Hello and welcome to the online course Cracow crypt file open source file encryption. In short what we will accomplish in this course First I will give an introduction to encryption and file encryption in general then we will look at the software in detail we will do this on Windows and Linux. First of all we will look at the installation process and the basic functions. Then we will take a look at the different crypto providers kroeker file includes this will be password based encryption windows keystore based encryption using tokens and GPG or open PGP key based encryption. Finally, we will look at what cloaked encryption exactly means and provides I will show the web decrypt tool for password based encryption. And at the end I will give also an introduction to the command line or server usage of cryptography file introduction to encryption. Cryptography has many areas the most important one probably being encryption. We Basically distinct between symmetric and asymmetric encryption algorithms. Another widely used expression for symmetric encryption is public key encryption. In practice, we mostly use hybrid encryption systems like HTTPS over SSL or TLS, respectively, s mime or SSH and not to forget PGP. So when you’re using your browser calling a web application over HTTPS, you’re automatically already using a hybrid encryption system. Hybrid here means using the best of both worlds, the speed of symmetric algorithms and the easy key distribution provided by a symmetric algorithms. Password based encryption usually work solely symmetric but with the help of several algorithms, including hash functions to generate a key from the password. cloak encryption is a special form of encryption, which can be put in the area of plausible deniability. which you might have heard of when you’re using TrueCrypt. To give you an impression of the classification of algorithms, I provide the names of the most popular ones. For instance, symmetric algorithms are AES the Advanced Encryption Standard to fish triple this and a couple of others as symmetric or public key encryption algorithms are RSA or elgamal. hashes are for instance, Sha the famous Sha family or Whirlpool as password two key derivation algorithm. The most famous one is PB k df two which means password based key derivation function to its proposed in the standard pkcs five best known for you might be RSA and as the most SSL certificates are most probably RSA based. The same is true for email encryption certificates s mime certificates, pbk D. Have two is used by TrueCrypt for instance and its successes There are also other password two key derivation functions but mostly weaker. Sometimes simple hashing is used but password to key derivation functions provide much more than just hashing. Please note that password to key derivation is the most important part for password based encryption. There are many password based encryption apps which are claiming that they do a Aes 256 and hence they are promoting that they are using strong cryptography but hackers always attack the weakest link and a weak password to key derivation means that the overall security of the application is weak. So claiming to do a Aes 256 is not enough but the password to key derivation algorithm is the most important point for the overall security and of course for password based encryption, the length And the complexity of the password is of equal importance from the user side. The application can help here but at the end, the user has to decide and make out its password is considered to be secure. What are the parameters for a password based encryption? As I said before, the password length plus complexity is the most important parameter from the user side. But what about other cryptographic attributes or properties that we’ll discuss in the following. The block length described in short is the smallest data chunk which is actually encrypted by an algorithm. If you think for instance of a s, the block size is 128 bits or 16 bytes. AAS is designed for this block size no matter which key length you’re using. And a S key can be up to 256 bits, which is generally called a Aes 256, but the block size remains 120 eight bits. In practice a certain block cipher mode allows to encrypt an unlimited amount of data. So a block cipher mode defines the way how an encryption algorithm is used to encrypt an arbitrary size of data. Despite the fact that the algorithm is designed for certain block size only. Common cipher modes are CBC cipher Block Chaining mode, ECB or XPS, just that you’ve heard of it. The length of the key is important when it comes to crypto analysis or hacking of a cipher. In general, you can say the longer the key, the better. However, this is specifically only true when regarding a single algorithm. For instance, RSA as an asymmetric cipher uses typical Keeling’s of 2048 or 4096 bits as uses 128 or 256 bits. This does not mean RSA is more secure. It is a completely different algorithm. That’s why you can’t compare the two Difference of the key length. The length of a hash, especially in the context of password based encryption is very important when regarding brute force attacks on the key derivation. The same is true for the salt length, the salt is combined with an individual password to enhance the passwords strength. The iteration count is the number of rehashing processes on the combined password and salt, which is again important to enhance the whole key derivation security. Just a short look on keys cryptographic keys keys used in algorithms like a s or RSA keys generally can be stored or derived in different ways. Mainly there are password based keys or token based keys when you have a password based key will still have parameters to be stored parameters here means the input for the key derivation function. These parameters can be stored with the encrypted data or separately without these parameters. You will not Be able to restore the same key from the same password for instance for the decryption. When we are talking about keys in tokens, we have soft tokens so hardware tokens, software tokens usually means key files. If you lose a key file, you will not be able to decrypt your data as well. Hardware tokens can be smartcards USB based devices or hsms. hardware security modules. Depending on the application of the hardware token, the key is created on the token or uploaded to the token. For instance, signature keys RSA signatures for let’s say, email are usually created on a smart card itself. When we are talking about keys used for encryption and decryption, you usually want to have a key backup so you will have an external key generation. Typically an HSM is used that way, depending on the kind of the token The key is protected in different ways. Hardware tokens, obviously protected Key by hardware functions. A key in a key file is protected by the operating system or which is very common protected by a password based encryption. Take PGP as an example, to open your key file, you will have to put in a passphrase. The passphrase is used to decrypt your private keys. So again, the overall security of this encryption system depends on your password and the secure password key derivation. Now to the application of all what we’ve just learned, file encryption. No matter if we are regarding enterprise users or home users, everybody has a concern for data privacy. File encryption is part of the overall security strategy for privacy. There exists tons of different ways to perform file encryption enterprises use different heart and software environments and hence have various requirements on how to perform file and data encryption. However in this course We are focusing on a more general or universal solution for file encryption in general. Common formats for simple file encryption are, for instance, open PGP and zip. The purpose of these formats is usually file exchange, file archiving, or backup if you’re thinking of cloud backups, or backups to external drives, so offline backups very often, even in large enterprises, you’ll find cases where employees use for instance, a password based encryption to exchange files with customers. This usually derives from the fact that there is no common and easy secure file exchange between different entities. So the target group of these forms of file encryption solutions, single person’s home users or their private files and also working groups like on an enterprise level, let’s take a look on certain characteristics of these file encryption solutions. Open PGP is a standard and implement In applications like PGP and new PGP or GPG, it is a proven technology and together with s mime, especially a market leader in email encryption. Of course, we will not look at email encryption here but focus on the file encryption capabilities of open PGP. Open PGP offers different ways for keys. There are simple password based encrypted files. There are the classical PGP key files, and there are also smart cards following the open PGP standard. Open PGP only allows to encrypt single files, especially on the Linux with a programmable shell. People often use piping to encrypt multiple files and directories for example by piping to a tar or zip archive. Because of the use of public keys. It’s perfect for groups but also individuals. However, the security of the key derivation from password has weak defaults. In most implementations. This is especially true for the Default iteration count. Let’s look at zip for a moment because it’s worldwide and widely used. After all, from my personal experience from big enterprises encrypted zip archives are the most commonly used file archives for quick file exchange in IT projects, most often not allowed by company policies. However, because most people have a zip utility at hand, it is very common to use a simple password based encryption and exchange the password sometimes in the same email used to send the archive. It’s a classic format, of course, it’s very old, but the encryption is not broken. The standard only allows password based encryption, of course, because we’re talking about zip archives, you can use it for multiple files and directories, but there is no encryption of file headers. So when you look at an encrypted zip archive, you will still be able to see it The date and time of the file the creation time, for instance, the sizes of all files when they would be unpacked. So the file sizes of the decrypted files and of course, things like the number of files that can say something about the content of the archive, and especially important file names. Sometimes in enterprise scenarios. file names can for instance, include customer names or customer IDs. So it’s sensitive as well. To the security of the key derivation. It has to be said that the are also weak defaults most of the time. Most zip utilities for compatibility reasons use defaults proposed by the standard. Nowadays, these can be seen as weak. Again, the standard itself is not broken, you could enhance the defaults. Most tools don’t do that. If they don’t, then you need at least a 20 digits long random password to accomplish an adequate cryptographic security for Nowadays computational power. Let’s come to Cracow crypt file which this course is about. It is an open source alternative that tries to combine the best of both worlds. It offers several options for keys which will be enhanced in the future. First of all, it supports simple password based encryption. It supports key file based encryption with keys coming from the Windows key store, of course only under Windows, but also open PGP key files can be used. And especially on a Windows you can also use tokens that are available in the Windows key store. So here the Microsoft copy or crypto API is supported at least four hours a keys or tokens because all use crypto providers are plugged into the application. Additionally, other crypto providers are possible. For instance, for enterprise customers pkcs 11 is possible for the adaptation of smart cards or hsms for soli password based encrypted files. There exists also a simple web based decryption tool that is part of the open source project so that the recipient of a croc decrypt file does not even need to have the software installed. The decryption is like a simple download in your browser. Similar to zip multiple files and directories can be included in an encrypted archive. Crocker crypt file includes the encryption of all file headers, because what it does is it creates a giant file dump. So everything is encrypted headers and the content of all files, and it’s simply dumped to a giant archive. So at the end, all you can see when you look at a corporate group file archive is that you have in fact a corporate group file archive in front of you and the size of the whole archive. That’s all you don’t know how many files are in there, what their sizes are, and especially you know, time dates and file names, additional modes. encryption are headerless files and cascading encryption. cascading encryption currently only supports AES and twofish. So that means the data is encrypted twice first with a s and second with twofish. What does headerless file mean? As I said before, cracovia file creates giant file dumps, so you can only tell it’s a crock of crap file, but nothing else nothing about the content. Within headerless file even the Crocker crypt file header will be removed. That means the file type is not detectable anymore, even by croco crypt file itself. That is why when decrypting a headerless file croco crypt file has to trial and error and may never finish to decrypt the file. As you can see, this is a special type of file or special circumstances like for creating cloaked files to store in the cloud backup. The giant file them without header provides maximum privacy. Again, it just looks like a giant file. Pure random numbers. When we’re talking about password based encryption proclip file uses secure key derivation and strong defaults. It follows p baikie df two from pkcs five, which we talked about before, and uses by default 100,000 iterations and the secure and long hash function. Additionally, all the crypto settings of crawcrook file all the parameters we talked about before are configurable and can change over time. So let’s say in 10 years, we will still have a s 100,000. iterations for a password to key derivation will be weak but the iteration count as well as all other parameters can be enhanced.