How do I encrypt files in the cloud
Some time ago, while reading a hubr, I came across an article in which the author talks about the need to encrypt files uploaded to the cloud. Being the one who dislikes the mere thought that the “uncle” that provides the cloud storage service has the ability to use my files at its discretion, I began to think about encrypting them. The fact that the cloud is provided free of charge prompted these thoughts. Of course, using an archive with a password was a terribly inconvenient decision when it came to the large number of downloaded files. For a long time it was just for this purpose that I created a special utility for myself, and now, if I had raised a question, I decided to tell about it.
At the very beginning of using cloud storage, I wanted to use simple XOR encryption. The implementation of this algorithm is not of any complexity (Friedman A., Klander L. et al .: “C / C ++. Archive of programs” - M.: Publishing House BINOM, 2001 - 640s.) no serious calculations are needed. However, this encryption method has only one plus - it is relatively fast to execute. At the output, we have a file whose contents will scare off only a layman. XOR encryption does not provide as much protection as it might seem at first glance. Firstly, if you have fun encrypting a lot of files with one key, then an evil uncle needs to get at least one original of one of the files in this series somewhere to open the key and just as fun to decrypt the entire series of files:
Key = 01101001
Text = 10010001
Encoded = 01101001 ^ 10010001 = 11111000
Key = Encoded ^ Text = 11111000 ^ 10010001 = 01101001
On the other hand, the algorithm has too simple a mathematical description, therefore, you can open the key without having the original file, which is written about for example here .
In this regard, we will not use this feature, but I will post a link to the source for the sake of completeness. One of the simplest and fairly cryptographic algorithms is the AES-256 standard. There was a lot of controversy around him, but in the United States he was allowed to encrypt information related to state secrets (see Wikipedia archive), today there is no way to successfully attack this algorithm in a reasonable amount of time. One kind person has already worked on the software implementation of this algorithm and allowed to freely use their own developments ( developer's site ). It was advisable to use this solution. Utility sources:
github.com/asu2010/crypt - XOR-encoder / decoder
github.com/asu2010/crypt_AES-256 - AES-256 - encoder / decoder
Both programs are console (of course) and are made for Windows. The programs have a default key created by the password generator program. It is stored in DEFAULT_KEY macros, which makes it easy to change. For ease of use, I named the executable file of the program “crypt ++. Exe” and added the path to this file to the PATH environment variable. The default key encryption from CMD is as follows:
Decryption:
If you need to use a different key, you can specify it after the enc / dec parameter:
Perhaps this tool is not very convenient, but not hopeless. Let's write a small bat nickname:
Now we can encrypt the array of files in some folder, deleting the originals. To decrypt files in the same way, we will write a similar command line in which our crypt ++ will be called with the dec parameter. In these commanders, you can specify a password that you do not need to remember. The path to this batch file can also be specified in the PATH variable and it will be more convenient to use the utility for a large number of files. Now, in fairness, I’ll tell you about unpleasant moments.
The first three problems can be completely solved if a strong desire appears.
These tools weredeveloped carelessly coded for two days for personal use. I’ve been using it for almost a year now and don’t feel any particular inconvenience.
At the very beginning of using cloud storage, I wanted to use simple XOR encryption. The implementation of this algorithm is not of any complexity (Friedman A., Klander L. et al .: “C / C ++. Archive of programs” - M.: Publishing House BINOM, 2001 - 640s.) no serious calculations are needed. However, this encryption method has only one plus - it is relatively fast to execute. At the output, we have a file whose contents will scare off only a layman. XOR encryption does not provide as much protection as it might seem at first glance. Firstly, if you have fun encrypting a lot of files with one key, then an evil uncle needs to get at least one original of one of the files in this series somewhere to open the key and just as fun to decrypt the entire series of files:
Key = 01101001
Text = 10010001
Encoded = 01101001 ^ 10010001 = 11111000
Key = Encoded ^ Text = 11111000 ^ 10010001 = 01101001
On the other hand, the algorithm has too simple a mathematical description, therefore, you can open the key without having the original file, which is written about for example here .
In this regard, we will not use this feature, but I will post a link to the source for the sake of completeness. One of the simplest and fairly cryptographic algorithms is the AES-256 standard. There was a lot of controversy around him, but in the United States he was allowed to encrypt information related to state secrets (see Wikipedia archive), today there is no way to successfully attack this algorithm in a reasonable amount of time. One kind person has already worked on the software implementation of this algorithm and allowed to freely use their own developments ( developer's site ). It was advisable to use this solution. Utility sources:
github.com/asu2010/crypt - XOR-encoder / decoder
github.com/asu2010/crypt_AES-256 - AES-256 - encoder / decoder
Both programs are console (of course) and are made for Windows. The programs have a default key created by the password generator program. It is stored in DEFAULT_KEY macros, which makes it easy to change. For ease of use, I named the executable file of the program “crypt ++. Exe” and added the path to this file to the PATH environment variable. The default key encryption from CMD is as follows:
>crypt++ example.jpg enc
Decryption:
>crypt++ enc_example.jpg dec
If you need to use a different key, you can specify it after the enc / dec parameter:
>crypt++ photo.jpg enc Ajk45BZ972pr
Perhaps this tool is not very convenient, but not hopeless. Let's write a small bat nickname:
@echo off
echo Все файлы в папке после шифрования/дешифрования будут удалены
echo Путь к папке с файлами:
set /P FoldPath=
cd %FoldPath%
for /f %%i in ('dir %FoldPath%\*.* /b') do (
crypt++ "%%i" enc
del "%%i"
)
Now we can encrypt the array of files in some folder, deleting the originals. To decrypt files in the same way, we will write a similar command line in which our crypt ++ will be called with the dec parameter. In these commanders, you can specify a password that you do not need to remember. The path to this batch file can also be specified in the PATH variable and it will be more convenient to use the utility for a large number of files. Now, in fairness, I’ll tell you about unpleasant moments.
- In AES-256, files are encrypted in blocks of 16 bytes and the size of the encrypted file is always a multiple of this number. If the number of bytes in your source file is not a multiple of 16, then bytes with a NUL value will be appended to the end in the decrypted file. Although this is not a file corruption. This applies only to a utility using AES-256.
- An encryptor / decoder for mobile gadgets has not been implemented. When downloading files to another PC from the cloud, you need to decrypt them.
- The proposed bat nickname is not able to be recursively called for subdirectories of the specified folder. In addition, file names in the destination folder must not contain spaces.
- AES-256 encryption is very slow. On my Celeron, the encryption speed was approximately 40 kb / s. But it is unlikely that on a more powerful machine you can get any satisfactory figure.
The first three problems can be completely solved if a strong desire appears.
These tools were