Sunday, January 08, 2017

 

[Draft] Download to Ciphered File -- Tool Not Found

"Cloud storage" --redundant (or not) -- has become popular over the past five or more years. This provides a certain workstation independence, access to one's data from any connected device (phone, PC, television set), continuity if one loses one's phone, tablet, computer. But it also provides vast collections of information one would like to keep private, and others might like to copy or take hostage, stored "somewhere" one has never been. Let's neglect, for now, the "take hostage" aspect, assuming Google, Microsoft, Box, Dropbox, hubIC, iCloud and others take sufficient precautions to ensure that user data is backed up and can be restored after any event of malicious "ransomware" ciphering or similar attack.  How does one make sure (as sure as possible) that what one stores in "the cloud" remains confidential?

Let us acknowledge  that breaches of cloud storage providers have also occurred, as these stores have become more attractive to cyber-burglars. For the most part, these breaches have acquired passwords and useful login information; sometimes more, like payment card information and electronic correspondence; sometimes much more (like the OPM breach[FIXME]). Storage in "the cloud" (i.e. someone's Internet-connected computer) is safer if what one stores is ciphered and very hard for others to read; ciphering does not prevent piracy and a degree of theft, but it does improve privacy. So how does one cipher one's files before storing them in "the cloud"?

Some storage providers, such as rsync, encourage and claim to expect clients to cipher their content before sending back-up copies to remote storage; enveloc, I believe, provides the ciphering (AES256?) as part of the transfer-to-storage mechanism for their commercial clients. One can use BitLocker or alternative (non-Windows) systems to have ciphered disks or partitions, but aren't files stored in this way automatically deciphered before transfer to cloud storage? How should one store ciphered files one want to keep ciphered, even during replication, until use?

 One's bank statements, for instance: how might one automatically save one's downloaded bank statements (or sextapes, heh heh) to a ciphered, less-vulnerable file?  Available locally (to decipher when wanted), to move or replicate to the cloud for safekeeping.  The browser typically uses https for the transfer from the bank to one's terminal, which is pretty fine, but then deciphers and saves an ordinary file. One should cipher (encrypt) such files (then remove traces of what was first saved --how?), particularly if one is going to keep back-up replicates of the file in the "cloud". Wouldn't it be nice if the browser fed the downloaded file into a ciphering engine (such as gnupg) or itself re-ciphered with AES or another symmetric key cipher on the way to saving locally? That would be safer, and more convenient for automatic copies to redundant storage.


I have used emacs with GnuPG to edit and to store ciphered files, which works fine for locally-created files almost all of the time--it did hang once during a save of changes I did not want to lose. But this incident notwithstanding, it is the reference for me of pipelining ciphering. I ask emacs to open a .gpg file, it calls GnuPG to prompt me for the pass phrase, it then receives the deciphered file from GnuPG (I suppose) after I enter the pass phrase correctly. And then when I save (changes) it hands the stream off to GnuPG to cipher and record.

What I would like is simply a browser extension to which I could pipeline a downloaded file to cipher with a key I would provide and method I would choose, prior to writing to storage. Like the way emacs will write a gpg file using gnupg when called to save a file. Then I would have files I could easily and confidently back up off-site, and confidently leave on my computer.



Tags: :


StumbleUpon Toolbar Stumble It!
Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?