search

HR / Crypter

🔓✨🔒 An innovative, convenient and secure encryption app
https://git.io/Crypter
MIT License
454 stars 70 forks source link

Unable to decrypt file on different machine #21

Closed strangefreeworld closed 7 years ago

strangefreeworld commented 7 years ago

I do not know if this is an issue or not, but I encrypted a file using Crypter on one Linux machine. Then, using Crypter with the same Master Pass I get an error message 'ERROR: Unsupported state or unable to authenticate data'. If this is how the system is supposed to work, I understand, I am just looking for clarification. The file was a .tar.gz file.

HR commented 7 years ago

Let me first briefly explain how it works. Crypter never ever directly uses your MasterPass to encrypt anything but instead derives a MasterPassKey from it which it then uses to derive the encryption key (which is used directly to encrypt your file). Every time a file is decrypted, the encryption key is re-derived from the MasterPassKey. Every time you set the MasterPass through the setup or reset it (through Verify MasterPass), the MasterPassKey is derived from the MasterPass using a newly generated set of (random) credentials. These credentials are used to re-derive the MasterPassKey every time the Crypter is executed (i.e. the app is launched). The reason for using randomness is that it makes a brute-force attack more impractical to be performed which drastically improves security.

Considering the aforementioned, the reason you're encountering this issue is that the MasterPassKey originally used to derive the encryption key on one machine is not the same as the MasterPassKey derived on a different machine because the set of credentials generated on the other machine is different (due to randomness). As a result your encryption key that is derived from the MasterPassKey is different and so incorrect which yields the error.

Solution (to accomplish full portability)

So it is not a bug but a security-first practice. Nor is it such an inconvenience really because all you have to do is export the set of credentials from Crypter on one machine and import it into Crypter on another machine. The formal functionality is currently being implemented, see #6 for v3.0.

However, since Crypter v2.0 uses leveldb for persistently storing the credentials, you can try to directly copy the db or even whole appdata folder which should be found under ~/.config/Crypter/ for linux from one machine to another.

Hope this helps 😄 . Try it and let me know if it works!

strangefreeworld commented 7 years ago

That is what I expected, so I was mainly asking for clarification. I will try that at some point and will let you know. Thanks

HR commented 7 years ago

It is documented now to make it more explicit https://git.io/Crypter.info#portability

HR commented 7 years ago

@strangefreeworld I've just finished implementing the formal import / export functionality. Check it out in the dev branch and let me know how you find it! I've added a settings window (access it by going to Crypter > Preferences...) from where you can access the functionality. I've personally tested it and it works! Full CRYPTO file portability.

HR commented 7 years ago

Resolved with resolving #6