Password

About Portable Encryption

Your Duties and Obligations

Well, this software is free which basically means you can do whatever the hell you want with it. The license says "Do what thou wilt, shall be the whole of the law". If you want to read it in boring lawyer terms, it is here.

Why did I do this?

I was reading this text, and when I got to the part where the author says that a big problem is that most people can't install software in the machines they use, I thought "hey, perhaps I can do something about it". So this is my humble shot at it. I know if you need to send lots of messages it might be really annoying to use this, but without installing absolutely nothing, and just with a browser available, I think it is the best I can do, however, this is a free software, you can improve it, if have no technical skills, contact me with your suggestion :)

How to use

Suppose Alice wants to talk privately with Bob in a monitored environment. Alice should go to Asymmetric encryption and generate a Key Pair, Alice than sends Bob her Public Key. Bob then goes to the Asymmetric encryption, types a strong password in the Plain Text field, then pastes Alice's Public Key in the Public Key field, clicks the button Encrypt Using Public Key and send the Cipher Text to Alice. Alice then pastes the Cipher Text she got from bob in the Cipher Text field of the Asymmetric Encryption, pastes her private key in the Private Key field and clicks "Decrypt Using Private Key". The plain text field now contains the password Alice shares with Bob.
Now Alice types that password at the Password field of the Symmetric encryption, her message in the Plaintext field, clicks the button "Encrypt" and sends Bob the Ciphertext. Bob receives the Ciphertext from Alice, paste it in the Ciphertext field of Symmetric Encryption, types the password he sent to Alice and clicks the button "Decrypt". The two of them now have a secure way of communicating.

Blocked Site / No Internet?

you can visit the page on another computer, the go to the menu bar > file > save page as... it will save a .html file, put it on a pen drive, and you can open it with any browser, even with censored internet. You can also download it from here .

Recommendations

Change all your keys as often as you can. Also, I can not stress this enough, use a STRONG password. It is not only about lenght, it must be as random as possible, so please, use a password generator. A lenght of 20 random characters is ok.

Problems with this software

First is the usability, since a requirement was that it should work with just a browser, and absolutely no installing, it might be annoying to keep pasting messages from facebook, gmail or whatever you use to communicate in here.
Second: This might get a little technicnal: IV's and salts are constant. This was done so it gets easier to use, this way you just have to exchange a key, and don't have to send IV's and salt. It would be more secure if it used random IV's and different salts everytime, but in no way this compromises security, there is no practible known way of breaking AES even in ECB mode with no IV's and or Salt, just use a strong password and you will be fine (I recommend using the random generator button).
Last but not least: this will not prevent meta-data leaking, which means that someone intercepting traffic will still know Alice talked to Bob in an encrypted form and what time they did it, but they will not know what they talked about. On the same topic, the oponent might see that you are now using encryption, which may raise some questions, for example, if you use this to send a co-worker an encrypted message via company e-mail, and your boss eavesdrops on you, he might ask himself what you are talking that he can not know.
Also, be aware: as pointed by the mentioned text above, there is no point in encrypting any information if the opponent can simply read it from your screen or capture it as you type. This will only protect you from a eavesdropper outside your computer, like ISP's or someone intercepting network traffic.
The last two items are not a problem specifically of this application, but from encryption. It does not anonymizes you and there's nothing anyone can do if your computer is compromised.

Contact info

Emails:
yurifw@protonmail.com
yuridefw2@gmail.com

Technical Details

Following are the libraries I used to build this:

Specifications of the Algorithms:

  • AES-256
  • Counter Mode
  • RSA with 2048 bits