[EXT] CryptoData

Announce and Discuss the Latest Theme and Extension Releases.
pag77
Posts: 1642
Joined: December 26th, 2013, 10:46 pm

Re: [EXT] CryptoData

Post by pag77 »

yes, thank you for your suggestion
please wait new version :)
sojourner312
Posts: 1
Joined: June 25th, 2017, 7:33 am

Re: [EXT] CryptoData

Post by sojourner312 »

I have been playing with cryptodata for a while now and for cut/paste text it works fine. However, you talk about encrypting an entire web site and actually show a couple of example pages. How did you encrypt them? I have not had any success with any of the php or javascript implementations you point to. Can you please walk through an example of encrypting a file. For example the image.png file at http://www.s3blog.org/crypto-data/aes-ctr/image.png Since I have some data on an aws instance I am really interested in being able to encrypt all the data out there and use cryptodata to view it.
Thanks
VLMin
Posts: 67
Joined: April 14th, 2006, 7:15 pm

Re: [EXT] CryptoData

Post by VLMin »

I have the same request, please.
pag77
Posts: 1642
Joined: December 26th, 2013, 10:46 pm

Re: [EXT] CryptoData

Post by pag77 »

sojourner312 wrote:I have been playing with cryptodata for a while now and for cut/paste text it works fine. However, you talk about encrypting an entire web site and actually show a couple of example pages. How did you encrypt them? I have not had any success with any of the php or javascript implementations you point to. Can you please walk through an example of encrypting a file. For example the image.png file at http://www.s3blog.org/crypto-data/aes-ctr/image.png Since I have some data on an aws instance I am really interested in being able to encrypt all the data out there and use cryptodata to view it.
Thanks
This solution is for webmasters only.
If you own any web server and can make a change to php, perl or other executable files - then you can encrypt both the entire site as a whole and its individual elements

Example:
http://www.s3blog.org/crypto-data.html

I'll show examples for Perl, because I know more about it, but for php the same situation.
Before using need install from cpan Crypt::AES::CTR and Digest::MD5

This code encrypts the text 'Hello World!':

Code: Select all

#!/usr/bin/perl -w
use strict;
use Crypt::AES::CTR;
use Digest::MD5 qw(md5_hex);

print "Content-Type: text/html; charset=utf-8\r\n";
print "Cache-Control: no-store, no-cache, must-revalidate\r\n";
print "Pragma: no-cache\r\n\r\n";

my $key = 's3blogtest';
my $text = 'Hello World!';
my $crypt_text = Crypt::AES::CTR::encrypt($text, $key, 256);

my $md5 = substr(md5_hex($text), 0, 4);
$md5 = uc($md5);

print 'S3CRYPT:BEGIN:AESCTR:' . $md5 . ':' . $crypt_text . ':END';
exit 0;
But you can change 'Hello World!' to the html-page and encrypt it:

Code: Select all

my $text = '<html><body><b>Hello World!</b></body></html>';
If you use "HTML::Template":

Code: Select all

.....
my $tpl = HTML::Template->new(
	filename => 'test.html', 
	die_on_bad_params => 0, 
	loop_context_vars => 1,
	global_vars => 1,
);
$tpl->param( { your_data=> 'abcdefgh' } );
my $text = $tpl->output();
.....
my $crypt_text = Crypt::AES::CTR::encrypt($text, $key, 256);
.....
Encrypt image/(or other any file):
you can try 2 way:
----
way 1: dynamic
example link: http://your.site/image.crypt.cgi (or image.crypt.php , or image.crypt.pl, or etc...)
----
in your nginx or apache (or other web-server system) set execution script image.crypt.cgi and add this code to main code:

Code: Select all

...
open(F, 'image.png');
my $text = join('', <F>);
close F;
.....
my $crypt_text = Crypt::AES::CTR::encrypt($text, $key, 256);
.....
----
way 2: permanently
example link: http://your.site/image.crypt.txt
----
Pre-encrypt your images and save them in separate text files (for test you can create file-crypt-code using this page(only for RC4): http://www.s3blog.org/crypto-data/cipher/file.html)
example from s3blog: http://s3blog.org/files/others/s3crypt/ ... es_ctr.txt
Use this link in your html:

Code: Select all

<img src="http://s3blog.org/files/others/s3crypt/s3crypt_image_aes_ctr.txt">
If you use CryptoData and use key "s3blogtest" and in settings->encryption of web-site add domain "s3blog.org" then you can see the picture :)

Code: Select all

[img]http://s3blog.org/files/others/s3crypt/s3crypt_image_aes_ctr.txt[/img]
Image
smorgasb
Posts: 2
Joined: September 9th, 2017, 7:34 pm

Re: [EXT] CryptoData

Post by smorgasb »

How does CryptoData identify which of multiple stored keys is the one to attempt to use for a given encryption stream? I tried to use it with a friend, and we immediately ran into a strange issue. I have her stored as:
description: myfriend key:whatever

She has me stored as:
description: smorgasb key:whatever

So our descriptions are different, but our keys match identically. She encrypted a message for me and I attempted to decrypt. CryptoData challenges me that the key was not found. The only way I could get it to work was by creating an entry identical to hers, so I end up with the same key twice:

description: myfriend key:whatever
description: smorgasb key:whatever

Are you using the description field to locate the key? Why would I have to create an entry with an identical description to the one she had?
pag77
Posts: 1642
Joined: December 26th, 2013, 10:46 pm

Re: [EXT] CryptoData

Post by pag77 »

The key name does not affect the password!
For example:
key name: smorgasb
key value: yutfy%hgfh

Please copy key value without spaces and set another key name and decrypt this text:
S3CRYPT:BEGIN:AESCTR:5346:TgLCoULDiSvCtlnDjMOGw4nCkxbCmMO9Y3vCicKwwoXChmPDsc
OPwrHDnlzCsyzCvcK0Pk3CjsKSCcO9wq5Bw4rDtA3Cv8OabcOP
F8KkLQwEw5vDuMOuMn4dw5gHecO7w7LCuTs=:END
smorgasb
Posts: 2
Joined: September 9th, 2017, 7:34 pm

Re: [EXT] CryptoData

Post by smorgasb »

pag77 wrote:The key name does not affect the password!
For example:
key name: smorgasb
key value: yutfy%hgfh

Please copy key value without spaces and set another key name and decrypt this text:
S3CRYPT:BEGIN:AESCTR:5346:TgLCoULDiSvCtlnDjMOGw4nCkxbCmMO9Y3vCicKwwoXChmPDsc
OPwrHDnlzCsyzCvcK0Pk3CjsKSCcO9wq5Bw4rDtA3Cv8OabcOP
F8KkLQwEw5vDuMOuMn4dw5gHecO7w7LCuTs=:END
I am able to decrypt this message without a problem.

So what is your theory about why CryptoData was unable to handle the first encrypted message from my correspondent? I definitely checked for embedded spaces including at the end of the key string.

And is it correct to deduce from all of this that your software is using some kind of brute-force decoding method and trying out all of the available keys until it locates one that works to decode the message?
pag77
Posts: 1642
Joined: December 26th, 2013, 10:46 pm

Re: [EXT] CryptoData

Post by pag77 »

smorgasb wrote:So what is your theory about why CryptoData was unable to handle the first encrypted message from my correspondent?
I do not know.
Please, send me: your key name, key value, encrypted text
smorgasb wrote:And is it correct to deduce from all of this that your software is using some kind of brute-force decoding method and trying out all of the available keys until it locates one that works to decode the message?
S3CRYPT:BEGIN:<encryption method>:<check sum>:<encrypted text>:END
The program checks all the keys one by one until the checksum matches the decryption of the text
pag77
Posts: 1642
Joined: December 26th, 2013, 10:46 pm

Re: [EXT] CryptoData

Post by pag77 »

version 3.5
Firefox: https://addons.mozilla.org/addon/crypto-data/
Chrome: https://chrome.google.com/webstore/deta ... cadfghkjjh

changes:
added: Korean locale (thanks VenusGirl)
fixed: minor bug fixes
migliutin
Posts: 1
Joined: October 29th, 2018, 5:03 am

Re: [EXT] CryptoData

Post by migliutin »

Thank you very much for the really needed (and appreciated) addon!

If I may, though, I'd like to point out some issues.

1.on FF 61.0.2 (64 bit) on GNU/Linux Ubuntu 18.04 (Bionic) the input window is completely blank at startup. Inserting text is possible only after having dragged one of the corners — that's really uncomfortable.

2.in order to be able to start typing right away, the cursor should autofocus in the input box at startup.

3.if no password has been saved, clicking on "Ecrypt" should automatically open the password input box, whithout need to click on "Enter a temporary key".

4.in order to be accessible on smartphones as well, both the addon and the website http://www.s3blog.org/crypto-data/cipher.html should be responsive.

5.on large screens the font is too small; it would be nice if the font size were adjustable — or at least a bit bigger.

6.please consider using a github/gitlab project for supporting the addon development; that would make easier analyzing the source code, as well as collaborating, opening issues and forking.
mgagnonlv
Posts: 848
Joined: February 12th, 2005, 8:33 pm

Re: [EXT] CryptoData

Post by mgagnonlv »

A quick word to the developer. If you want this extension to be readily available to Thunderbird and Seamonkey users, you should upload it also to https://addons.thunderbird.net

Likewise, Pale Moon users would need to find an older version there or on the Addons archive project, as Mozilla has dumped everything that worked with FF < 56.
Michel Gagnon
Montréal (Québec, Canada)
Lodhar
New Member
Posts: 1
Joined: December 12th, 2016, 7:17 am

Re: [EXT] CryptoData

Post by Lodhar »

Hi everyone,

I am trying to encrypt sentence in Bash with openssl that I can decrypt with CryptoData. No success so far.
With CryptoData, I encrypt "Secret phrase" with "password" to get

Code: Select all

S3CRYPT:BEGIN:AESCTR:5EE4:NgLDpMOyHTnDmV8ew6vDiMKKw4tdDy7DhEzCkETCjg==:END
With OpenSSL, these are the command :

Code: Select all

# Secret phrase with password
echo "Secret phrase" | openssl enc -e -aes-256-ctr -pbkdf2 | openssl enc -e -base64
echo "U2FsdGVkX18Vqv1Ptba2tKxT2DbgM9SgbTkLHohQ" | openssl enc -d -base64 | openssl enc -d -aes-256-ctr -pbkdf2
echo "Secret phrase" | openssl dgst -md5 
But it does not correspond when I paste the encrypted phrase and the md5 in a S3CRYPT model. I think the base64 encoding is different. Is it possible?
And the MD5 is definitly different (CryptoData: 5EE4 and openssl: 1937). The Perl code even show 5F4D for the md5.
How is that possible? What did I missed? Can you give me more informations about all that? ](*,)

Thanks,
Lodhar
Post Reply