ccrypt encryption support about puren_tonbo HOT 5 CLOSED

Ubuntu 21.08.5

$ ccrypt --version
ccrypt 1.11. Secure encryption and decryption of files and streams.
Copyright (C) 2000-2018 Peter Selinger.

Ubuntu 18.04

$ ccrypt --version
ccrypt 1.10. Secure encryption and decryption of files and streams.
Copyright (C) 2000-2012 Peter Selinger.

from puren_tonbo.

• https://vim.fandom.com/wiki/Encryption#ccrypt
• https://www.sheep-thrills.net/transparantly_editing_encrypted_secrets_file.html

both make use of an environment variable to password into command line tool with stdin/stdout for data.

From https://www.sheep-thrills.net/transparantly_editing_encrypted_secrets_file.html

A note on security

As the original text and the ccrypt(1) manpage suggests, most modern *nix derivates don't allow an unprivileged user to see the environment of non-owned processes. Root can, however, e.g. through ps(1) and proc(5).

from puren_tonbo.

Decrypt:

ccrypt -cb -E PT_PASSWORD

Encrypt

ccrypt -e -E PT_PASSWORD

ccrypt will use what ever variable specified (or prompt), so will use existing PT env var.

$ ccrypt -help
ccrypt 1.10. Secure encryption and decryption of files and streams.

Usage: ccrypt [mode] [options] [file...]
ccencrypt [options] [file...]
ccdecrypt [options] [file...]
ccat [options] file...

Modes:
-e, --encrypt encrypt
-d, --decrypt decrypt
-c, --cat cat; decrypt files to stdout
-x, --keychange change key
-u, --unixcrypt decrypt old unix crypt files

Options:
-h, --help print this help message and exit
-V, --version print version info and exit
-L, --license print license info and exit
-v, --verbose print progress information to stderr
-q, --quiet run quietly; suppress warnings
-f, --force overwrite existing files without asking
-m, --mismatch allow decryption with non-matching key
-E, --envvar var read keyword from environment variable (unsafe)
-K, --key key give keyword on command line (unsafe)
-k, --keyfile file read keyword(s) as first line(s) from file
-P, --prompt prompt use this prompt instead of default
-S, --suffix .suf use suffix .suf instead of default .cpt
-s, --strictsuffix refuse to encrypt files which already have suffix
-F, --envvar2 var as -E for second keyword (for keychange mode)
-H, --key2 key as -K for second keyword (for keychange mode)
-Q, --prompt2 prompt as -P for second keyword (for keychange mode)
-t, --timid prompt twice for encryption keys (default)
-b, --brave prompt only once for encryption keys
-y, --keyref file encryption key must match this encrypted file
-r, --recursive recurse through directories
-R, --rec-symlinks follow symbolic links as subdirectories
-l, --symlinks dereference symbolic links
-T, --tmpfiles use temporary files instead of overwriting (unsafe)
-- end of options, filenames follow

from puren_tonbo.

os.environ['PT_PASSWORD'] = bad'
os.environ['PT_PASSWORD'] = 'password'
cmd = [PTCIPHER_EXE, '--decrypt', filename, '--output=-', '--no-prompt']
cmd = [CCRYPT_EXE, '-cb', '-E', 'PT_PASSWORD']
cmd = [CCRYPT_EXE, '-e', '-E', 'PT_PASSWORD']

# expand-shell true for windows to avoid pop-up window.
# TODO look at startupinfo param, from docs;
# The STARTUPINFO class and following constants are only available on Windows.... wShowWindow = SW_HIDE
p = subprocess.Popen(cmd, shell=expand_shell, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)

# timeout not suported by older python versions, pre 3.3
stdout_value, stderr_value = p.communicate()

print('post com')
print('stdout: %r' % stdout_value)
print('stderr: %r' % stderr_value)
print('returncode: %r' % p.returncode)

from puren_tonbo.

Also see NeoVim lua script for shelling out to ccrypt - https://github.com/kurotych/ccryptor.nvim

example of a practical attack on ccrypt

https://www.reddit.com/r/crypto/comments/of5jy8/comment/h4b1o17/

Tested 2023-03-25

Summary

No authenticated encryption (signing), Tampered/corrupted files will be partially decrypted, original report of forgery looks like it may be resolved in ccrypt 1.11. But decryption is marked as successful and without error, even when file has been Tampered with.

Original Report

from https://www.reddit.com/r/crypto/comments/of5jy8/comment/h4b1o17/
2023-03-25

skeeto - https://www.reddit.com/user/skeeto/

2 yr. ago

Indeed, here's an example of a practical attack on ccrypt. Ahead-of-time preparation by Mallory (i.e. doesn't depend on key or IV):

$ dd if=/dev/zero of=attack count=1 bs=37
$ printf '\x03\x11\x46\x02\x1b\x01\x4e\x0d\x12\x1b\x1f\x00' >>attack
$ cat xor.c
#include <stdio.h>
int main(int argc, char *argv[])
{
    FILE *f = fopen(argv[argc-1], "rb");
    for (int a, b; (a = fgetc(f)) != EOF && (b = getchar()) != EOF;) {
        putchar(a ^ b);
    }
}
$ cc xor.c

Alice encrypts a message for Bob:

$ echo meet at midnight | ccrypt -K password >secret

Mallory modifies the date:

$ ./a.out attack <secret >forged

Bob gets the wrong message but cannot know it:

$ ccrypt -dK password <forged && echo success
meet before dusk
success

Demo

~/code/c/ccrypt_hack_test$ cat demo.sh
#!/bin/sh

echo from https://www.reddit.com/r/crypto/comments/of5jy8/comment/h4b1o17/

dd if=/dev/zero of=attack count=1 bs=37
cc xor.c  -o xor

echo Alice encrypts a message for Bob:

echo meet at midnight | ccrypt -K password >secret

echo Mallory modifies the date:

./xor attack <secret >forged

echo Bob gets the wrong message but cannot know it:

ccrypt -dK password <forged && echo success


~/code/c/ccrypt_hack_test$ ./demo.sh
from https://www.reddit.com/r/crypto/comments/of5jy8/comment/h4b1o17/
1+0 records in
1+0 records out
37 bytes copied, 0.00218466 s, 16.9 kB/s
Alice encrypts a message for Bob:
Mallory modifies the date:
Bob gets the wrong message but cannot know it:
meet success
~/code/c/ccrypt_hack_test$ ccrypt -dK password <secret
meet at midnight
~/code/c/ccrypt_hack_test$ ccrypt -dK password <forged
meet ~/code/c/ccrypt_hack_test$

from puren_tonbo.