How I encrypt files in the cloud
Some time ago, while reading Habr, I came across an article in which the author talks about the need to encrypt files uploaded to the cloud. Being one to whom the only thought that the “uncle” providing the cloud storage service has the ability to use my files at its discretion, I began to think about encrypting them. It pushed for these reflections and the fact that the cloud is free. Of course, using an archive with a password was a terribly inconvenient solution when it came to a large number of downloadable files. It has long been for this purpose created a special utility, and now, if I had raised a question, I decided to tell about it.
At the very beginning of using cloud storage, I wanted to use simple XOR encryption. The implementation of this algorithm is not difficult (Friedman A., Klander L., et al .: "C / C ++. Program Archive" - ​​Moscow: BINOM Publishing House, 2001 - 640s.), For its implementation do not need any serious calculations. However, this encryption method has only one plus - it is relatively quickly executed. At the output we have a file, the contents of which will scare away only a non-professional. XOR encryption does not provide as serious protection as it may seem at first glance. First, if you cheerfully encrypt many files with one key, then the evil uncle needs to get at least one original of some of the files in this series somewhere, in order to unlock the key and just as fun to decrypt the entire series of files:
Key = 01101001
Text = 10010001
Encoded = 01101001 ^ 10010001 = 11111000
Key = Encoded ^ Text = 11111000 ^ 10010001 = 01101001
')
On the other hand, the algorithm has too simple a mathematical description, in connection with which, it is possible to open the key without having the original file, which is written, for example, here .
In this regard, we will not use this byaku, but I still post a link to the source for completeness. One of the most simple and sufficiently robust algorithms is the AES-256 standard. There were a lot of controversies around him, but in the USA he was allowed to encrypt information relating to state secrets (see the Wikipedia archive ), today there are no ways to successfully attack this algorithm in a reasonable amount of time. One kind person has already worked on the software implementation of this algorithm and allowed to freely use his work ( developer's website ). It was advisable to take advantage of this decision. Sources of utilities:
github.com/asu2010/crypt - XOR encoder / decoder
github.com/asu2010/crypt_AES-256 - AES-256 - Encoder / Decoder
Both programs are console (of course) and made for Windows. Programs have a default key created by the password generator program. It is stored in DEFAULT_KEY macros, which makes it easy to change. For ease of use, I called the executable file “crypt ++. Exe” and added the path to this file to the PATH environment variable. Encryption with the default key from the CMD looks like this:
Decryption:
If you need to use another key, you can specify it after the enc / dec parameter:
Perhaps this tool is not very convenient, but not hopeless. Let's write a small bat-nickname:
Now we can encrypt an array of files in any folder, deleting the originals. To decrypt files in the same way, we will write a similar command in which our crypt ++ will be called with the dec parameter. In these teams, you can specify a password that does not need to be remembered. The path to this batch file can also be specified in the PATH variable and it will be more convenient to use the utility for a large number of files. Now, in fairness, I’ll tell you about the unpleasant moments.
The first three problems can be solved if suddenly there is a strong desire.
These tools weredeveloped carelessly coded for two days for personal use. I have been using it for almost a year now and have not experienced any inconvenience.
At the very beginning of using cloud storage, I wanted to use simple XOR encryption. The implementation of this algorithm is not difficult (Friedman A., Klander L., et al .: "C / C ++. Program Archive" - ​​Moscow: BINOM Publishing House, 2001 - 640s.), For its implementation do not need any serious calculations. However, this encryption method has only one plus - it is relatively quickly executed. At the output we have a file, the contents of which will scare away only a non-professional. XOR encryption does not provide as serious protection as it may seem at first glance. First, if you cheerfully encrypt many files with one key, then the evil uncle needs to get at least one original of some of the files in this series somewhere, in order to unlock the key and just as fun to decrypt the entire series of files:
Key = 01101001
Text = 10010001
Encoded = 01101001 ^ 10010001 = 11111000
Key = Encoded ^ Text = 11111000 ^ 10010001 = 01101001
')
On the other hand, the algorithm has too simple a mathematical description, in connection with which, it is possible to open the key without having the original file, which is written, for example, here .
In this regard, we will not use this byaku, but I still post a link to the source for completeness. One of the most simple and sufficiently robust algorithms is the AES-256 standard. There were a lot of controversies around him, but in the USA he was allowed to encrypt information relating to state secrets (see the Wikipedia archive ), today there are no ways to successfully attack this algorithm in a reasonable amount of time. One kind person has already worked on the software implementation of this algorithm and allowed to freely use his work ( developer's website ). It was advisable to take advantage of this decision. Sources of utilities:
github.com/asu2010/crypt - XOR encoder / decoder
github.com/asu2010/crypt_AES-256 - AES-256 - Encoder / Decoder
Both programs are console (of course) and made for Windows. Programs have a default key created by the password generator program. It is stored in DEFAULT_KEY macros, which makes it easy to change. For ease of use, I called the executable file “crypt ++. Exe” and added the path to this file to the PATH environment variable. Encryption with the default key from the CMD looks like this:
>crypt++ example.jpg enc Decryption:
>crypt++ enc_example.jpg dec If you need to use another key, you can specify it after the enc / dec parameter:
>crypt++ photo.jpg enc Ajk45BZ972pr Perhaps this tool is not very convenient, but not hopeless. Let's write a small bat-nickname:
@echo off echo / echo : set /P FoldPath= cd %FoldPath% for /f %%i in ('dir %FoldPath%\*.* /b') do ( crypt++ "%%i" enc del "%%i" ) Now we can encrypt an array of files in any folder, deleting the originals. To decrypt files in the same way, we will write a similar command in which our crypt ++ will be called with the dec parameter. In these teams, you can specify a password that does not need to be remembered. The path to this batch file can also be specified in the PATH variable and it will be more convenient to use the utility for a large number of files. Now, in fairness, I’ll tell you about the unpleasant moments.
- In AES-256, files are encrypted in blocks of 16 bytes each and the size of the encrypted file is always a multiple of this number. If the number of bytes in your source file is not a multiple of 16, then in the decrypted file the bytes with the value NUL will be added to the end. Although this is not a file corruption. This only applies to a utility that uses AES-256.
- The encoder / descrambler for mobile gadgets has not been implemented. When downloading files to another PC from the cloud, you need to decrypt them.
- The proposed bat-nickname is not capable of being called recursively for the subdirectories of the folder specified to it. In addition, file names in the target folder should not contain spaces.
- AES-256 encryption is very slow. On my Celeron, the encryption speed was about 40 kb / s. But it is unlikely that a more powerful figure can be obtained on a more powerful machine.
The first three problems can be solved if suddenly there is a strong desire.
These tools were
Source: https://habr.com/ru/post/242283/
All Articles