Can self encryption be used locally?

Okay I know self encryption was originally designed as the first step in uploading to the SAFE network. But could it be used for local storage encryption instead? What I’m thinking is solving two main problems:

  1. Right now we have no really good local encryption program. The last good encryption program was TrueCrypt and that’s long since been retired. We really do need a replacement. Could SAFE, or an app for SAFE, be modified to fill this role or function. Offline local encryption.

  2. Not everyone will have access to internet at the time they have data they want to encrypt. In short there may be a waiting period. Say you take your phone or laptop out with you into the bush and want to take some photos with GPS coordinates. Or say there is a natural disaster or a protest or something and the internet goes down (or is taken down). One would still have data they could record locally and want encrypted but the upload time would have to wait until connection with the internet is reestablished. So essentially what happens when one wants to cache encrypted data while waiting for upload to the SAFE network?

This is why I ask can data be encrypted without uploading it. And can one place data in their SAFE drive locally without being connected to the SAFE network?

2 Likes

Think of self encryption like this:

Encrypt

  1. Takes a file as input
  2. Produces lots of encrypted chunks and a “key”

The key is a data map, but imagine it’s just a key (blob of data, very small tho).

Decrypt

Pass in a key and access to a location that holds the encrypted chunks (may be millions of chunks, but the ones for this file must be there).
Out pops original file.

Side Effect

If you have 2 files the same then the chunks although encrypted are the exact same, this is where deduplication happens.

It’s all a type of convergent encryption really, but does some more.

You can use the example app in the crate https://github.com/maidsafe/self_encryption/blob/master/examples/basic_encryptor.rs
to see this all working and give you a local encrypted store, if that is what you are after :wink:

10 Likes

Okay these are going to sound like stupid questions but here goes.

  1. Just to clarify. You can self encrypt something and both the encrypted chunks and key can be stored locally before being sent to the SAFE network. Normally the chunks are THEN uploaded to the network where they are chunked again but you don’t HAVE to do this for self encryption to work.
  1. This location where the chunks reside can be on your local machine or somewhere in XOR space on the SAFE network. (I still struggle with the concept of XOR space.)

Yeah this one is going to take more explaining as this made no sense to me whatsoever. Sounded cool though.

  1. I’m going to have to read up on convergent encryption.

Awesome though perhaps at some point we’ll need something more advanced than an example app.

  1. How would one combine say what the example app does with then uploading to the SAFE network once one reconnects to the internet?
4 Likes

Yes, although the key is a key, it can decrypt chunks so should not be stored close to chunks.

Anywhere you can store/retrieve data

If it’s lacking something then we can look at it, but we would need to know why the example is limited. It takes files and encrypts them and gives keys, you can then decrypt. so can be used in a script etc.

So if it’s limited then it’s worth checking it out first, use it and see what limitations there are. If you are looking for a gui and a bunch of cross platform installers and signed binaries etc. then it would be too much for us right now, but it’s all there for anyone to do that. :wink:

The API allows file uploads, so decrypt and write to the API, that should be easy for devs AFAIK. Encrypt/decrypt is probably way faster than your upload so this would not be a bottleneck. You could also upload the chunks direct, but then would need to link that to a filesystem of sorts and SAFE automatically does that when you upload files. Something like safe-drive etc. would make this very simple, without going though the API.

It’s equivalent to just use AES with a passwd locally though and the advantage there is you can use a hard to crack password you can remember.

6 Likes

Have you looked into veracrypt? Open sourced and efi compatible. Some have voiced comcerns over its dual license but at least it has been audited for security vulnerabilities so it should be fairly safe to use. Mind you truecrypt was considered the defacto cross platform encryption program long before a proper audit occured. Veracrypt is ahead in those terms and remains open for all ro review. No shouts about security holes have arisen thus far. Might be worth looking into.

4 Likes