You might be thinking what i am trying to say here. Before we dive into our topic I hope you are safe and healthy. I know this is a tough time and I want to think loud which is kind of relevant to discuss now.
We deal with lots of secret information which may be passwords, insurance details, bank account details etc. Since we don’t trust people and systems we keep those information within. That is really a smart way but the situation we deal now makes me think in a different perspective.
I am sure nothing will happen to us but why don’t we share those information to someone we trust. If you are thinking in the same direction then i am not the only one in the ship. The use case here is you want to share those information to someone who lives far from you. The question here is how do we share it?. There are tons of options like Email, Cloud Storage, peer to peer network etc
Email, most of the email are not end to end encrypted. I am not talking about TLS here. Sending and receiving emails are secured but server can read your content. Also, all the inter domain email are unencrypted. Let’s see cloud storage, passwords and secrets in plain text looks scry here right. There are options like proton mail etc but I don’t want to trust any software blindly
Now what ? We need online synchronisation with offline encryption. I am talking about PGP. We will have asymmetric cryptographic keys that is one private and one public key. Let’s make an analogy, Husband want to share password.txt file with wife.
If husband want to transfer the secrets to wife then wife should create a public and private key pair and send the public key to husband. Since public key is good to share, there is no potential problem. We can share it via Whatsapp or any kind. Now husband will import the key and encrypt the message for wife. Finally upload the encrypted message to cloud storage or any medium, Only wife can read the content since the private key is with her and it never send it over the wire.
Have you noticed the power here, there is no server and most importantly we are taking care of generating private and public key rather than thinking a third party software will do it for us. (End to end Encryption) :)
There are lot of PGP tool available but we will use Gnupg. For the demo purpose I will be showing it using two docker container of the same image with GPG installed. The reason for using docker is just to show that both husband and wife’s machine are not shared. You can think it is a different computer all together.
Gnupg link: https://gnupg.org/download/
Step1: Run the Docker container for Both the parties (husband and wife)
Step2: Run gpg –full-generate-key This will create private and public key pair
Lets see the public keys keys of both the parties
Step 3: Export the public key of Wife machine and share it to husband. Adding armor flag for ASCII mode.
Step 4: The exported public key should be shared with Husband. You could share it via any online medium Example Whatsap.
Step 5: Import the Public key which is shared. After import, list the public keys to make sure the import was successful
Step 6: Assuming husband is adding all the secrets in one file named password.txt
Step 7 : Encrypt the password file from husband’s machine. You will be noticing a new file with “.gpg” once the encryption is done
Step 8: Share the encrypted file with wife. You can use any online medium which you trust. Since we are using docker I am copying from one container to another.
Step 9: Lets try to decrypt from husband’s machine
You will be noticing an error since husband’s machine does not contains wife’s private key.
Step 10: Decrypt from wife machine. It will ask the passcode which wife entered at the time of key generation
Hope you got the idea. Thank you for reading :)