A few months back, when I first stumbled on this site, I found myself sorely tempted by a few lovely scripts that involved sending sensitive information over the web (you know the ones
). Unfortunately, on account of the multitude of security sins I had committed over the years at my day job, I strongly suspected that there was precious little stopping said sensitive information from falling into the hands of unauthorized blackmailers (as opposed to authorized blackmailers -- a distinction one does not usually have to make
). A quick glance at the code confirmed my suspicions. I could rationalize trusting an anonymous internet stranger -- but trusting *every* anonymous internet stranger able to do some elementary hacking?
Rather than complain to the script authors who had already done so much for us, I decided to code a patch for sexscripts which would make it easy to ensure that only the intended recipient(s) could read strings/images/etc sent with send*(). For those of you who know what "asymmetric cryptography" is, this is that. But hopefully it's easy enough to use that you don't have to be an expert
Basically, at the start of the script you call
Code:
save("public.key.person1","02068ead249ff6d...") // Copied from person1's data.properties
save("public.key.person2","05a204a97f03aa3...") // Copied from person2's data.properties
setEncryptionRecipientList(["my.key.name","person1","person2",...])
and then any subsequent data sent with send() or sendImage() will automatically be encrypted. No further work necessary. If someone other than the person who sent the message, person1, or person2 tries to call receiveString() or receiveImage() to fetch the encrypted data, they get a "Sorry, only person-who-sent-the-data, person1, and person 2 are authorized" message. Even if they bypass the message by hacking the client, even if they hack doti's server and steal every byte of data stored on it, they will not be able to decrypt the data. Only the listed recipients can decrypt the data because only the listed recipients have a private key that matches one of the public keys used to encrypt the message.
Code:
------------- Person1's data.properties file ---------------
my.key.name=person1
public.key.person1=02068ead249ff6d... <-- if you encrypt with this
private.key.person1=010ba492c3c0a16... <-- you need this to decrypt
Everyone gets a key name, a public key, and a private key the first time they launch the updated sexscripts. You can change the key name to whatever you want as long as you change it in all three places. You can generate multiple keypairs by deleting the "my.key.name" property -- each time sexscripts starts without it, a new keypair will be generated.
Now for the bad news. I finished three weeks ago and sent the code to doti. Two weeks later I asked for an update, he said he didn't have any plans for asymmetric crypto. Suspecting that maybe he had missed my first message and misinterpreted the second as a feature request, I asked if there were any changes I could make to the code so that it would be acceptable. I haven't heard back. I don't know what else to do, so I'm dropping the code here. It works. Its security won't be reduced by showing it off in public because it's crypto -- knowing how it works doesn't make it easier to crack. If doti wants changes (better comments, better instructions, anything) I'm willing to make them. But the silence is killing me. Hopefully posting the patch here will provoke a discussion.