Wardrobe
/
PeterDocs
mirror of https://github.com/meerkat-manor/PeterDocs.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity
PeterDocs/Docs/Encryption.md

3.1 KiB
Raw Blame History

Encryption

One of the three primary objectives for the PeterDocs design is to protect the data being transferred. This objective is met by using 7ZIP archive encryption including file names.

If the 7ZIP file were to be viewed without the password, the file names and folders would be illegible. Therefore content metadata leakage is addressed.

There are two options for encryption:

  1. Using a complex symmetric key
  2. Using an asymmetric key as that provided by the Microsoft certmgr

SecretKey

The PeterDocs parameter labelled SecretKey is used for symmetric key encryption. The secret (or password) needs to be complex and at least 10 characters long.

The complex secret needs to contain lower case letter, upper case letter, numeric digit and special symbol.

The secret is used directly on the 7ZIP compresison and you can use the secret to decrypt the archive file and check its contents.

Make a note of the secret as you will need it to decrypt the contents.

If you are transferring the archive to another person please send the secret to your recipient via an alternate channel to that of the archive file itself.

RecipientKey

The PeterDocs parameter labelled RecipientKey is used for asymmetric keys provided by the Microsft Certificate Manager for encrypting content.

This is the most secure method for transfer as it is secured with the certficates. Using certificates requires:

  1. your recipient to send you their public certificate
  2. you to load the public certificate into your Windows Certificate Manager
  3. you to specify the key name as the value for the RecipientKey

Once the archive is encrypted you will not be able to decrypt and view its contents. Only the recipient with the private key can decrypt the contents.

The recipient will need to receive the archive file plus the .key file generated by PeterDocs. Both files must be accessible to the recipient for decryptingg the contents.

Internal process

Internally the PeterDocs process generates a long random password which is saved into the .key file which is encrypted using the recipients public key.

The reason for doing this process is because there are technical limitations in encrypting large files using the certficate public keys. The maximum size is around 60MB when using public keys.

Generating your Certificate

You as a recipient can generate your own key by using Microsoft Certificate Manager or executing the below PowerShell command.

    New-SelfSignedCertificate -Subject "CN=PeterDocs" -FriendlyName "PeterDocs"  -KeyDescription "Encryption key for PeterDocs data encipherment" -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsage KeyEncipherment,DataEncipherment, KeyAgreement -Type DocumentEncryptionCert

To list your current certficates use the below PowerShell command.

   Get-Childitem -Path "Cert:\CurrentUser\My" -DocumentEncryptionCert

Exporting your Certificate

You will need to export your public key and send it to the person who will generate the archive file for you. That person with your public key will need to import your public key.