F 6D 61 69 ...Mail...foomai
6C 2E 63 6F 6D 02 00 02 6D 65 03 00 08 46 6F 68 l.com...me...Foh
64 33 69 65 6E d3ien
Next: implementation and future.
- Werner
_______________________________________________
Qi Hardware Discussion List
Mail to list (members only): ***@lists.en.qi-hardware.com
Subscribe or Unsubscribe: http://l