An encrypted diary using OpenSSL

Writing helps me think. Today, my main outlet for writing, and thus for thinking, is this blog. But this blog is fully public and advertised. Many of my thoughts I would like to keep private. For this, the proper medium is not a blog; it is a diary.

A diary is extremely different to a blog, but some requirements are similar. The diary should have history. The diary should be storable as plain files. Entries should be timestamped. The diary should be editable anywhere. The diary should be useable with standard tools (e.g. editors, git).

I could implement this with a directory full of plaintext files, with their history stored in git, synchronized to a cloud service. This is exactly how I keep my blog. But how to implement privacy?

The clear answer is encryption. Each diary entry, stored as a file, should be encrypted so that only I can view the entries using a password. Crypto comes in two forms: symmetric and asymmetric. Symmetric would be simplest, but asymmetric has a significant advantage: it lets me write a diary entry without entering the decryption password. This means I have to type less, I can write secure entries on an untrusted computer, and entries may be plausibly deniable in the event of a breach.

To use asymmetric crypto, I generate a master keypair. Diary entries will be encrypted with the public key. The private key will be stored encrypted with my master password. (An alternative design is to use the password as the source for the keypair.) To encrypt long diary entries, public-key encryption is unsuitable, so instead each entry will get a one-time shared secret, used to encrypt the entry symmetrically. There are many ways to achieve this; one is to generate a random secret for the entry, then encrypt the secret with the public key. There are thus three levels of encryption in this scheme: a diary entry is encrypted with a symmetric secret, which is encrypted with an asymmetric private key, which is encrypted with a master password.

The most common tool for asymmetric crypto is OpenSSL. Let’s make a diary using OpenSSL! First we generate our master keypair, encrypting the private key with our password. Here I choose to use RSA for asymmetric crypto:

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 \
  | PASSWORD="${password}" openssl pkey -passout env:PASSWORD > "${priv_key_path}"
PASSWORD="${password}" < "${priv_key_path}" openssl pkey -passin env:PASSWORD -pubout > "${pub_key_path}"

Next, when we want to write a diary entry, we write two files. First, the file secret, which is a new shared secret, encrypted with the public key. Next, the file ciphertext, which is the ciphertext encrypted with the shared secret. Here I choose to use AES for symmetric crypto:

secret="$(openssl rand 32 | base64)"
<<< "${secret}" openssl pkeyutl -encrypt -pubin -inkey "${pub_key_path}" > "${entry_dir}/secret"
SECRET="${secret}" < /dev/stdin openssl enc -AES-256-CBC -pass env:SECRET > "${entry_dir}/ciphertext"

Finally, when we want to read an entry, we decrypt the private key with the master password, then decrypt the shared secret with the private key, then decrypt the ciphertext with the shared secret:

secret="$( PASSWORD="${password}" < "${entry_dir}/secret" \
  openssl pkeyutl -decrypt -inkey "${priv_key_path}" -passin env:PASSWORD )"
SECRET="${secret}" < "${entry_dir}/ciphertext" \
  openssl enc -d -AES-256-CBC -pass env:SECRET

I made this tool called diary in 50 lines of bash, which does the above, and has the following interface:

diary init                 Initialize the database
diary write                Write a diary entry
diary read entry_dir...    Read the specified entries

Now, OpenSSL is probably not the best tool for the job. I had to make quite a few low-level crypto decisions. In particular, it’s ugly to manually generate shared secrets and to store them in separate files. Later I’ll look at GPG, which should do a lot of this work for me.

Tagged #diary, #cryptography, #privacy, #personal, #programming, #openssl, #security.
👋 I'm Jim, a full-stack product engineer. Want to build an amazing product and a profitable business? Read more about me or Get in touch!

Similar posts

How do I hash a password with openssl?
The openssl passwd command hashes passwords using the outdated crypt algorithm, with truncation to 8 characters - a poor choice for secure password hashing. 2017-03-12
How do I generate random bytes with openssl?
Generate random bytes with openssl rand, which uses a PRNG seeded with entropy from ~/.rnd. 2017-03-10
How do I create a message digest using openssl?
Create message digests using the openssl dgst command, specifying the hash algorithm (e.g. -sha512) and optionally signing with a shared password using -hmac. 2017-03-13
How do I fetch a server’s SSL certificate using openssl?
Use the openssl s_client command to fetch a server’s SSL certificate chain, including the root certificate. 2017-03-11
I can see your local web servers
Script detects and exposes your local web servers on localhost and your local network. 2019-05-26
What is ASN.1?
ASN.1 is a data format used to encode structured data like RSA private keys and certificate signing requests. Using openssl asn1parse to reveal its structure. 2017-11-30

Similar posts

How do I hash a password with openssl?
The openssl passwd command hashes passwords using the outdated crypt algorithm, with truncation to 8 characters - a poor choice for secure password hashing. 2017-03-12
How do I generate random bytes with openssl?
Generate random bytes with openssl rand, which uses a PRNG seeded with entropy from ~/.rnd. 2017-03-10
How do I encrypt text with openssl?
Encrypt and decrypt text using the openssl enc command with a password and AES-256 cipher. The encrypted text is base64-encoded. 2017-03-09
How do I create a message digest using openssl?
Create message digests using the openssl dgst command, specifying the hash algorithm (e.g. -sha512) and optionally signing with a shared password using -hmac. 2017-03-13
How does a stream cipher work?
A stream cipher works like a one-time pad, but uses a pseudorandom “keystream” from a PRNG seeded by a secret key and nonce, preventing attacks based on pad disclosure or reuse. 2016-11-21
How do I fetch a server’s SSL certificate using openssl?
Use the openssl s_client command to fetch a server’s SSL certificate chain, including the root certificate. 2017-03-11

More by Jim

What does the dot do in JavaScript?
foo.bar, foo.bar(), or foo.bar = baz - what do they mean? A deep dive into prototypical inheritance and getters/setters. 2020-11-01
Smear phishing: a new Android vulnerability
Trick Android to display an SMS as coming from any contact. Convincing phishing vuln, but still unpatched. 2020-08-06
A probabilistic pub quiz for nerds
A “true or false” quiz where you respond with your confidence level, and the optimal strategy is to report your true belief. 2020-04-26
Time is running out to catch COVID-19
Simulation shows it’s rational to deliberately infect yourself with COVID-19 early on to get treatment, but after healthcare capacity is exceeded, it’s better to avoid infection. Includes interactive parameters and visualizations. 2020-03-14
The inception bar: a new phishing method
A new phishing technique that displays a fake URL bar in Chrome for mobile. A key innovation is the “scroll jail” that traps the user in a fake browser. 2019-04-27
The hacker hype cycle
I got started with simple web development, but because enamored with increasingly esoteric programming concepts, leading to a “trough of hipster technologies” before returning to more productive work. 2019-03-23
Project C-43: the lost origins of asymmetric crypto
Bob invents asymmetric cryptography by playing loud white noise to obscure Alice’s message, which he can cancel out but an eavesdropper cannot. This idea, published in 1944 by Walter Koenig Jr., is the forgotten origin of asymmetric crypto. 2019-02-16
How Hacker News stays interesting
Hacker News buried my post on conspiracy theories in my family due to overheated discussion, not censorship. Moderation keeps the site focused on interesting technical content. 2019-01-26
My parents are Flat-Earthers
For decades, my parents have been working up to Flat-Earther beliefs. From Egyptology to Jehovah’s Witnesses to theories that human built the Moon billions of years in the future. Surprisingly, it doesn’t affect their successful lives very much. For me, it’s a fun family pastime. 2019-01-20
The dots do matter: how to scam a Gmail user
Gmail’s “dots don’t matter” feature lets scammers create an account on, say, Netflix, with your email address but different dots. Results in convincing phishing emails. 2018-04-07
The sorry state of OpenSSL usability
OpenSSL’s inadequate documentation, confusing key formats, and deprecated interfaces make it difficult to use, despite its importance. 2017-12-02
I hate telephones
I hate telephones. Some rational reasons: lack of authentication, no spam filtering, forced synchronous communication. But also just a visceral fear. 2017-11-08
The Three Ts of Time, Thought and Typing: measuring cost on the web
Businesses often tout “free” services, but the real costs come in terms of time, thought, and typing required from users. Reducing these “Three Ts” is key to improving sign-up flows and increasing conversions. 2017-10-26
Granddad died today
Granddad died. The unspoken practice of death-by-dehydration in the NHS. The Liverpool Care Pathway. Assisted dying in the UK. The importance of planning in end-of-life care. 2017-05-19
How do I call a program in C, setting up standard pipes?
A C function to create a new process, set up its standard input/output/error pipes, and return a struct containing the process ID and pipe file descriptors. 2017-02-17
Your syntax highlighter is wrong
Syntax highlighters make value judgments about code. Most highlighters judge that comments are cruft, and try to hide them. Most diff viewers judge that code deletions are bad. 2014-05-11

This page copyright James Fisher 2017. Content is not associated with my employer. Found an error? Edit this page.

Jim Fisher
CV
Speaking
Blogroll
RSS
TigYog
Kickabout