The Crypto Bone - A User's View
Imagine two people - let's call them Bob and Alice - meet at St. Stephen's Green in the heart of Dublin and settle down on a bench near the duck pond. They pass the time discussing plans for the new year and talk about projects they are working on at the moment. Bob is from Boston and has been on his Christmas vacation, he's about to leave Dublin very soon.
Before they part, Alice slips a small piece of paper into Bob's hand, with a sequence of numbers and letters (40 in total) written on it. Bob records Alice's email address on the piece of paper. "Here's a secret, you may find useful, when you're back in Boston", Alice said, and they part.
After a while, back in Boston, Bob receives an email from Alice."Hi Bob,
hope you're well. I have to tell you something confidential. I really need your advice on the matter. We cannot discuss this using ordinary email, as this is not secure. Please check out, if the Gnu Privacy Guard is installed on your computer. When you are going to send me an email save it in a file and open a terminal window. Now type the following:
gpg -ca --cipher-algo AES name-of-your-message-file
You are asked for a passphrase, please type the numbers and letters I gave to you on the piece of paper in Dublin. Now you have a file that ends in .asc, send this to me and destroy your message file.
Bob didn't understand the AES thing, Alice had mentioned, but he managed to get this crazy file that Alice had asked for, and sent it to Alice. He knows that it'd be important to go to the trouble of doing what Alice had asked for, but he really didn't know what comes next.
Next came a reply from Alice, another crazy file with the recipe how to handle it. It read:Hi Bob,
thanks for the confidential message, you've sent me. I have prepared my confidential reply for you in the same way. In order to be able to read my message you have to save it to a file that you put into the gpg program for decryption. When asked for a passphrase, use the numbers and letters from the piece of paper I gave you in Dublin, again. Type the following and look at the result.
gpg --output cleartextfile name-of-my-email-message-file
You may have noticed, that my message contains a new secret in the last line, please use this new secret to scramble your reply to me.
And please construct a secret of your own that you append to your reply before you scramble it. This way I can be sure I got the message from you and I can use your new secret to scramble my follow up message that I will sent back. Please make sure, you send a new secret with each of your messages to me.
Hoping to hear from you soon,
The Main Story
What Alice and Bob do "by hand" is the form of secure communication that the Crypto Bone helps to establish. And it would take the pain out of this secure message exchange. As you might suspect, in practice there are quite a number of shortcomings and pitfalls that can turn this process into an insecure excercise.
For instance, Bob can accidentally send his plain text message instead of the encrypted file, these things happen, and an inexperienced Bob will make this mistake, eventually. Then Bob might forget to delete plain text messages he has read, or he might save them unencrypted for later use. It is very likely that he gets confused with the keys, because he always has to know which key Alice had sent in her last message. All older keys are irrelevant now, except the last one. So Bob might not even know which message was the last one.
Bob might simply forget to attach a new message key to his email, interrupting the flow of messages between Alice and himself.
If that wasn't enough, Bob will certainly not be the best source of a random secret. The key he will invent out of thin air, might not be as random as he thinks it is, so Bob risks encryption with a weak key. And finally there is the need to store multiple keys unencrypted for later use. How would Bob manage to save these large key database? Chances are, he will save it unencrypted to his computer's hard disk.
Now imagine the Crypto Bone helping Bob to do all this in a secure way!
From the user's point of view, the Crypto Bone must make sure:
- that it is impossible to sent an unencrypted message out,
- that only encrypted messages are processed and all other messages are dismissed reliably,
- that all outgoing messages contain a strong randomly selected message key before they are encrypted,
- that all message keys are stored encrypted and are updated frequently when new messages arrive, that can be decrypted.
- that Bob remains in control of the process, as he can reset a key or provide an initial secret he has got from someone he knows.
- and that Bob can operate sending and reading of his messages over a reliably secure encrypted tunnel to the External Crypto Bone, that only he can use.
While the Crypto Bone helps Bob to maintain secure communication, it won't take away his control over the process. The Crypto Bone will show the encrypted message it sends out and will only use secrets that Bob has entered via the cryptobone control program for a contact email address, provided the key is long enough to be sedure. So these first steps are always under Bob's control and the Crypto Bone indicates that encryption has been done, it doesn't make this crucial task transparent.
In addition, Bob will always be able to reset a key for a correspondent, if he is convinced that continuing the conversation is no longer safe, for whatever reason Bob has to believe. He is in control, nobody else.
If you wish to dive deeper into the inner workings of the Crypto Bone, there is a detailed explanation from a technical point of view available.