Page 1 of 3

Encrypted Messaging, The Puppy Way? [SOLVED]

Posted: Sat Mar 27, 2021 4:54 am
by JASpup

Still a relative newbie I'm wondering if we have a common way to send encrypted messages (e.g., eMail).

Is Enigmail the way?
http://wikka.puppylinux.online/Enigmail

Pidgin with Off-the-Record (O.T.R.) Messaging?

The other side is probably still on a Mac.

http://wikka.puppylinux.online/encryption


Re: Encrypted Messaging, The Puppy Way?

Posted: Sun Mar 28, 2021 11:42 am
by ThruHammer

*Post withdrawn* due to information overload.


Re: Encrypted Messaging, The Puppy Way?

Posted: Sun Mar 28, 2021 4:27 pm
by 666philb

Re: Encrypted Messaging, The Puppy Way?

Posted: Sun Mar 28, 2021 7:20 pm
by watchdog

I did some experiments in several puppies installing gpg and sylpheed from the repository. Sylpheed from ubuntu and slackware repository has gpg support. I had no friends using encryption and so I abandoned my experiments.


Re: Encrypted Messaging, The Puppy Way?

Posted: Sun Mar 28, 2021 10:52 pm
by mikewalsh

@JASpup :-

ProtonMail is pretty good for an encrypted mail service. You can use this via the browser; AFAIK, there isn't a desktop 'app'.

As for encrypted messaging, I've recently been experimenting with packages for Session. It's based on the popular Signal messenger, but where the Linux desktop app is simply a 'client' for the mobile phone app - it won't work unless you have an Android or iPhone 'smartphone' with the Signal app installed - Session is genuinely standalone. Unfortunately, the Session desktop client is NOT a small, Puppy-sized app.....it's Electron-based, meaning it's built around a stripped-back Chromium browser.

So; not really your "cup of tea", I assume. There's also Telegram; been around for quite a while, had security 'issues' a couple of years back, but their encryption was radically beefed-up recently, and it's probably a pretty good choice now. Runs on pretty well every platform, too.

Mike. ;)


Re: Encrypted Messaging, The Puppy Way?

Posted: Mon Mar 29, 2021 5:30 am
by williwaw

I know a lot of folks that have gone to proton, but the encryption is only effective if both parties have a proton email address.

deltachat is an interesting desktop/android/iphone app. It's interface is a chat app that has end to end encryption. what makes it different is the messages are actually encrypted emails, and are stored on your email account server, not a central server under the control of a messaging provider.


Re: Encrypted Messaging, The Puppy Way?

Posted: Mon Mar 29, 2021 7:54 am
by version2013

I recently found this site:
https://www.chatcrypt.com/


Re: Encrypted Messaging, The Puppy Way?

Posted: Fri Apr 02, 2021 6:37 am
by JASpup

Appreciate the pointers. I suppose I should first ask what os my recipient is in -- easier the better.

For the mail reader responses: Why would you choose encryption over that in Thunderbird? Is it just your experience?

I've been debating writing my own simple decoder (non-programmer here), or creating the message as a graphic that would be difficult to OCR.

If you're in Puppy and you want to take a basic text file and convert an 'M' to a 'B' and back again, what language would you use? Is a bash script capable?

Considering the possibilities...


Re: Encrypted Messaging, The Puppy Way?

Posted: Fri Apr 02, 2021 4:03 pm
by tosim

Another email encryption is: https://tutanota.com


Re: Encrypted Messaging, The Puppy Way?

Posted: Fri Apr 02, 2021 6:23 pm
by williams2

text file and convert an 'M' to a 'B' and back again, what language would you use? Is a bash script capable?

Just about any programming language could do that.
Change all M characters to B characters:

Code: Select all

#!/bin/sh
cat file1.txt | tr 'M' 'B' > file2.txt

Change all B characters to M characters (including all Bs that were in the original file1.txt.
There will be no Bs in file3.txt:

Code: Select all

#!/bin/sh
cat file2.txt | tr 'B' 'M' > file3.txt

This would be a very poor encryption method.
For example, https://en.wikipedia.org/wiki/ROT13

Code: Select all

# a=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
# b=NOPQRSTUVWXYZABCDEFGHIJKLMnopqrstuvwxyzabcdefghijklm
# echo 'Why did the chicken cross the road?' | tr $a $b
Jul qvq gur puvpxra pebff gur ebnq?
# echo 'To get to the other side!' | tr $a $b
Gb trg gb gur bgure fvqr!
#
# echo 'Jul qvq gur puvpxra pebff gur ebnq?' | tr $a $b
Why did the chicken cross the road?
# echo 'Gb trg gb gur bgure fvqr!' | tr $a $b
To get to the other side!
# 

Re: Encrypted Messaging, The Puppy Way?

Posted: Sat Apr 03, 2021 2:09 am
by williwaw
JASpup wrote: Fri Apr 02, 2021 6:37 am

or creating the message as a graphic that would be difficult to OCR.
Considering the possibilities...

http://steghide.sourceforge.net/index.php


Re: Encrypted Messaging, The Puppy Way?

Posted: Sat Apr 03, 2021 1:03 pm
by JASpup

[ gone to ether ]


Re: Encrypted Messaging, The Puppy Way?

Posted: Sat Apr 03, 2021 5:01 pm
by JASpup

Another thought:

What if I put the message in a password encrypted archive executable that can only be opened, say, 3 times before it blows up somehow?

Is Inspector Gadget easy enough?


Re: Encrypted Messaging, The Puppy Way?

Posted: Sat Apr 03, 2021 5:32 pm
by JASpup

I'm really onto this now but you're right it's obvious to anyone with experience.

What I haven't figured out yet is if it's easy enough to make a custom reciprocal code, including special characters.

Are make, gcc, make, or CMake the trick for compiling this? http://wikka.puppylinux.com/compiling?show_comments=3

Can I give it any name and send it to a modern Mac to run in terminal?

My thinking about ROT13 is the more sophisticated security measures are, the more motive there has to be to decipher -- power, big bucks, revenge.

A lay user couldn't probably do anything with the message and wouldn't even try without the motives.

This communication is a pretty low-motive security risk, but I don't want it to be a giveaway.

williams2 wrote: Fri Apr 02, 2021 6:23 pm

text file and convert an 'M' to a 'B' and back again, what language would you use? Is a bash script capable?

Just about any programming language could do that.
Change all M characters to B characters:

Code: Select all

#!/bin/sh
cat file1.txt | tr 'M' 'B' > file2.txt

Change all B characters to M characters (including all Bs that were in the original file1.txt.
There will be no Bs in file3.txt:

Code: Select all

#!/bin/sh
cat file2.txt | tr 'B' 'M' > file3.txt

This would be a very poor encryption method.
For example, https://en.wikipedia.org/wiki/ROT13

Code: Select all

# a=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
# b=NOPQRSTUVWXYZABCDEFGHIJKLMnopqrstuvwxyzabcdefghijklm
# echo 'Why did the chicken cross the road?' | tr $a $b
Jul qvq gur puvpxra pebff gur ebnq?
# echo 'To get to the other side!' | tr $a $b
Gb trg gb gur bgure fvqr!
#
# echo 'Jul qvq gur puvpxra pebff gur ebnq?' | tr $a $b
Why did the chicken cross the road?
# echo 'Gb trg gb gur bgure fvqr!' | tr $a $b
To get to the other side!
# 

Re: Encrypted Messaging, The Puppy Way?

Posted: Sat Apr 03, 2021 7:38 pm
by williams2

You normally would use programs known to work properly and that have encryption strong enough for your purposes.

Public key private key encryption is usually considered best for such a purpose, because passwords are a weak link, and public key private key encryption doesn't need a password. Something like a plugin for Thunderbird or Clawsmail.

If you want, you can encrypt a text file and send it. The recipient would need to know the password.

Bcrypt in Puppy would work, but it is no longer considered strong encryption. The latest versions of the bcrypt program have encryption disabled and will only decrypt files.

ccrypt or mcrypt are alternatives to bcrypt.

You can also use openssl to encrypt files.

Code: Select all

openssl help

ROT13 is very very weak encryption.
You can mix up the letters so that it works the same way, but the letters would be different from ROT13.
But you would need to have an encryption program and a decryption program, decryption using the same encryption program again would no longer work. It would still be very very weak encryption.


Re: Encrypted Messaging, The Puppy Way?

Posted: Sat Apr 03, 2021 10:30 pm
by mikewalsh
williwaw wrote: Sat Apr 03, 2021 2:09 am
JASpup wrote: Fri Apr 02, 2021 6:37 am

or creating the message as a graphic that would be difficult to OCR.
Considering the possibilities...

http://steghide.sourceforge.net/index.php

@JASpup :-

Along the same lines, there's this:-

Steg

(It's based around what's called 'Steganography', and is the principle of hiding data within the gaps or 'spaces' inside a standard image file...)

I built some packages for 1.0.0.2, a few years ago.....Qt4-based. The current release, 1.1.0.0, was released mid- last year, is now Qt5-based.....and is available as an AppImage, for both 32- and 64-bit. Just download it, make it executable, and click on it to run it. Couldn't be simpler.

Works quite well, too.

I just found the new version an hour or so ago. Currently, I have the 32-bit version running here in Xenialpup 7.5; that's as far as I've got with testing it.

Image

Mike. ;)


Re: Encrypted Messaging, The Puppy Way?

Posted: Sun Apr 04, 2021 10:20 am
by JASpup

I'd trust a popular Linux reader for encryption because hacks would be caught and sharply rebuked.

But there two thwarting dynamics:

a) If I compiled a ROT13 script or custom, I'd know exactly what it is and have control. That's a compelling position.

b) I'm reluctant to compel my message recipient onto a certain reader just to get my message. Trust is high and they'd execute a complied script.

The data encrypted message would come in a password encrypted archive, but the latter alone isn't good enough. I don't want the deciphered file available without deliberate intention.

So say, running the compiled decipher script ends with:

Code: Select all

cat encrypted-file.txt | [decipher command]

the deciphered file is never sitting around on storage media or in someone's mailbox. It's just read on screen output.

I see your point about keys > passwords, but that's new learning/beyond my experience. I'm also trying to understand platform compatibility. Anything I do has to be readable by a non-Linux user on a Mac, Win, or Android device (not all of them, but whatever they're using, probably a Mac).

Seeking a comprehensive picture.

williams2 wrote: Sat Apr 03, 2021 7:38 pm

You normally would use programs known to work properly and that have encryption strong enough for your purposes.

Public key private key encryption is usually considered best for such a purpose, because passwords are a weak link, and public key private key encryption doesn't need a password. Something like a plugin for Thunderbird or Clawsmail.

If you want, you can encrypt a text file and send it. The recipient would need to know the password.

Bcrypt in Puppy would work, but it is no longer considered strong encryption. The latest versions of the bcrypt program have encryption disabled and will only decrypt files.

ccrypt or mcrypt are alternatives to bcrypt.

You can also use openssl to encrypt files.

Code: Select all

openssl help

ROT13 is very very weak encryption.
You can mix up the letters so that it works the same way, but the letters would be different from ROT13.
But you would need to have an encryption program and a decryption program, decryption using the same encryption program again would no longer work. It would still be very very weak encryption.


Re: Encrypted Messaging, The Puppy Way?

Posted: Sun Apr 04, 2021 10:40 am
by JASpup

I understand there is space for data inside an image that can be utilized, but advancing that into encrypted messaging isn't made clear.


Re: Encrypted Messaging, The Puppy Way?

Posted: Sun Apr 04, 2021 9:38 pm
by williams2

I understand there is space for data inside an image that can be utilized, but advancing that into encrypted messaging isn't made clear.

See the post by mikewalsh just above. Steg is a program. You run it, you get a gui window with buttons to click. Point the program to a jpg picture file and a file that you want to hide in the picture (a txt file, or a zip or a tar.gz etc) and it will encrypt and hide the file in the picture file. You or someone that you sent it to, can decrypt and extract it later, using the same program.

You can hide it unencrypted, or using a password that the other person must know, or you can use a person's public key to encrypt it and only that person can decrypt it using their private key. And it can be signed so the person can be certain it came from you.

The steg program will run on Linux or Windows. It is not open source, it is closed source, so anything might be compiled into the program.


Re: Encrypted Messaging, The Puppy Way?

Posted: Sun Apr 04, 2021 9:47 pm
by williams2

You can use public key private key asymetric encryption with a mail program, Thunderbird and clawsmail, for example, have plugins.

You download the other persons public key and configure the mail program to use the other persons public key to automatically encrypt mail that you send him. Only his private key can decrypt it, so only he can see it. it will just look like an ordinary email in his email program, automatically decrypted. And it can be signed which guarantees that it is from you.

There are instant message programs that can work the same way, using public key and private key pairs. You create the keys using a program like pgp (pretty good privacy.)


Re: Encrypted Messaging, The Puppy Way?

Posted: Sun Apr 04, 2021 9:56 pm
by williams2

Here is a simple program to encrypt / decrypt using a one time pad. It is very strong encryption. This is written in Puppy Basic. (Moose On The Loose updated Puppy Basic a while ago.)

Code: Select all

f=FOPEN("msg.in","r")
g=FOPEN("pad1","r")
h=FOPEN("msg.out","w")

WHILE NOT EOF(f)
	a=READBYTE(f)
	b=READBYTE(g)
	c=XORBITS(a,b)
	WRITEBYTE(h,c)
END WHILE

The quality of the encryption depends on the quality of the pad file. It reads a byte at a time from the message file and the pad file, and exclusive or's (xor) the bytes together.

Rufwoof wrote a more practical one time pad programs a while ago.


Re: Encrypted Messaging, The Puppy Way?

Posted: Mon Apr 05, 2021 12:16 am
by JASpup
williams2 wrote: Sun Apr 04, 2021 9:38 pm

See the post by mikewalsh just above. Steg is a program. You run it, you get a gui window with buttons to click. Point the program to a jpg picture file and a file that you want to hide in the picture (a txt file, or a zip or a tar.gz etc) and it will encrypt and hide the file in the picture file. You or someone that you sent it to, can decrypt and extract it later, using the same program.

You can hide it unencrypted, or using a password that the other person must know, or you can use a person's public key to encrypt it and only that person can decrypt it using their private key. And it can be signed so the person can be certain it came from you.

Sounds great on paper.

The steg program will run on Linux or Windows. It is not open source, it is closed source, so anything might be compiled into the program.

Linux compatible Mac? Anything meaning?


Re: Encrypted Messaging, The Puppy Way?

Posted: Mon Apr 05, 2021 12:40 am
by JASpup

Thunderbird runs on OS X so that's a definite possibility to three:

  1. Hiding data in a graphic

  2. Compiling a decipher

  3. Thunderbird PGP

You can imagine my direction:

  • Safe to use

  • Learning curve

  • Recipient cooperation

As advertised any of the three possiblities will be as secure as needed.

williams2 wrote: Sun Apr 04, 2021 9:47 pm

You can use public key private key asymetric encryption with a mail program, Thunderbird and clawsmail, for example, have plugins.

You download the other persons public key and configure the mail program to use the other persons public key to automatically encrypt mail that you send him. Only his private key can decrypt it, so only he can see it. it will just look like an ordinary email in his email program, automatically decrypted. And it can be signed which guarantees that it is from you.

There are instant message programs that can work the same way, using public key and private key pairs. You create the keys using a program like pgp (pretty good privacy.)


Re: Encrypted Messaging, The Puppy Way?

Posted: Mon Apr 05, 2021 1:07 am
by JASpup

Not sure what a pad is.

Looks like something to explore if I were more technical.

Many years ago I took Pascal, COBOL, and dBase in college, but I do not do any coding at all.

User-level functionality and comprehension is key.

If I can password protect any archive with a standard compression tool (.gz, .zip), specific means of more encryption would only apply to the message itself (e.g., ROT13).

Third-person user thinking:

  • JASpup finds a better encryption or decides ROT* is strong enough.

  • He puts the decipher in a script that he learns how to compile so deciphering isn't patently obvious.

  • The message is first encrypted, then added to a password protective archive.

  • The recipient receives links to the deciphering tool & encrypted message separately, to use and read on screen.

This would work, most difficult being finding better than ROT* if necessary and how to compile it.

Otherwise PGP has me curious - what does it do with binary attachments, like images and archives?

There's the persistent issue of ease-of-use on the recipient-side.

williams2 wrote: Sun Apr 04, 2021 9:56 pm

Here is a simple program to encrypt / decrypt using a one time pad. It is very strong encryption. This is written in Puppy Basic. (Moose On The Loose updated Puppy Basic a while ago.)

Code: Select all

f=FOPEN("msg.in","r")
g=FOPEN("pad1","r")
h=FOPEN("msg.out","w")

WHILE NOT EOF(f)
	a=READBYTE(f)
	b=READBYTE(g)
	c=XORBITS(a,b)
	WRITEBYTE(h,c)
END WHILE

The quality of the encryption depends on the quality of the pad file. It reads a byte at a time from the message file and the pad file, and exclusive or's (xor) the bytes together.

Rufwoof wrote a more practical one time pad programs a while ago.


Re: Encrypted Messaging, The Puppy Way?

Posted: Mon Apr 05, 2021 4:06 am
by williams2

Most archive programs like zip can use encryption with a password.
i seem to remember that the zip program in Windows is easy to break.

Most Pups have 7z installed, and if you use the -p password option 7zip uses AES, which is good.
7Zip can be installed in Windows.

Peazip can encrypt using AES and Blowfish and TwoFish etc and can be installed in Linux and Windows (maybe Macs? too.)

Most Pup's have bcrypt installed. It is not as strong encryption as it could be, because it uses 64 bit blocks (as opposed to e.g. 256 bit blocks,) but I don't think it has actually been broken yet. There is a bcrypt.exe program for Windows.

I don't much like COBOL, though Grace Hopper was a brilliant computer scientist.


Re: Encrypted Messaging, The Puppy Way?

Posted: Mon Apr 05, 2021 6:29 am
by Leblance
JASpup wrote: Sat Mar 27, 2021 4:54 am

Still a relative newbie I'm wondering if we have a common way to send encrypted messages (e.g.,gbwhatsappeMail).

Is Enigmail the way?
http://wikka.puppylinux.online/Enigmail

Pidgin with Off-the-Record (O.T.R.) Messaging?

The other side is probably still on a Mac.

http://wikka.puppylinux.online/encryption

In my (limited and generally ignorant) opinion you raise an important point : during an exchange of information such as email, both sides needs to be "in" regarding encryption keys. If only one side uses encryption then the other side can't decrypt the content of the message otherwise anyone could do that and encryption would becomes useless.


Re: Encrypted Messaging, The Puppy Way?

Posted: Mon Apr 05, 2021 12:32 pm
by JASpup

If I wrote a "Hello, World!" script, how would I compile it in Puppy?

The Whiz-Neophyte Bridge challenge is getting the message text itself deciphered by the user, as after the archive file(s) are extracted, you're left with a message that's still in gibberish without a decipher tool, while sharing the script is sharing the key.

We're not exchanging crypto so top security isn't a priority, again to the lay user issues of motive and ability. Someone with the deciphered message could hurt me but not steal anything.

williams2 wrote: Mon Apr 05, 2021 4:06 am

Most Pups have 7z installed, and if you use the -p password option 7zip uses AES, which is good.
7Zip can be installed in Windows.

Peazip can encrypt using AES and Blowfish and TwoFish etc and can be installed in Linux and Windows (maybe Macs? too.)

Most Pup's have bcrypt installed. It is not as strong encryption as it could be, because it uses 64 bit blocks (as opposed to e.g. 256 bit blocks,) but I don't think it has actually been broken yet. There is a bcrypt.exe program for Windows.


Re: Encrypted Messaging, The Puppy Way?

Posted: Mon Apr 05, 2021 12:36 pm
by JASpup
williams2 wrote: Mon Apr 05, 2021 4:06 am

I don't much like COBOL, though Grace Hopper was a brilliant computer scientist.

I loathe COBOL, yet it's still an occupation.

The reason is: I took it just after dBase (SQL compatible itself but overall antiquated) and every COBOL assignment could have been done in dBase more easily.

I think bcrypt etc. is about encrypting lone files (and directories) which isn't the challenge when compression archive encryption is an option.


Re: Encrypted Messaging, The Puppy Way?

Posted: Mon Apr 05, 2021 7:34 pm
by williams2

Linux compatible Mac? Anything meaning?

I seem to remember that there is a Mac version on the download page. But I'm not totally sure.

Considering that the program is about 40MiB, and it is closed source, it could contain any kind of spyware or malware. It might or it might not.

If you want to talk about compiling and scripting, you should start another thread.

An application is software that consists of bit (binary digits, 0 or 1) patterns that the CPU (central processer unit) reads and executes, one after the other.

A compiled language reads text files that consist of what a human would recognize as being more or less understandable instructions made up of words, and converts the human language words that the computer cpu does not understand to the bit pattern instructions that the computer does understand.

Pascal, COBOL,Fortran, C are compiled languages.
Perl, Python, Newlisp, Rexx, Puppy Basic are interpreted languages.

A shell is a program that listens for words that are typed on the keyboard, and converts each line to cpu instructions that the computer can understand.
Puppy's default shell is Bash. Busybox's ash shell is also available.
Bash and ash can do a lot of what an interpreted language can do.

You compile the source of a compiled language to creat an executable program that can be executed later.

You (usually) do not compile a script of an interpreted language. You execute the language's executable, telling it to use that particular script.

An interpreted language might be able to run in interactive mode.
For example, you can start bash by typing "bash", then type in commands one by one.
For example:

Code: Select all

# bash
# echo 'Hello, Puppy.'
Hello, Puppy.
#

You could put the same commands that you can type in an interactive shell in a text file, and execute the commands in the script. (in the Puppy context, script usually means shell script.) For example, you could put the echo command in a text file named hello.sh and execute it like this:

Code: Select all

# cat hello.sh 
echo 'Hello. puppy.'
# bash hello.sh 
Hello. puppy.
#

Re: Encrypted Messaging, The Puppy Way?

Posted: Mon Apr 05, 2021 11:23 pm
by JASpup

Clear insights, but this might too easy.

I sort of and semi-intuitively remember the difference between interpreted and complied languages.

My only reason for seeking a complied utility is for hiding the key.

Setting aside the rigor of the encryption, how can we hide any decipher key in a script so the encryption isn't obvious to the untrained eye?

This needs to be opaque:

Code: Select all

# a=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
# b=NOPQRSTUVWXYZABCDEFGHIJKLMnopqrstuvwxyzabcdefghijklm
williams2 wrote: Mon Apr 05, 2021 7:34 pm

I seem to remember that there is a Mac version on the download page. But I'm not totally sure.

Considering that the program is about 40MiB, and it is closed source, it could contain any kind of spyware or malware. It might or it might not.

If you want to talk about compiling and scripting, you should start another thread.

An application is software that consists of bit (binary digits, 0 or 1) patterns that the CPU (central processer unit) reads and executes, one after the other.

A compiled language reads text files that consist of what a human would recognize as being more or less understandable instructions made up of words, and converts the human language words that the computer cpu does not understand to the bit pattern instructions that the computer does understand.

Pascal, COBOL,Fortran, C are compiled languages.
Perl, Python, Newlisp, Rexx, Puppy Basic are interpreted languages.

A shell is a program that listens for words that are typed on the keyboard, and converts each line to cpu instructions that the computer can understand.
Puppy's default shell is Bash. Busybox's ash shell is also available.
Bash and ash can do a lot of what an interpreted language can do.

You compile the source of a compiled language to creat an executable program that can be executed later.

You (usually) do not compile a script of an interpreted language. You execute the language's executable, telling it to use that particular script.

An interpreted language might be able to run in interactive mode.
For example, you can start bash by typing "bash", then type in commands one by one.
For example:

Code: Select all

# bash
# echo 'Hello, Puppy.'
Hello, Puppy.
#

You could put the same commands that you can type in an interactive shell in a text file, and execute the commands in the script. (in the Puppy context, script usually means shell script.) For example, you could put the echo command in a text file named hello.sh and execute it like this:

Code: Select all

# cat hello.sh 
echo 'Hello. puppy.'
# bash hello.sh 
Hello. puppy.
#