Want to use quantum technology for encryption, right now ?

And don’t have access to any of this technology ?

https :// http://www.wired.com /story/why-this-intercontinental-quantum-encrypted-video-hangout-is-a-big-deal/?mbid=BottomRelatedStories

OK, the below will not be using quantum signals to agree encryption keys like those guys are doing.

But rather a far simpler simpler quantum randomness beacon as a source of entropy from which the symmetric encryption key is created.

Symmetric encryption systems, like AES256, are all vulnerable to their keys being insufficiently random. They lack entropy in the jargon. Here is an example for using quantum-derived randomness and use it to encrypt some data with the AES256 algorithm.

First get the random data from the quantum source (and make sure this is done a fresh every time this procedure is followed.

To point out the obvious: the source is publicly available and it being used as a source of entropy is therefore somewhat predictable.

The genuinely random data from multiple sources are therefore blended in a psuedo random-way. Genuinely random data, mixed with genuinely random data, even if being mixed only in psuedo-random way, is still genuinely random data.

Get two different sets of entropy from source

Using this source, twice:

http :// 150.203.48.55/index.php

curl -X GET “https://qrng.anu.edu.au/wp-content/plugins/colours-plugin/get_block_hex.php” > 1.random

sleep 3

curl -X GET “https://qrng.anu.edu.au/wp-content/plugins/colours-plugin/get_block_hex.php” > 2.random

Randomly mix together the two random strings collected from the source

1) split the entropy files into multiple lines and have each line start with a psuedo random number

2) paste the resulting lists together and sort on the leading number.

3) remove the numbers and line breaks.

cat <(cat 1.random | sed ‘s/\(.\)/\1 /g’| awk ‘BEGIN{RS=” “;FS=”\n”;ORS=”\n”;OFS=”\n”}{print rand() ” ” $0 }’) <(cat 2.random | sed ‘s/\(.\)/\1 /g’| awk ‘BEGIN{RS=” “;FS=”\n”;ORS=”\n”;OFS=”\n”}{print rand() ” ” $0 }’) | sort | awk ‘BEING{FS=” “;ORS=””;OFS=””}{print $2}’ | tr -d ‘\n’ > 3.random

OK, now we have some properly random data. Use this to create the key and iv for the AES encryption.

Take the first 64 hex characters starting from the 2nd (picked 2nd at random, another starting point can be used) character and make the AES256 key

KEY=$(cat 3.random | awk ‘BEGIN{ORS=””;OFS=””}{print toupper(substr($0,2,64)) }’ | tr -d ‘\n’ | tr -d ‘\r’)

Take the first 32 hex characters starting from the 80th (picked 80 at random, another starting point can be used) character and make the initialization vector

IV=$(cat 3.random | awk ‘BEGIN{ORS=””;OFS=””}{print toupper(substr($0,80,32)) }’ | tr -d ‘\n’ | tr -d ‘\r’ )

Create a test message file to encrypt.

echo “test message” > message.txt

Encrypt the message file. not using any salt here since the key will not be reused.

openssl enc -nosalt -aes-256-cbc -in message.txt -out message.txt.enc -base64 -K $KEY -iv $IV

decrypt

openssl enc -nosalt -aes-256-cbc -d -in message.txt.enc -base64 -K $KEY -iv $IV

Ok, a valid AES key was created.

Let’s see about a more common problem: Generating an RSA public-private keypair for use in X509 certificates. The use of properly random data in generating RSA keypair is usually neglected (see any number of openssl cookbook example for generating publickey keypairs to satisfy this point).

openssl genrsa -des3 -rand 3.random -out quantum-entropy-keypair.privkey 2048

Where “3.random” is the file generated above.

Obviously you should add options for encrypting the private key with tripple-des (the “-des3” option)

When prompted for the password to protect the private key, don’t undo the good work with quantum data by selecting a weak password. This password is used to derive the encryption key (triple DES in the example) and rather illustrates the key space vulnerability of all encryption systems – none are more secure than their passwords/passphrases.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s