Encryption of personal correspondence. Friday's post
Hello, Habr! The topic of encryption of personal correspondence discussed many times before. But in fact I found nothing more or less sane than could be hemorrhoids. So I wrote an expansion for Sots. networking with poker and courtesans. Since today is Friday, the first half of the post consists of fun stories with pictures. In the second part — some problems and their solutions.
the
love Story
Mike at work likes to chat with Kate. They often write each other obscene things. Once Mike went home and forgot to turn off your computer. On this day, his colleagues learned a lot, about the personal life of Misha. But all in all, Mike and Kate have to use encryption.
the Story of a jealous husband
Serge Julia writes love poems. Julia reciprocates. Kirill sad. He is the husband of Julia suspects something. Soon he will read the correspondence of Sergei and Julia, and arrange BPE his wife. Julia could move from topic to avoid BPA if I knew more about cryptography.
alibi
The proportion of a very full life. Somehow, in correspondence on the Internet, shreds boasted of their adventures. Now for the adventure Bit I can show. This could not be, if he encrypted his exploits.
the Story of the riots
Alesha active citizenship. Alex likes to collect friends and have a noisy meeting in the town square. Guests to these meetings Alex invites over the Internet. Programmer Artem looked all personal correspondence, and quickly realized who was behind the mass festivities. Now Alesha problem. He could have avoided them if I were to encrypt your message.
the Story of a drama Queen
The world sent a message to Gleb. But Hleb is found with Lida. Hleb went to the bathroom and left my cell phone. Lida read the message Lights. After about a minute, Lida make a scene.
the
Timur is a suitcase and a key. It passes an empty suitcase to my friend, Sasha.
Sasha, too, have my suitcase and the key. He makes a copy and hides it in a suitcase Timur.
Because ago the suitcase is returned unopened, open it can only Timur. Only Timur is the key and his suitcase.
Timur opened his suitcase and takes out a copy of the suitcase and key Sasha.
Now Timur no longer need your bag and your key. Can he use those that he gave to Sasha.
About how it works the RSA encryption algorithm. And here is a quick decoding cryptographically strong algorithm using termorektalny of cryptoanalysts.
the
As the encryption algorithm selected RSA. Despite the fact that the algorithm is about 30 years old, the first library in JS was extremely poor quality. I have the feeling that they wrote exclusively for one project. With work and pain was able to adapt them to the needs of your project, although the tasks were typical:
the
Here it should be clarified that the DOM in the website and the extension is the same, but the global scope is different. Classmates, a similar method could not find. Guys minimize the code and do not create globals. Had to emulate the event on the "Send"button:
the
When the text was encrypted, broken into pieces, shipped and assembled, it was necessary to distinguish new and old messages that appear on the website. And Vkontakte, and classmates they subscribe date or unique id... I thought... I've never been so wrong. After that there was a "floating" bug. It turned out that all these labels can, somehow, be the same for two different messages. So I decided to assign my attribute for all DOM nodes to know who has treated and who is not.
But wonders did not end there. Classmates published a message, then I had to substitute decrypted, and then was some kind of magic, and a few milliseconds classmates re-wrote the original text of the same HTML element. Had to do a clone node communications to write the transcript, and hide the original element. The original node was hidden (display: none), but not removed, because I didn't know why and how to rewrite. There was a danger to break a script classmates if you delete an HTML element.
The last mystery of parsing the SOC. networking was the fact that if one computer loginlog a few people, then their key pair for conversations needed to keep in different places. The problem was resolved through extraction of the ID of the current user. Knowledge of the ID of the user who made the possibility of creating personal records in localStorage:
the
observations:
the
If I was able to cheer you or be interested in, please http://bakhirev.biz/demo/crypto/. There is a small instruction, answers to questions and link to install. I will be glad the bug-report, and new users.
UPD:
1. I will replace the encryption algorithm.
2. Secondly, a lot of criticism. I think it is not so bad, and I'm ready first who will transcribe correspondence to throw 500 rubles on a mobile phone.
Article based on information from habrahabr.ru
the
Why you need encryption
love Story
Mike at work likes to chat with Kate. They often write each other obscene things. Once Mike went home and forgot to turn off your computer. On this day, his colleagues learned a lot, about the personal life of Misha. But all in all, Mike and Kate have to use encryption.
the Story of a jealous husband
Serge Julia writes love poems. Julia reciprocates. Kirill sad. He is the husband of Julia suspects something. Soon he will read the correspondence of Sergei and Julia, and arrange BPE his wife. Julia could move from topic to avoid BPA if I knew more about cryptography.
alibi
The proportion of a very full life. Somehow, in correspondence on the Internet, shreds boasted of their adventures. Now for the adventure Bit I can show. This could not be, if he encrypted his exploits.
the Story of the riots
Alesha active citizenship. Alex likes to collect friends and have a noisy meeting in the town square. Guests to these meetings Alex invites over the Internet. Programmer Artem looked all personal correspondence, and quickly realized who was behind the mass festivities. Now Alesha problem. He could have avoided them if I were to encrypt your message.
the Story of a drama Queen
The world sent a message to Gleb. But Hleb is found with Lida. Hleb went to the bathroom and left my cell phone. Lida read the message Lights. After about a minute, Lida make a scene.
the
How encryption works
Timur is a suitcase and a key. It passes an empty suitcase to my friend, Sasha.
Sasha, too, have my suitcase and the key. He makes a copy and hides it in a suitcase Timur.
Because ago the suitcase is returned unopened, open it can only Timur. Only Timur is the key and his suitcase.
Timur opened his suitcase and takes out a copy of the suitcase and key Sasha.
Now Timur no longer need your bag and your key. Can he use those that he gave to Sasha.
About how it works the RSA encryption algorithm. And here is a quick decoding cryptographically strong algorithm using termorektalny of cryptoanalysts.
the
Technical issue
As the encryption algorithm selected RSA. Despite the fact that the algorithm is about 30 years old, the first library in JS was extremely poor quality. I have the feeling that they wrote exclusively for one project. With work and pain was able to adapt them to the needs of your project, although the tasks were typical:
the
-
the
- Generate key the
- to Encrypt text with a public key the
- to Decrypt the text private key
Was also surprised that half of the same extension, you need to come up with some phrase, somehow to pass them, etc. Although, like a long time ago, people transmit coded messages over open channels, and the process lends itself to automation.
the
Problems parsing the social. networking
Started with Vkontakte. The first difficulty for each conversation is created the input field and display field messages. The problem was resolved by obtaining an id of the source.
Next, it was necessary to intercept the button "Send" and press the Enter button. The problem is that the game hangs the first event, and only then initialized the plugin. To fix the situation added a handler on the document.body, and then filtered all intercepted events. It was necessary first to obtain them to be able to replace the original encrypted message.
The Internet showed that this is not enough. The maximum message length is 3000 characters, and encrypted key pair has a length of 3800. In addition, regular messages also becomes longer due to conversion to base64. Had to write a mechanism that would break the message into pieces, signed them (id, current index, the total number of parts), and then put back together. Get something like packets in TCP/IP.
Next you need to learn how to generate event "Send a message", because the script needed to self-send packets. In Vkontakte the problem was solved very simply, through a call to the global method IM.send(). To get to area of visibility of the site from the scope of the extension had to add a SCRIPT tag and write there a string method call. Example:
the
<script>IM.send()</script>
Here it should be clarified that the DOM in the website and the extension is the same, but the global scope is different. Classmates, a similar method could not find. Guys minimize the code and do not create globals. Had to emulate the event on the "Send"button:
the
var event = new Event("click", {
bubbles: true,
cancelable: true
});
button.dispatchEvent(event);
When the text was encrypted, broken into pieces, shipped and assembled, it was necessary to distinguish new and old messages that appear on the website. And Vkontakte, and classmates they subscribe date or unique id... I thought... I've never been so wrong. After that there was a "floating" bug. It turned out that all these labels can, somehow, be the same for two different messages. So I decided to assign my attribute for all DOM nodes to know who has treated and who is not.
But wonders did not end there. Classmates published a message, then I had to substitute decrypted, and then was some kind of magic, and a few milliseconds classmates re-wrote the original text of the same HTML element. Had to do a clone node communications to write the transcript, and hide the original element. The original node was hidden (display: none), but not removed, because I didn't know why and how to rewrite. There was a danger to break a script classmates if you delete an HTML element.
The last mystery of parsing the SOC. networking was the fact that if one computer loginlog a few people, then their key pair for conversations needed to keep in different places. The problem was resolved through extraction of the ID of the current user. Knowledge of the ID of the user who made the possibility of creating personal records in localStorage:
the
rsa_keys__326374454
rsa_keys__43234223
rsa_keys__113234753
...
observations:
the
-
the
- Vkontakte and Facebook does not compress the CSS. At the moment I sharpen plugin and under Facebook, and when I saw in the code the ID no NIS and naming of the CSS classes in the style of "l4y", was taken aback. The first thought was: "They generate the class names, therefore, the logic of my parser will crash at the next update and rebuild the site.". As it turned out, not collapse. Along with the short names, also come across very long (for example, "mdialog_chat_add-comment"). Apparently, they have staff also have hounokidaira who come up with non-obvious and obscure shit-name.
on Facebook, the only one who was too lazy to write a cool entry field. Only they have a regular textarea, where all the smilies are displayed by the encoding, not the picture.
If I was able to cheer you or be interested in, please http://bakhirev.biz/demo/crypto/. There is a small instruction, answers to questions and link to install. I will be glad the bug-report, and new users.
UPD:
1. I will replace the encryption algorithm.
2. Secondly, a lot of criticism. I think it is not so bad, and I'm ready first who will transcribe correspondence to throw 500 rubles on a mobile phone.
the text of the correspondence under the cut
Mike
PUBLIC_KEYMIGfMA0GCSqGSIb3DQEBAQuaa4gnadcbiqkbgqcm/+5vvOmEGeT24elRMpufB96z08birItibPbswbxdxiw8xd9jxy3cajygzuzsqag8dz/kVZeVEdNJO7suFzASTD6/BUrU4V2GmclJSyKzMdE/t6CIhlycYFBGPjJ6fKrouJte9Srb2DeMtihfo2mdcbqsaw+A72URxi7iizdeeQIDAQAB
Alex
TRANSFER_MESSAGE_Eai_0_2_TRANSFEr_sessionup5hfanxle/n0Ndw7Cog6q3A6UcMNFumk6+Xx7BbD69kA9OkEY2LNMyCgctkT7zymfwt7pkxkdjqitbscwi69nr+ETNYvY/BxoBvlk3pO3lHWnA7wpSpqoQTUfnZR7Z4rxydrt9x2xzbqk4/8u0mqaT6XXe2mCodUgTiF8gI4UU=OJ9xoowTR4NnpTEwln+5R49fr2zAHmWSZ4Q05QExzOBmUU0pr/IZF+My2s3fvfoga9B4ItDKqicr012ZCRpEp98bhodiazbzkrctxke4e4ufthmwykxujfkebmzdxh0sbqp5anjay85mzv3vnlh6txbviy5enpa4lxopvrmabcs=QwbB5skTxnw1M+VjRESs+7abY8te4dMI4yfC4bKIS/1h7vaO8rHYA9lSYTwF5ca86OQr6l8tfWfuidsrsniv3eiytdefo4kjtjv7yuag0b9kvtsniagyhrkhisxxo/S6R5leUTVahAvbkcy/VGreOnPhzXwhhtfkW7VYKGUKJY8=VP+CHx0759rNcXh5naBiTHS3QY4nQuQsKqy/K6a54+IaENO2zRDejFmIDBLCQhEvjrZNLlb2Zypdae3vbhr+rhtddElpQlCzhT7GqtgBPfc9f+AROjOWxS+XM/z/dpZKdlPAH39cR4y7xToNyYWcFy+8kujwG7DNfD2i8TuwRvo=abrJ2Pgrmc+sokIvQXmpzxBbsyerEMxzVUjm3V7MRCVzsh58unwezzov2oqq+zn+TojZzG4VLPbwsEhZqp7Fium64L68NBpu1czksxougzrszhumr8nb5fqnyyonxb4ebyxi0bersmad7ppjfjlpwtgpnoz4rygpci38ck4pmvc=iBGSIP6hwUUJwiuoySCu4SJSjRk50Gp5uvthq5wokrb1pwye8nh5tz58tn/RYUDsMOFhst8hGzV2sKJFIerUEGlkZASd8hyejnhooagxarbbkznh0sy4dintu8yezy/d1UDSC8oBfjDojPY7HHotIoKAfh57lwYqjjo96dmg4r4=WLiFUhtVH1qU4ARdU6m4lHLqujAmmiz5t/UnpK0r7kofcDUe0+mfXkwFWBjf7frxrDy6AgLy0gArvMbO21c89li+B7si6z3EDGNRXmTo0IuggyymILlednIb1xpsibr2p2/mJ3LNV5JFE0260JeirrmMW70w96FVkYxljo8fgww=Sygre8lWBThQ7ayWUSj5N2JdkDYzxrvtrunh+IgS6H2Kciy8gVDHP8gtxlhJ9bsX21Nvf99la9r4kk08kkm4lbmxfppbtoidmenji+WVI7X76+e482+nxaaITLps7bx9CKOZv+JA8n7a7OmnFK5gaRAj25eOdjXHvEjbLX/c97o=JxEmDYkF3WIca0Zkem+Ow82ZkXPlz8Ol+vnERUnsFv9pUN3usPzXILFOECOECFaJksfwn1+JhVrSA9MvMNNWgxSMgFOLapBRlD7Mxj8ln0fpfzad9vzq5bwukyq0ujztsfbpeerm6unqjczebxeemslhjkyiqzpqqymg5xdomp8=Pi5g7MbR8+TkMzdHWRvJBXmeHu5kplJPMA+KcOu1g/WsHMyUcBM82C6XUVh9PZrb38TMeeCmT1p/cd3KzMBNWMBKDvtLDn+lCCbN2rKuTDydIcteHG1EETh5pVqysxLw8zjvh7dnpaxdexv8bxklf+hC2nTU/y4wJ0kaoqNMYjA=KnuQ0a2Y/nkOQadDpDJQLUpDErzGkIOb6R+J0ypHnBLXvaRriZeBE8BTjvZjw62nD6iiojmcjwglyzmkyw0w26ngqed4yhsapw68mzbff/cx5YT1J0vcpeLtzBLiqqnOKqj1X36A/PhST2uUzb0lAQ2ZIH2aHecaHL7r26gIqxc=ecijZEZq1U6EQI96OXEGlvl4kkfbGsAexvluzjoqymlvnpqttyyc7prkpdbmjwotebm5f8ep9wbnkkhpncydqailffdo6956lvs8he5z4nhrla0sud+xeOiHkez79aZnxVRDFqykL5CPYLvQR8Ulkokps+1UHMbPtYYtC1LPOTY=G1DtexU5oW9ZPb2Rw9ufcO0wYXlCKD6lbwd/BRpzRoJnqrgRF3ATtBjdXmv9i3NjkB81ijzqed61scsmszbybwcnhenpka5vlr2dk/p8MINf8JPX0vPFLeFx6NweQRtAt9XySNptwq1t7/SUjh2s9sIem86d1KWuB+v07p6APBo=GvdcZwMrNN+P1SP1IaZg58KGZPn6hmzcn3bn2dE3Lrdhvski+tr2wfCXrzYeQqkd++D6MH/X33nmv78S4To/mEVO/4zIgpgqtJF+TGMpdvrV++YzqhAc9P8C3H9ALNbAy6uZlZv0m23Jduif/x8qOKzlZnr2vqL0ri2CsqIsklo=bigcqz2eKfMo2jfvgmiboYHmR0C5xhV+UATxTL6C7i7tvpBrIcvr6jUsh5kVFmAIc3sc7acfygig671bb018gkh9riue3l8h9qex0qezd59k7y6ikhxr/oLiWz2iefkPV+WhL/CyBQT6EHW+XDECttRBmwAgdXhKxj9SFitOYAU=EBANVUsCv8J35tScX+dCnc8PUSCP2RK5r3B7CPq1Un8ftZyEzxk2assin9w1d9li8r8pm/GXlI6A+ZLg2PuO8cSleqps3d8Q0ofIZH6Tfn9Hgtlc2uqwibvordhqp0azycdgblh2n3hut5mkia4bdvt0nxwmrtclxseyyrf1ad4=LSTVKU1c3FeOa2tOjERcEU9YufPmkJZgmwo835ai6uq5vlufbgv1veg5snclhhzojp8dj6iuwsjfgy61wxn8hjjg3axrlnq1/SVFRfjd58gBkjbyQhDbIxit7szbtln+/OnNjp/DIJ2NlONIfY+hDtEyyymd6tKYRSN9rSm2W30=W059Cemh+YVE1hSLA4SkRqRJzA4JQvlhwRmsbeYXM15gvdniotfga2utrn7y
TRANSFER_MESSAGE_Eai_1_2_pNCHkLzzefqsigjslilkt7jsifdexidxsobapzq+qBohs4yqlxaBi4uiQ8WMo+FNIXM6nXAzh2BgcUbwJu/+ldLpNt4QWKFDOTRr/DH7wh36ffU=SpL416TlTVI50yom99kriA/MTFaSNDXgLo9f8yTrRo0BOrr+VagrV350PL9+Bn/7mLyLDyx/0/ovGyevDH1L6SJq1n5fiM3A9ZViJ+vBOv+70mq/1Y849P7hjJ+yPCez3iWv2DDNNNOM6Ma3WSmzr8qv7Cbz4y7d8uzxbm2usm8=BkJImbxMZzZRL8wOGn4N/AUKdtosETq4/JGSOy0Fe4S2rgRiihPvF3LrYXOfBmwE0fu4dplfcxl/J96wBiJiu9OjxJzpxiFdZOVtYZgBMiMHshrxa8l5sbs/68pStS0XNMdk/J0x5ofr4cf4En52AzLlcqWYPlKUnIbB/wur9F4=aJ7EURVaBpLz5VZwe9bDJbcMCbh8QB2wpvp4+NA8twWS3IEglOeb0vcIj9rdgSrs1cqPWwugfur5qwa8eczywqckcdtncn8pfb0v3qs6kot+oRbXEvN6QYPOj3+6qLtfIqcVc6IhomGxniK3rlawxn1aY7vqnkuwt0qi3o1uem8=YB9mhkNQw9U0RUtd4BtDEWgA0VYG11HRjkzv92r6s6btthzse0xjtv4vy2cip8p4e7x7bwc5rqykuz2+CpwjGZPamclCKTGw8g7gLKShxRoxENIko5cn2nwrpoifdhwak63ja7syebaqefdybrfqz7yxubdfqpwc4ccrqwphozw=
PRIVATE_MESSAGEcjmEpu+ousBCSiRcbTS+oSAfFnGu12uLkyky03nHCbqB9IFS+tZmiWc3yecV+AMyhBrBL44+ATfhiCwLuyqpj9p2oc1ErEQJMBwBN1rP4rhbbboeyptqvungyyhmgmgbim14e16w415mg7hh7ebd2rg37xygmfwr9eu/vchCqCs=IUF4xEb/hFXKNtda4SAZMm5DfJPclEWjYSPfSFAlpv/EnC+ICFj4D7rV6Kw+Kpix7xPojNSrZ+L52F3Mb+XOQAGrp9s5j8Awm90nMK4L9pzBWiGqWMdjtqdnufmbkhgl8xnnaksq8m0mmttpol5t+9fJhupXP/Uc9gsaEL5qfIk=
Mike
PRIVATE_MESSAGEPgGdNyh4tKBzMe4Aak2bp6wu8p82ytpjsugkwt8ucojqjc8buwoihwqaudvrxp9c0q2blasstrwcokq8ffyjgywsqi9b+N3CZsJzwWmoi5knscemAfHW4Q79vEeVmoryxmxaluogpfhh39yug1ehvigb/O1v6NjiGXb9iMhZSCs=
Alex
PRIVATE_MESSAGEYa4AsB547nhGYr/DtENkKdqY9B/RgQD4mI9ODmI0b7qjcAp6rV4SwwwbSfg/XQR0glbuXvn5dl1INDl/DozlR1w+KCC4VYwbgb2mSJo2zNuysGgp20fXgsipl2cfyvpj/7CZLAgFyBMhSz8O5lkzdupclypvafA3Rcfvyvug2h4=
Mike
PRIVATE_MESSAGEIHukJXVYnhaiC7CKQd/7mgMsdiq0DppsFogmTcxpDdQODp5aaFK7z8a2qvjlfrbbvikvzrlopfokufw7rotprnixyb6dfvm86a4tvuwhecx49mdr6d+rll/4d3A7bqNwa0Lc4HcJu+jYu7vGdsPOnIHRfIdz37jL9HHhHh59Pp0=
Alex
PRIVATE_MESSAGEQ6iHAdMjb7JZTzxn1hrby0ki3ha99b1eeihhaxbi6iqjo4vtnj99juhpgqi58ccysrbnti6ogbmx3czjzwruv5rx3vzhtnwjmvxd3il/67K+Zfyj5YAFGonhPNQmyof+kCT/Wqmy8/hPjBRCe7M1eXXMkdMc4ZautZSZ/n9ocLs=
PRIVATE_MESSAGEehGaLyCU7+EOXd2LWQnUsKKwSyYU+JXiY3UeEkazNZ3blkWvlJ9jhpnz/fmX6LnAD2rDd+/CxiPwyt2gn3SkR8l2LcsUoMpjKvkj8Wmwwcqchrufi5q6etdqnw5ucqmfyshsod1fgcauz+/DxazqtmHwub9lJXhJq4gpcHfcJaI=
Комментарии
Отправить комментарий