Introduction: Encrypted File Movement
A year ago I was part of a project. We needed to move some sensitive information across the country.
I will go over the background of why, feel free to skip to step 1.
My team was called in at short notice to recover a computer from a team member being made redundant. Most of the computer was your normal data, text files mostly . As I am going through the computer I found a file, on the local drive which contained sensitive personnel data.
After reporting to those above me and a few arguments as to why this information can't be emailed it was decided to move it physically. But this had to be done in a way which could not allow the information to be compromised in transit.
The conditions to move the file were:
No network connectivity, the host computer was never connected to a network and this file will be stored on a device which is not network connected.
So a USB is used.
If the file is lost in transit, you can not plug it into a computer and access it. You could also not brute force the device.
The file is to be encrypted, then split into 4. Each 1/4 will go on a different USB. With the key on a 5th.
5 different USB's with a different portion on each. Note this method will work with 1 USB only just skip the split and recompile steps.
Step 1: What Do You Need?
The intention is for this to be simple. But if you are still unsure there is a ZIP at the end with the code.
All software is free. It is also made by the code in the instructable.
Pip knowledge. See link below. You just need to know how to install modules.
We will be putting all our files in 1 directory for simplicity's sake.
Step 2: PIP in the Modules
In Command Prompt for Windows enter:
pip install cryptography
or Terminal for Linux/OSX enter:
pip3 install cryptography
Step 3: Generating a Key
Much like a lock our encrypted file is going to need a key to unlock it. 'password123' is not going to be secure for this file (if that is your password, go change it...now.)
We are instead going to have a key generated for us.
Create a folder for all of your python scripts to be stored in. Create a new file, I will call mine Key_Gen.py
In Key_Gen.py I will enter:
import cryptography<br>from cryptography.fernet import Fernet key = Fernet.generate_key() file = open('key.key', 'wb') file.write(key) file.close()
Save then press F5 to run.
What we are doing here is importing the modules we need.
Creating a key variable and generating a key in the variable.
Opening a file called 'key.key' and writing to it.
If you open your folder you now will have 2 files.
Key_Gen.py and key.key
If I read the key.key file created it reads:
This is my key. Yours will be different and it will change each time you run the program. So if you use your key you can not get your file back.
If your password was password123 please see more resources below to see if your new password is more secure.
To check your password strength go to https://www.howsecureismypassword.io/
or utilise a Password manager.
Step 4: Encrypting the File
No one would ever need to encrypt 1 file. Except me(see intro). Most non me people will need a way to encrypt multiple files. There is a very simple method to ensure consistency. Put all of your files in a ZIP.
If you don't know how to ZIP go here if you're on Windows:
If you're on Linux I am very disappointed you do not know how to ZIP. TAR backups will be your friend here, or see if your distro has an archive manager.
Once you have Zipped your files we now only need to worry about encrypting 1 file. So let's open up our folder and create a file called 'Encrypt File.py'
Filling it with the code
from cryptography.fernet import Fernet file = open('key.key', 'rb') key = file.read() file.close() input_file = 'secret.zip' output_file = 'transfer.encrypted' with open(input_file, 'rb') as f: data = f.read() fernet = Fernet(key) encrypted = fernet.encrypt(data) with open(output_file, 'wb') as f: f.write(encrypted)
So what is happening?
From cryptography we will import Fernet.
We then open our key.key file we created before and read it into the program.
We then need our input file. This is the variable you want to change to suit your ZIP files name. In my case it is 'secret.zip'
This will then output as 'transfer.encrypted'
Open the input file and read it in, encrypt using the key, then write it to the output file.
You now how an Encrypted file ready for transport.
Step 5: Split USB Method
In my original project the file needed to be spread across 4 USBs. This was done by taking the output file. Opening in notepad and putting 1/4 of the file onto each USB. The key.key file was put on USB 5 with the Decrypt program.
At the other end the text file is put back together ready to decrypt.
Step 6: Decrypting
Now comes the time to bring our information back.
We will need a new file let us call it 'Decrypt File.py'
We will also need the below code.
from cryptography.fernet import Fernet<br>input_file = 'transfer.encrypted' file = open('key.key', 'rb') key = file.read() file.close() with open(input_file, 'rb') as f: data = f.read() fernet = Fernet(key) encrypted = fernet.decrypt(data) with open('output.zip', 'wb') as f: f.write(encrypted)
This code will bring in our transfer.encrypted file as the input, key.key as our key. It will decrypt then write it out as output.zip
Step 7: Conclusion
Whilst there are many other encryption programs on the market, many of which are free. Very few would be implementable on a closed system and know it to be secure in transit.
In my situation during the transport of the 5 USB's. USB 1 was misplaced. I was able to load file 1 back onto a new USB to transport. But this assisted in proving the point of why it was moved in the way it was. USB 1 was lost. If the files had not been split there is a risk that file could be decrypted.
If you use this code to deal with your data I would love to hear from you in the comments.
If you are running into issues with your code I have put everything in a ZIP file attached.
Participated in the
Safe and Secure Challenge