The Living Thing / Notebooks :

Encrypting stuff

Alice, Bob, GHCQ

Better UX for encryption

UX for all these is terrible. AFAICT we are all Dunning-Kruger cryptopunks, because it looks just hard enough, if you squint, to imagine that having head a podcast about the basic principles in outline, we understand how to behave in detail in reality. In cryptography terms, we are hoping our communications are secure from surveillance if we cover them with lemon juice.

Some of the chat programs do ok at making things secure by default even for us idiots. The most general magically functional program is keybase which leverages social media for encrypted chat.

Basic GPG

GPG, aka GnuPG, the cyberhippy version of PGP, that venerable encrypt-my-email-or-whatever thingy.

The documentation is purest nerdview, but it’s worth it to push through and learn the tricks, such as encryption and identity verification. And it’s worth learning to do that properly, because doing it badly just exposes you to other risks.

Pro-tip: There are many different versions of gnupg, and it’s an ancient obsession of the internet to document it both obsessively and badly. Make sure that the version you see documented matches the version you have.

Symmetric encryption

When you encrypt a thing that you just need a particular password/thingy to use. I guess this no-frills NASA guide is good for that?

Using GPG to encrypt your data

Use GPG with the cipher AES256, without the –armour option, and with compression to encrypt your files during inter-host transfers.

# encrypt

$ gpg --output test.gpg --symmetric test.out
# decrypt

$ gpg --output test.out -d test.gpg

They also recommend --cipher-algo AES256 to ensure a robust cypher if you have not already set this as default.

Asymmetric encryption

Public key crypto: When you sign/encrypt a thing for a particular recipient, where you don’t both need to know the same password. GnuPG 2.2 supports various more secure algorithms algorithms such as elliptic curve crypto in their ECC offerings.

AFAICT, none of them are quantum-robust yet. See, e.g. post quantum crypto for some fretting about that.


Also encrypts. Comparative advantages wrt gnupg? No idea.

# encrypt

$ openssl aes-256-cbc -a -salt -in secrets.txt -out secrets.txt.enc
# decrypt

$ openssl aes-256-cbc -d -a -in secrets.txt.enc -out secrets.txt


GCHQ web-app for encryption, anyone? CyberChef,