Getting data securely to me, starting from (almost) nothing:
If I’m out and about and my bike gets stolen, along with all of my gear – or worse yet, I get accosted by highwaymen who steal all my things by force and leave me stranded – my concern will be immediate physical safety.
Beyond that, and assuming there is at least some honest infrastructure I can use, my concern will be replacing my equipment. I have some important things memorized, but I also have a bandana I made with various secret information encoded on it.
So, assuming the criminals don’t strip the clothing off my head, I can contact friends and family, share identifying information, and authenticate with some online services. Another thing I can do with the bandana is exchange sensitive data over the internet by encrypting it, because it’s got a slightly obfuscated copy of my private RSA encryption key on it.
How does that work?
Let’s assume I’ve lost everything but the bandana, so I’m starting from scratch with some new blank laptop I bought in a local shop.
Using that I can connect to the internet and download various pre-encrypted things I’ve created, and access them with the key in the bandana. But I can also have people encrypt things and send them to me.
That’s why I made this post: The explanation below is the bare minimum people will need to safely send me things, large and small:
First thing you need is this public key:
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwAGrQGlUBYTz+1nbQjUk
NSCb4qdOZ76JI8W6Jgcx6uh0w7RYgp933VvVa0+gOezIN9n1C3lQd01uT14vp0EO
9t/aSipH+I4px5zZBBcdu6aKtuDEgUiaaTmV7+w66QCxcN7ACitkoqW/pmv8l4mg
bPhbSsyb3+e0bHCQ2f90MX1szsplEsu8LElEVL9Y2lR5tHZ2UlqA3mVqHqK7a9ue
SU7rEfNIPV3EEkU59L5lAPwKqFsekPxRhToQD2AK9tuyRMtZCam6jMEtxNQm5Qrz
Wgqvbin39u30HMR39Q5AZ+vNhb9aD+Iibl5jZe8x5TH18/Z0wd/8jtdSk/5mcjZC
XyMW0hguL1EX+E8mNbTZklVbjMhPq53rwgNm9O5RYcHPkaB3AcI+zxv+6AzzXl/Q
5VP0EfDyqSfzge3Yyxdj9T2QV275KCyEKKs7pEucUN0d5OKOQuXXtoojjH0kWEMx
oh/B0Z7B0leDcAMqgoe/l5avw8i56bWoNZ6gJ7BeT8/Wubk7wNyZYKBDb3JHRNYY
dQeXnQxiYObnq5T2JqyFfG0ITHq5Q7KzIv9kWG5rapGSBdtkVCEGDY9zPt7oHoeM
eTujgVYXux0FoyHrG86GKhlVVVxHY0pHeDwlsW2rjJr9E5iizLAkcDF50OdbjIa9
F9Hrzo6RF0XI5YbrR+Z9KBMCAwEAAQ==
-----END PUBLIC KEY-----Grab this text and paste it into a file called id_rsa.pub.pkcs8
To send:
Let’s say you have a big thing you want to send: secret.zip, a zipfile full of stuff.
We’re going to make a temporary key, encrypt that file with the key, encrypt the temporary key with my public RSA key, and package secret.zip and the encrypted temporary key together, like so:
$ openssl rand 64 | base64 -b 0 > key
$ openssl aes-256-cbc -in secret.zip -out secret.zip.enc -pass file:key
$ openssl rsautl -encrypt -oaep -pubin -inkey id_rsa.pub.pkcs8 -in key -out key.enc
$ tar -zcvf secret.tgz *.encThe resulting file, secret.tgz, is what you’ll want to send me.
To receive:
When I get secret.tgz, I decompress it and find two files inside:
key.enc
secret.zip.encThen I run the following:
$ openssl rsautl -decrypt -oaep -inkey ~/.ssh/id_rsa -in key.enc -out key
$ openssl aes-256-cbc -d -in secret.zip.enc -out secret.zip -pass file:keyThat gets me secret.zip, and the exchange is done.
It’s incredibly unlikely that I’ll ask anyone to send me things this way, but this page is here just in case.
A variation of this is how I intend to get all my data back in my hands even if I’m in a part of the world where everything I send or receive online is subject to eavesdropping or logging by weird state actors or random criminals.
References:
https://gist.github.com/fcoury/4890d7831d7e83ba1782 , https://www.bjornjohansen.com/encrypt-file-using-ssh-key