If you were going to send a file, encrypted with a passphrase, to three users: one on a Mac, one on Linux and one on Windows... what would you use?
(For sake of argument, do not say PGP.)
How tragic is it that the LibreOffice and OpenDocument folks invented their own scheme for encrypting the contents of ZIP archives... instead of fixing the ZIP toolchain itself to support proper encryption.
Oh good, my brief manic obsession with encryption file formats has passed.
I was totally reaching for the editor to teach both Python's zip module and the Info-zip code how to do AES encryption properly.
Which would like, totally be worth doing. But really I don't need another project.
Do you? It'd be awesome...
@HerraBRE Do they have Signal on their desktops? Otherwise Firefox send.
@HerraBRE link to download from my Nextcloud instance, password shared via some other channel (email link, password via chat or similar)
@HerraBRE zip ^^
@pl This would officially be the Best Answer, if only the encryption didn't suck.
AFAICT, the AES encryption extension hasn't been implemented in the zip/unzip available on Linux.
The man pages all warn that the encryption is crap and we should ... use PGP.
@HerraBRE I'm so sorry
@HerraBRE add that it's a file over 12GB and now you also end up in filesystem support nightmare
@HerraBRE symmetric encryption is mostly easy in Python. There is lovely 'cryptography' module, with API that takes keys, some bytes ans encrypts them properly (works on bytes objects so in RAM I think)
Doing more complicated stuff is also more or less straightforward.
I tried doing this in C and C++, and it was awful (for different reasons though).
@jacek Yeah, I suspect the Python implementation would be pretty easy.
C is always trickier.
@HerraBRE the easiest way is probably Keybase now.
@Keltounet Keybase was at least paying lip service to being PGP... and mostly I'm fishing for tools people to install (or have already), not services people can sign up for.
But I didn't specify that clearly, so thank you for your input. 😄
@HerraBRE not sure there is a simple answer to your question. There are tools floating around, either proprietary or open source that will do that, even cross-platform but things like key distribution & secure encryption are still hard things to tackle in all cases.
Interested in seeing a summary of your answers BTW (as we used to say on Usenet) :)
@HerraBRE BTW the real answer (or question) should probably more in the lines of "what is your threat model (aka who is it you want to protect that information from?" before asking what you want to do.
@Keltounet My tl;dr takeaway so far, is "centralized cloud services or 7zip, depending on which is a better fit."
Turns out 7zip LGPL'ed their core library, so they're widely supported and there are many implementations on all platforms.
And their crypto is, modulo implementation bugs, quite acceptable.
@jacek Do you have links where I can read more about this?
There are quite a lot of highly ranked posts on Hacker News when you search 7zip.
@jacek Thank you! I realized after posting that I should have just Googled... and did so.
According to this blog post, the time between discovery, report and a fix being released was IMO quite reasonable: https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
This does not seem like a huge red flag against the software, although for certain threat models the attack surface is probably unacceptably large. It's a complex tool.
That depends on what the file is, and how secure it needs to be at rest, I think.
In transit, I'd use onionshare, and I'd share the onionshare link over deltachat/autocrypt email (this is a thing I do regularly.)
I don't really do at rest encryption of individual files often, but if I do, I'll use GPG (which is disqualified here) or 7zip.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!