-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathconsole-instructions.txt
247 lines (188 loc) · 11 KB
/
console-instructions.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
1. GENERATE CODE BOOKS
usage: gencodes.py [-h] [--all] [--pdf] [--txt] [--pickle] [--otp] [--auth] [--aes]
-h, --help show this help message and exit
--all Generate everything
--allformats Generate all formats
--pdf Generate pdf documents
--txt Generate text files
--pickle Generate pickle files
--allcodes Generate all codes
--otp Generate OTP pads
--auth Generate Authentification table
--aes Generate AES code pads
2. DISTRIBUTION OF CODE BOOKS
Pad ID: The Pad ID is a safe code number you can share to make sure you are all using the propper code books.
3. AUTHENTIFICATION TABLE
The authentification table is a very simple way to verify if the message is coming from someone in possession of
the propper documents. You just cross-reference the letters and numbers to the propper grid code. You can include
an authentification in a message by putting in, for example, "C04=RGU4", and the recipient can verify and see you
are who you say you are. You can also issue a challenge and demand verification, asking "Authenticate H19" and
expecting "DJ9W". Using the authentification table in your messages is an extra layer of security. Obliterate codes
once they are used to prevent re-use by an adversary.
4. AES CRYPTER
usage: aescrypt.py [-h] [-e] [-d] [--key1 KEY1] [--key2 KEY2] [--iv IV]
[--pem] [--rawkey] [--file] [--keyfile KEYFILE] [--keeppad]
message
positional arguments:
message Message or filename
optional arguments:
-h, --help show this help message and exit
-e Encrypt
-d Decrypt
--key1 KEY1 Encryption key 1/2 (32 characters)
--key2 KEY2 Encryption key 2/2 (32 characters)
--iv IV Initiation vector (16 characters)
--pem PEM encoding of input/output
--rawkey No base64 for keys and IV
--file Encrypt/decrypt file, .enc extension
--keyfile KEYFILE Use pickle key file
--keeppad Do not purge pad (dangerous)
The code blocks are 16 random bytes base64 encoded. Two blocks are required for keys and one for an IV, requiring
three blocks per message. This means 300 blocks are enough for 100 messages.
ENCRYPTION
**OUTDATED**
1. Select first half and last half of Key on code pad then redact them out to prevent re-use
Example:
A6: 9bba6c2d46e354e1f3f3238542795266
B13: c424d45b1a68685353499e45a2ebec72
2. Select Initialization Vector on code pad then redact it out to prevent re-use
Example:
B20: 7e3119074bc945d5080e339308f34cf9
4. Encrypt message with aescrypt.py
./aescrypt.py -e --key1 9bba6c2d46e354e1f3f3238542795266 --key2 c424d45b1a68685353499e45a2ebec72 --iv 7e3119074bc945d5080e339308f34cf9 --pem "test message"
Alternatively, use the pickle file mode
./aescrypt.py -e --key1 A6 --key2 B13 --iv B20 --pem --keyfile 2022_06_20_85916_aespad.pickle "test message"
5. Copy message output
-----BEGIN AES MESSAGE 85916 A6B13B20-----
dvyPvT+SNttNWX7ZudwMSxNa+Al8oEeru1LxA10o9qo=
-----END AES MESSAGE 85916 A6B13B20-----
6. Send message
DECRYPTION
7. Receive message and find keys on Code Pad
Example:
-----BEGIN AES MESSAGE 85916 A6B13B20-----
dvyPvT+SNttNWX7ZudwMSxNa+Al8oEeru1LxA10o9qo=
-----END AES MESSAGE 85916 A6B13B20-----
The system will automatically know to use sections A6, B13 and B20 from the codebook 85916
Redact Keys and IV from code pad to prevent re-use
8. Decrypt message with aescrypt.py
./aescrypt.py -d --key1 9bba6c2d46e354e1f3f3238542795266 --key2 c424d45b1a68685353499e45a2ebec72 --iv 7e3119074bc945d5080e339308f34cf9 --b64 a72ef25dc9af3ddcf3d75cac71e7777f
out: test message
Alternatively, use the pickle file
./aescrypt.py -d --key1 A6 --key2 B13 --iv B20 --keyfile aespad.pickle --b64 a72ef25dc9af3ddcf3d75cac71e7777f
SAFE DESTRUCTION OF CODE PAD
Shred then burn paper code pads, or securely wipe code pad file
ENCRYPT/DECRYPT FILES
./aescrypt.py -e --key1 [key1] --key2 [key2] --iv [iv] --file myfile.tar.gz
./aescrypt.py -d --key1 [key1] --key2 [key2] --iv [iv] --file myfile.tar.gz.enc
5. ONE TIME PAD SCRIPT
The OTP script uses the same OTP technique as the manual one. It uses pickle files to get the OTP and removes them once they are used.
usage: otp.py [-h] [--pad PAD] [-e] [-d] [--keeppad] [--board BOARD]
[--brevity BREVITY]
[message]
positional arguments:
message Message, filename or OTP len in blocks of 5
optional arguments:
-h, --help show this help message and exit
--pad PAD One time pad file to use
-e Encrypt
-d Decrypt
--keeppad Do not purge pad (dangerous)
--board BOARD Checkerboard type
--brevity BREVITY Use brevity codes
ENCRYPT:
./otp.py -e --pad 2021-06-23_600815_otp.pickle 'auth D2-VVJS. this is a test message of the OTP system'
message no: 00001
pad id: 42642
output: 00001426428271331445461698759145020463212241105468681420662183079726717517225461032501137082524084622491649676
DECRYPT:
./otp.py -d --pad 2021-06-23_600815_otp.pickle 00001426428271331445461698759145020463212241105468681420662183079726717517225461032501137082524084622491649676
message no: 00001
pad id: 42642
Decryption successful
output: auth d2-vvjs. this is a test message of the otp system..
6. HOW TO USE A PAPER ONE TIME PAD
For more information visit: http://users.telenet.be/d.rijmenants/en/onetimepad.htm
Guide on OTP use: http://users.telenet.be/d.rijmenants/papers/one_time_pad.pdf
The one time pad is absolutely unbreakable if used proprely.
- NEVER re-use the same key to encrypt a different message
- ALWAYS use a secure truly random number generator
- ALWAYS keep the key in a secure location
- ALWAYS destroy the code pad after it has been used
Example WITHOUT brevity codes
1. Randomly generate a few hundred numbers in groups of 5 in a cryptographically secure way
Example code pad
63649 53102 36804 76914 10616
07911 65904 45066 89919 09794
42742 01969 89083 84195 92015
21854 72871 04531 20030 40734
67903 03061 56195 46228 98092
85047 07218 82884 73722 72631
75966 33824 85150 03150 33620
44677 62569 71723 30910 16106
08610 20247 94182 82128 47647
75675 73688 62476 30843 25272
02670 04743 47842 81324 10668
90190 41737 75490 72069 41769
51603 35220 99127 26616 45828
42953 29712 85571 37285 47970
35429 01619 85392 58782 58024
33036 60833 01560 76262 47290
83378 75598 06011 83127 13463
39528 72464 33378 53154 73846
43909 26603 61600 20250 81003
83312 09378 75190 89645 36395
2. Convert your message according to this or any other table, these are known as "Straddling Checkerboards"
-----------------------------------------------------
| A E I N O R | CT-46 |
| 1 2 3 4 5 6 | |
|---------------------------------------------------|
| B C D F G H J K L M |
| 70 71 72 73 74 75 76 77 78 79 |
|---------------------------------------------------|
| P Q S T U V W X Y Z |
| 80 81 82 83 84 85 86 87 88 89 |
|---------------------------------------------------|
| SPC . , : ? / ( ) " CODE |
| 90 91 92 93 94 95 96 97 98 99 |
|---------------------------------------------------|
| 0 1 2 3 4 5 6 7 8 9 |
| 00 01 02 03 04 05 06 07 08 09 |
-----------------------------------------------------
MESSAGE: ALL YOUR BASE ARE BELONG TO US.
ENCODED: 11787 89088 58469 07018 22901 62907 02785 47490 83584 8291
3. Encrypt the message by adding without carrying (modulo 10), ex: 9 + 5 = 4, 4 - 9 = 5, using the code pad.
Skip the first 5-number block.
MESSAGE: ALL YOUR BASE ARE BELONG TO US.
ENCODED: 11787 89088 58469 07018 22901 62907 02785 47490 83584 8291 +
CODEPAD: 53102 36804 76914 10616 07911 65904 45066 89919 09794 4274
-----------------------------------------------------------
ENCRYPTED: 64889 15882 24373 17624 29812 27801 47741 26309 82278 2465
4. Add the header
Since this is the first message, prefix it with 00001 (5 characters).
After the message number, add the first block of your code pad (63649). This is to verify the right code pad.
So the message becomes:
00001 63649 64889 15882 24373 17624 29812 27801 47741 26309 82278 2465
5. Send the message through whatever means
6. Bob receives the message and goes to pad 00001 and verifies that it begins with 63649.
He then decrypts the message by subtracting without carrying and converts the result back into characters.
ENCRYPTED: 64889 15882 24373 17624 29812 27801 47741 26309 82278 2465 -
CODEPAD: 53102 36804 76914 10616 07911 65904 45066 89919 09794 4274
-----------------------------------------------
DECRYPTED: 11787 89088 58469 07018 22901 27801 47741 26309 82278 2465
MESSAGE: ALL YOUR BASE ARE BELONG TO US.
7. BREVITY CODES
Brevity codes are used with one time pads to replace long words or terms to shorten the message, they are always 4 numbers long. They are preceded with the CODE prefix (99). The numbers are NOT converted (ex: CODE 0404 is just 990404, not 0909040004) with the checkerboard. This is done automatically in the tools using the pickle files. The codes can be safely reused as they are protected by the encryption.
Example:
Code for 'Unit' is 0012
Code for 'Come home' is 0027
Code for 'EMERGENCY' is 0911
Message is "Unit 7 Come home its an emergency"
Unit _ 7 _ COME HOME _ i t s _ a n _ EMERGENCY
99 0012 90 07 90 99 0027 90 3 83 82 90 1 4 90 99 0911
When decrypting the process is the same in reverse, after a '99' transcribe the 4 next numbers directly and transcribe the words after.
99 0012 90 07 90 99 0027 90 3 83 82 90 1 4 90 99 0911
CODE 0012 _ 7 _ CODE 0027 _ i t s _ a n _ CODE 0911
UNIT COME HOME EMERGENCY
8. RSA-AES CRYPTER
WIP