AuthorTopic: How to do End-to-End Encryption using GPG4USB (Part 3)  (Read 1150 times)

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3751
    • View Profile
    • https://palloy.wordpress.com
How to do End-to-End Encryption using GPG4USB (Part 3)
« on: November 22, 2015, 05:51:36 PM »
How to do End-to-End Encryption using GPG4USB (Part 3)

by Palloy

Part 1 described how to use the basic functions of GPG4USB, and Part 2 covered some extra features, including Steganography, which in GPG4USB is simply removing the unnecessary headers (unnecessary if the recipient knows it is a PGP message).

More on steganography

    -----BEGIN PGP MESSAGE-----
    Version: GnuPG v1


    hQIMA6CgwqjLuumyAQ/+KiG90ofeGbJVCcxak31XrWlsYOmylAaGqC6SHDu1eXmh
    Ox6fnY2Gej+vNcUBthusWvuFVaMoU8hM4XVIJUYWe040u/DmDjI7exdQk4zd4qXm
    62Q6k0mGoXJHg5dGRnXgk5ZyFb0DBIyFQw0uFqsu3l97dwmirmsTNmtbCbnVmcQ3
    w5wAa4L9M9HD/I7PbgPKWnajZHQTMB3Aq4WYhSNVeKsOV9EoAvSd9MHABjYeWWn5
    GrMSnZgDN+EzIRvBQai2+7gXeBjdj/vlFJaQfP9oGjFTkqdDLaiUJMXGJ60hmTme
    FJIoj6G0eIyvmAF19PVal7bA1amovgkNKnNkLluZ75ivsBbMrtT0Rrvr/LNnwqat
    9LrGnurGBFaXunPwnn1U/VR1rpXrJtrCZcYElQRme3eoqHOe6PYINxB4/M9EYI7j
    8IbZtF5P3sHfIH5HG0T41ZeQOuu8p9h+jgsT6vD0gHj47hloG0TIqIIUoF30no/m
    9y1ygDiViPrZ+2S5injimU7IY08Nm3DKRFMwOuqdpCXeZLPj8FvdzXJGLn2N+YWs
    kedUjW5sdjiFT+47RfT4Vn3GqS02kN0mu1s1XD2yRvJjSzYhlzvB4/qJwQFoC+4y
    fF2KDfndCWHJMgEhYDRz+emNSZNW0rE5WH1FtN/caqMzg5b4l640ph2/tAxGFvTS
    UwFKV38ZFskhhXMtAdrMaiL7/PYizpRVRgjEFY0T9yBmV8OZabFcTs8qZChgEN3a
    W/RhEvHEHeqwcC41QbwXG55iaDGAzrsu5wTTNCuzBRI7OT2j
    =HFU6
    -----END PGP MESSAGE-----

Now if you look at a PGP message, you will notice that after the headers have been removed, the last line always starts with "=" followed by 4 characters. This is a checksum and is vital to detect damaged messages. Apart from that character, all the other characters come from the set {A-Z, a-z, 0-9, /, +}, 64 in all. This is called the base64 set, and any chunk of data can be converted into base64 by bit manipulation.

From this, you could guess (and you would be right) that the result of PGP encryption is actually a string of bytes (base256 or ASCII), that are then converted to base64 to ensure they are readable, printable and copy-pasteable by all computers. This is called ASCII-armouring.

You can also prove to yourself by experiment that the line breaks don't matter, and are only there to make things look more friendly.

I won't show you the base256 data for the above string, because it won't print nicely, but it is "real" all the same. It is that base256 string that we really want to be working with.

Remember that the whole point of steganography is to disguise the fact that you are sending encryption messages. So we want to look like we are sending something innocent, like the picture of a cat, or an MP3 audio file of the family singing "Happy Birthday, dear Johnnie", so the file has to contain a genuine image or audio, but contained within in is the PGP message.

So without further ado, here is the photo of my cat, Petal, first the original, and second the altered one containing the PGP message above.





I'm sure you will agree that the image hasn't been degraded because of the alterations. It has in fact got about 1.5% bigger in file size, but you would never know it if you didn't have the original.

You see there is so much detail in a computer image, that there is more than the human eye can detect. That redundancy of information is used to embed the message into the file, without you being able to see it.

OK, that embedding process was done using an app called steg (runs on Windows, Mac and Linux).
Download from https://steg.drupalgardens.com/stegdownload, virus check it, and install it.

What we want is for GPG4USB to do it for us automatically, but there I'm afraid we will have to wait for a new improved version to come along.

In the meantime, the sending process now becomes:
1. type your plain text into GPG4USB
2. check the recipients's Public Key checkboxes
3. Encrypt
4. Save the ecrypted message as a file, say "gpg.txt"
5. Run steg
6. File > Open > choose your image file
7. Click on Hide data button and select "gpg.txt"
8. Click on Save button and choose a name for your output file
9. Delete the file "gpg.txt"
10. Send your new image as an email attachment, or whatever

The receiving process is (and you can try this on the second cat image):
1. Save the image from your email attachment (or from this web page) to somewhere handy
2. Run steg
3. File > Open > choose the image file
4. Click the Extract button, choose a folder to receive the output
5. In GPG4USB, open the file "gpg.txt"
6. Decrypt (this will fail for you because the PGP message was only encrypted for me)

Yes, it's a bit long-winded, but just think of the security!

« Last Edit: November 22, 2015, 06:15:20 PM by Palloy »
The State is a body of armed men

Offline RE

  • Administrator
  • Chief Cook & Bottlewasher
  • *****
  • Posts: 42050
    • View Profile
Re: How to do End-to-End Encryption using GPG4USB (Part 3)
« Reply #1 on: November 22, 2015, 06:00:22 PM »
This enables us to embed an encrypted text message beneath a picture, but can we use GPG4USB to encrypt the picture itself?  If so how and what is the proceedure?

RE
Save As Many As You Can

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3751
    • View Profile
    • https://palloy.wordpress.com
Re: How to do End-to-End Encryption using GPG4USB (Part 3)
« Reply #2 on: November 22, 2015, 06:19:59 PM »
In GPG4USB click on the File button, and Encrypt File.  This opens a window where you can select the input file (ANY file), and the output file, and the Recipients.
The State is a body of armed men

 

Related Topics

  Subject / Started by Replies Last post
10 Replies
2529 Views
Last post June 06, 2017, 01:54:29 AM
by Palloy
7 Replies
2385 Views
Last post November 22, 2015, 06:12:37 PM
by Palloy
0 Replies
249 Views
Last post October 03, 2019, 02:10:38 PM
by RE