Better UX for encryption
UX for all these is terrible. AFAICT we are all Dunning-Kruger cryptopunks, because it looks just hard enough, if you squint, to imagine that having head a podcast about the basic principles in outline, we understand how to behave in detail in reality. In cryptography terms, we are hoping our communications are secure from surveillance if we cover them with lemon juice.
Some of the chat programs do ok at making things secure by default even for us idiots. The most general magically functional program is keybase which leverages social media for encrypted chat.
GPG, aka GnuPG, the cyberhippy version of PGP, that venerable encrypt-my-email-or-whatever thingy.
The documentation is purest nerdview, but it’s worth it to push through and learn the tricks, such as encryption and identity verification. And it’s worth learning to do that properly, because doing it badly just exposes you to other risks.
Pro-tip: There are many different versions of gnupg, and it’s an ancient obsession of the internet to document it both obsessively and badly. Make sure that the version you see documented matches the version you have.
gpgtools: OSX GUI for GPG. Seems to integrate keychain, which means trusting apple if you use it.
Extra paranoia: offline master key, which also includes a HOWTO guide for running your key off a USB stick, which is great if you don’t want to get screwed every time your laptop dies.
When you encrypt a thing that you just need a particular password/thingy to use. I guess this no-frills NASA guide is good for that?
Using GPG to encrypt your data
Use GPG with the cipher AES256, without the —armour option, and with compression to encrypt your files during inter-host transfers.
# encrypt $ gpg --output test.gpg --symmetric test.out # decrypt $ gpg --output test.out -d test.gpg
They also recommend
--cipher-algo AES256 to ensure a robust cypher if you
have not already set this as default.
Public key crypto: When you sign/encrypt a thing for a particular recipient, where you don’t both need to know the same password. GnuPG 2.2 supports various more secure algorithms algorithms such as elliptic curve crypto in their ECC offerings.
AFAICT, none of them are quantum-robust yet. See, e.g. post quantum crypto for some fretting about that.
Also encrypts. Comparative advantages wrt gnupg? No idea.
# encrypt $ openssl aes-256-cbc -a -salt -in secrets.txt -out secrets.txt.enc # decrypt $ openssl aes-256-cbc -d -a -in secrets.txt.enc -out secrets.txt
GCHQ web-app for encryption, anyone? CyberChef,