Currently can encrypt and decrypt small files.
- Create a website service that can encrypt and decrypt these files for you and hold them “hostage” until a certain timestamp.
Encryption Options
Server is King
- User uploads file to site
- File is encrypted then user can download the file
- Identifier is prepended to the file
- We store the encryption key to decrypt it
- User reuploads file to decrypt the file
- We read the identifier to find which key to use
- Decrypt file
Hold it for me
Server just holds the unlock key
- User uses tool to encrypt their own file
- Key, nonce, and/or identifier is uploaded to site
- User retains nonce or some identifier which is added to the file, but discards the key
- To decrypt, user provides nonce or a identifier
- Decrypt key is returned to user
RSA Option
- User uses tool to encrypt their own file, returning a unlock mechanism
- We provide our public key for user to encrypt
- is prepended to the file, and stored, as well as public key.
- Server provides private key to unlock the file
- Private key unlocks , which then can be used to decrypt file
CLI Tool
- CLI tool to time encrypt files
clockblock -l {filename} {unlock timestamp}-lock, -lclockblock -ul {filename}-ul, -unlock<<<<<<< HEAD =======
Database Schema
RSA encrypt their input -> Public, Private
- id (int)
- Private Key (bytes)
- Unlock Timestamp (timestamp)
- Nonce (optional)
Problem:
- IDs are easy to guess, making data insecure
Solution:
- Ignore it, make the data publicly available
- Add extra authentication layer (per user authentication)
- Add a separate key to reference to in input which makes guessing the ID harder.
g