[Cryptography] Best/simplest document encryption

Henry Baker hbaker1 at pipeline.com
Fri Mar 22 10:06:53 EDT 2019 

At 06:13 PM 3/21/2019, Yoav O Yerushalmi wrote:
>Have you looked at existing tool/systems like hush mail or protonMail ?
>
>> On Mar 21, 2019, at 1:54 PM, Henry Baker <hbaker1 at pipeline.com> wrote:
>> Hi all:
>> 
>> Here's the most basic crypto question of all:
>> 
>> What is the best (most secure & easiest to
>> use) system for *non-crypto* people to use
>> who have different platforms?
>> 
>> I.e., there are *senders* and *receivers*:
>> 
>> Senders can encrypt & send from a number of
>> different platforms: Windows, MacOs, Linux,
>> iPhone, Android.  Document can be anything
>> from a text file to a (small) movie.
>> 
>> Receivers can decrypt & receive on the
>> same platforms.
>> 
>> I don't trust Chrome or Firefox to do the
>> encryption/decryption, but I'm happy to let
>> them do the transmission of the encrypted
>> document.
>> 
>> I would love to use an open source system
>> if one exists, and I'd love to be able to
>> do a *reproducible build* of such a system.
>> 
>> For this purpose, I'm primarily interested
>> in commercial secrets, but these secrets
>> could conceivably be worth > $1 million.
>> 
>> Obviously, I can't control what happens if
>> either the sender's or receiver's platform
>> is compromised, but I would like to force
>> the sender & receiver to actually type in
>> a password/passphrase that they can exchange
>> via a 2FA (e.g., a phone call).
>> 
>> For this particular application, a symmetric
>> key system might be adequate.
>> 
>> It might be a good thing if the encryption
>> program kept a history list of salted hashed
>> passphrases to make sure that the user never
>> used any of these again.

I particularly didn't want encryption that was
built into anything else, because that greatly
expands the vulnerability surface.  You also
then have to trust that someone who's good at
this other application will be good at
encryption, and we know that's *never* the
case.

In particular, I didn't want encryption built into:

* email
* browsers
* compression (e.g., 'zip')
* pdf

I just want high quality document encryption/decryption,
period.

I was thinking more along the lines of some
GUI on top of OpenSSL, or other high quality
encryption package.

More information about the cryptography mailing list