If I send a plaintext e-mail using Gmail to somebody, including my PGP public key block, is that secure?

I’ve been trying to figure out “practical encryption” (AKA “PGP”) for many years. As far as I can tell, this is not fundamentally flawed:

  1. I know Joe’s e-mail address: cool_joe@gmail.com.
  2. I have a Gmail e-mail address: me_78@gmail.com.
  3. I have GPG installed on my PC.
  4. I send a new e-mail to Joe consisting of the “PGP PUBLIC KEY BLOCK” extracted from GPG.
  5. Joe received it and can now encrypt a text using that “PGP PUBLIC KEY BLOCK” of mine, reply to my e-mail, and I can then decrypt it and read his message. Inside this message, Joe has included his own such PGP public key block.
  6. I use Joe’s PGP public key block to reply to his message, and from this point on, we only send the actual messages (no key) encrypted with each other’s keys, which we have stored on our PCs.

Is there anything fundamentally wrong/insecure about this? Some concerns:

  1. By simply operating the e-mail service, Google knows my public key (but not Joe’s, since that is embedded inside the encrypted blob). This doesn’t actually matter, though, does it? They can’t do anything with my public key? The only thing it can be used for is to encrypt text one-way which only I can decrypt, because only I have the private key on my computer?
  2. If they decide to manipulate my initial e-mail message, changing the key I sent to Joe, then Joe’s reply will be unreadable by me, since it’s no longer encrypted using my public key, but Google’s intercepted key. That means Joe and I won’t be having any conversation beyond that initial e-mail from me and the first reply by him (which Google can read), but after that, nothing happens since I can’t read/decrypt his reply?

Secure File Transfer with Individual Control

My main goal is to build Raspberry Pi cloud storage and I want to access it remotely. I can easily send commands via SSH.

However, transferring files bugged me due to its slow connection speed, or latency due to buffer, or other factors. I checked SFTP and FTPS for this.

My main goal is to send a file, let’s say mixed files of RAWs, JPGs, and MOVs that are about 5 Gigabytes, and to send it in minimum amount of time. I think this is possible if I encrypt the file first on my local machine and send it through some connection, then decrypt the file once it reaches there completely.

What are your suggestions to send large files securely?

is iptable whitelisting secure enough in AWS

Suppose my app is hosted on multiple servers, within the same data center (say in AWS or DigitalOcean). To secure communication between these servers, I use iptable to whitelist each other’s IP.

Question: is whitelisting IP secure enough to ensure the identity of the request? Or it’s actually possible for a hacker server within the same data center to spoof IP, thus foolinga me thinking it’s one of my own servers.

VirtualBox + VPN with Win10 Host – how secure is it?

I got a notebook from my company running windows 10 which i am officially allowed to use privately. I have to travel a lot i don’t want to carry a second notebook. Since the admins are having access to the device, like for company administered browsers oder updates or whatever, i don’t want to use it without an extra layer of protection.

So i installed a VBox with a mint guest. The virtual drive is encrypted. Inside the guest system i installed mullvad vpn.

How safe is this setup? Is there any possibility to check if there is maybe a keylogger or something like that running in the host system compromising my security? Where are the potential pitfalls of this setup?

I don’t want to use it for illegal things (of course) but i don’t want my company to be able to read private mails, chats, know my account balance when i check my credit card bill abroad, see what i watch on netflix or whatever, see what i shopped and stuff like that. (Or see that i type this 😉 )

What’s your opinion on that?

Thank you and best regards

Purpose of Secure Element

What is the purpose of embedding a Secure Element to enhance the security – especially the storage of keys- if a key is required to connect with it in order to get its secrets?

For example: Let’s suppose I have a host that is not secure enough to store keys in its ROM. I will hence store keys in a remote Secure Element that will be connected to my host. However, it would hence be required to secure the communication with the Secure Element to keep the confidentiality of the informations shared between the host and the Secure Element, such as the keys.

Now here’s the problem: how should I store the secret to connect with the SE (symmetric Secret key or Certificate), if storing the keys was the exact reason of integrating a Secure Element ?

It seems like a chicken and the egg problem…

If I derive an encryption key from an SSH private key, will it be “secure”

I would like to leverage my SSH keys for encryption my data. Since it is fairly trivial to unlock my SSH key on login, I can easily connect an SSH agent and get my private key rather than have to maintain another passphrase.

If I am using AES to encrypt my data with a 256 bit key, then I have to ensure my key is that size which will not be the case with using my SSH key directly, generally speaking. That means, I could hash my private key directly with SHA256.

Now, would it provide additional “security” if I hash my private key many times? Additionally, if I include a random salt unique to each “secret”, would that further help to secure the “secret”?

Process:

  1. unlock private SSH key via SSH agent
  2. use SSH agent to get private key
  3. generate random salt
  4. hash salt with private key many times to generate unique key for the secret
  5. store salt and secret

To Decrypt

  1. use stored salt and rehash to generate unique key
  2. ecrypt with generated unique key

Bluetooth LE with Secure Connection and static passkey: This is a bad idea, right?

I am currently looking into how to protect a BLE connection from active attacks (man-in-the-middle) if one of the devices neither has a display nor a keyboard.

Lemberg Solutions suggests this:

Alternatively, the passcode can be shipped together with the devices (on paper or as part of an online purchase), and the user should then manually input it to each separate device.

This can only mean that one device (device A) (most likely one without a keyboard and without a display) has a passkey embedded in the device somewhere. So it is static. This static passkey is also used by the other device (device B) (e.g. entered using keyboard input, via camera, …). The same passkey will be used every time BLE pairing is established with device A.

Am I understanding their suggestion correctly?

My understanding of Secure Connections with passkey is, that each device does the following for each bit of the passkey:

  • create a nonce
  • calculate a confirmation value using: nonce, passkey[i], SK
  • exchange the confirmation values with the other device (send own, receive other)
  • exchange the nonces (send own, receive other)
  • check that the confirmation value of the other device is correct If one of the checks fails, the connection is dropped.

In the case of a man-in-the-middle attack, the attacker can figure out the passkey by “brute-forcing” each bit. After all, there are only two possibilities for each bit.

This is not harmful for the current connection, because the attacker is “too late” to use the passkey. And it is not harmful if a different passkey is used for the next connection. But this is fatal if another connection is made using the same passkey (which is going to happen if a static passkey is used).

So, after the attacker listened to the pairing attempt, she interrupts the connection (e.g. right after the last set of nonces was transmitted). Now she only has to wait until the next connection attempt is made. She can now hijack the whole connection.

Is my assessment of this situation correct and the static passkey is a bad idea or am I overlooking something?

Secure a Jenkins node to only run approved scripts?

We have a series of Jenkins nodes that are used to deploy changes onto our SQL Servers, which works fine as long as everyone behaves and can be trusted.

The worry is that a rogue developer or hacker could simply add something like this into a Jenkins file and trash our data or performance:

   node (production) {          stage ‘deploy_straight_to_prod’ {                …<do something bad here>         }     } 

How do we protect against this? Ideally, only scripts that have been actively aproved by a DBA should be allowed.

Trying to use HMAC to pass a string to be verified. Is this secure

I am working on a django project and trying to create a REST api to verify email without using any database.

My present server connection is HTTP and not HTTPS

So some one using the api end point POST his email.

REQUEST:  curl --location --request POST 'http://127.0.0.1:8000/api/openlogin' \ --header 'Content-Type: application/json' \ --data-raw '{ "email":"test13@test.com", }' 

Now i am generating a random 6 digit number eg: 435667 and an email will be sent to test13@test.com

send_mail('PIN TO VERIFY','ENTER THE PIN 435667',None,[test13@test.com]) 

Send the HMAC value of 435667 as a response to this api

    raw = '435667'.encode("utf-8")     key = 'SOME_SECRET_KEY'.encode('utf-8')     hashed = hmac.new(key, raw, hashlib.sha1)     pin_hmac_hash = base64.encodebytes(hashed.digest()).decode('utf-8')     eg: pin_hmac_hash = "SOME_HMAC_HASH_OF_PIN" 

So the response for /api/openlogin will be

{ 'email': 'test13@test.com' 'pin': "SOME_HMAC_HASH_OF_PIN" } 

Now the user sends me back the pin along with the HMAC hash in the response

curl --location --request POST 'http://127.0.0.1:8000/api/verifypin' \ --header 'Content-Type: application/json' \ --data-raw '{ 'pin': "SOME_HMAC_HASH_OF_PIN", 'email': 'test13@test.com', 'emailed_pin':'435667' }' 

Will someone guess the pin from SOME_HMAC_HASH_OF_PIN.

Ofcourse i will further try to autenticate the api using JWT token. So the email cannot be tampered

This is an example of PIN but it can be any string of sensitive information. Can i rely on hmac