Decryption on foreign computer

[grahamking]

I would like to address the "wife's laptop" problem: I'm not at my computer, I'm at my wife's laptop, or at a library computer, or on a friends iPad, and I need my password.

Things that probably won't work

1) An easy and good solution is to put your keys on a USB stick, along with Gpg4win. Does that require any support from kip? I don't think so - gpg4win should be able to decrypt the files directly.

This only works if I can get to the USB port of the machine. At my library the computer might be locked down. My iPad does not have a USB port.

2) In-browser client-side decryption in Javascript. There is a JS opengpg library, but it only does encryption. The author says "Many people ask me about decryption in Javascript. I don't think that it could be really useful to do decryption in Javascript, because it requires the secret key and I would never paste my secret key in a web form." Decrypting the files on the client requires us to send your secret key to a potentially hostile computer.

Idea

I think using HTTP / a browser is the simplest and most widely available interface.

We should definitely use SSL, although we can probably leave that for external tools, such as stunnel (or any SSL and proxy capable web server).

We could decrypt everything server-side before you go travelling, and re-encrypt it with a "disposable" symmetric cipher, which also has a JS implementation, such as AES.

We add a kip server command which waits for a glob as the url path, and sends you the AES encrypted file, along with some JS. On the client the JS asks you for the passphrase and decrypts the file.

We can also use HTTP basic-auth to discourage people more.

Once you get back home you stop the kip server and delete the symmetric files. You're only at risk during your travels.

I would probably forget to do this before I leave, so setup must be simple enough that I can talk a friend through it on the phone ("Turn on my computer and type ssh remote_machine, now type kip server, ok enter this as the passphrase, that's it thanks!")

I think using SSL will protect us from network caches, and doing decryption in JS will protect us from the browser's cache.

This requires you to have an Internet visible server you can run stuff on.

What if there is a key logger on the machine I'm using?

Once we have a basic plan I can ask for feedback on a crypto forum.

@yml, @sethtrain, @wrb What do you think?

[ghost]

Wife's computer or a more of your computers should be fairly easy, just grab Dropbox or any similar service, since the unencrypted data are never committed to the filsystem. Unless I can't read source code that is.

Library computer is worse. I like your idea in general though I'm not sure how good would AES in javascript be. It also seems kind of redundant -- you are already using SSL to protect yourself from network sniffing (and you presumably have your server's fingerprint on a paper with you). It makes sense however if you really don't want to have both data and key on any computer for a long time.

Another way would be to use one time passwords -- generate asymmetrically encrypted data and use OTP to acces it (through SSL and http-basic) and when you session is done, press a button that makes the switch to the next OTP. That requires the remote computer to have the data in plain however.

[grahamking]

The idea of doing part of the decryption on the server (AES) is that it should defeat any browser caching / logging. It it's just in HTML the browser might write the page to the disk - browsers cache HTTPS content just like HTTP content.

I love the idea of one-time passwords. Maybe a combination of a passphrase and a one-time PIN code. "Web-based methods" here looks possible: http://en.wikipedia.org/wiki/One-time_password#Web-based_methods

[yml]

cherokee admin is using onetime password to secure the admin.

as the side note there is a gpg an attempt to write GPG client in in JShttps://github.com/GPGTools/Mobile .

On Fri, Mar 30, 2012 at 7:31 PM, Graham King < reply@reply.github.com

wrote:

The idea of doing part of the decryption on the server (AES) is that it should defeat any browser caching / logging. It it's just in HTML the browser might write the page to the disk - browsers cache HTTPS content just like HTTP content.

I love the idea of one-time passwords. Maybe a combination of a passphrase and a one-time PIN code. "Web-based methods" here looks possible: http://en.wikipedia.org/wiki/One-time_password#Web-based_methods

---

Reply to this email directly or view it on GitHub: https://github.com/grahamking/kip/issues/7#issuecomment-4847292

[grahamking]

Another option is, at the web cafe, download putty.exe, ssh to your server, and just run kip (with --print option) there.

(some time later, having though about it)... but then the web cafe (which we assume is running a key logger) has your ssh password. Double plus bad.

[grahamking]

Some thoughts:

• The encrypted kip files themselves do not need protecting. The only thing to protect is your passphrase. We can put encrypted files on a public web server. The secret key be kept secret, but it's CAST5 encrypted with a hash of your passphrase, so actually it's safe too.
• Decrypting GPG files in javascript would be a lot of work. You have to first do radix-64 to go from ascii to binary, then you have to AES decrypt, and finally you have to unzip. I for one am not excited about doing that type of thing in Javascript.
• I couldn't find any windows programs to do the decryption, that you don't need to install. For example putty.exe you download and run. GPG4Win and 7-zip (which does AES) and so on, you need install permissions. And this wouldn't cover iPad / Mac anyway.
• I would love to find a Javacript file that could decrypt something that GPG can make. Any algorithm would do. Then the preparation is kip just decrypts everything with your secret key, re-encrypts it with a "travel" key you choose, and you copy the files to your web server, along with some javascript for the decryption.
• Failing that I think we have to do server-side decryption and transmit the password in the clear (over SSL). You were going to copy that password and type it right into gmail's login box anyway, so we're not adding any risk. We would definitely need one-time passwords, otherwise a key logger would give someone access to all your passwords, not just the gmail one you wanted.

[grahamking]

It sounds like javascript encryption doesn't add much security over SSL, like wrb mentioned. See Javascript Cryptography Considered Harmful. We can set headers to ask the browser not to cache the page.

Interesting discussion about key loggers at security.stackexchange.com. In short if you can't trust the client (web cafe machine), you shouldn't log in.

That said, there seems to be two ways to have secure login from an untrusted computer:

1. Two-factor authentication. Combining "something you know", which is your passphrase, with "something you own", usually a physical security token, such as a SecurID. The Yubikey looks cool, but it requires USB port access and, well, I don't think we can expect people to buy a device to use kip.
2. One time passwords. This is great, but I can't think of a way to manage it. You can't memorise them all.
   • Do you print out a big list and carry it around with you? That works for a short time, like a vacation, but not for random access on my wife's computer.
   • Do you use sentences from a book, like in a spy novel? You would only need to capture a couple of sentences for Google to find the matching book.

Unless we can come up with an elegant way of making one-time passwords, I think we should drop the requirement to be secure on an insecure client (web cafe), and focus on allowing access on a trusted machine (wife's laptop, friends house) which doesn't have kip / gpg on it. That's a much simpler scenario. As long as we're over SSL, we can ask for the secret key's passphrase.

GPG allows you to change your passphrase without changing your secret key, the passphrase just encrypts your secret key.

[grahamking]

Pull request in #11