covert

module

v0.1.0 Latest Latest Go to latest Published: Jan 31, 2021 License: LGPL-3.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/crashdump/covert

Links

Open Source Insights

README ¶

Covert

Covert is a deniable encryption software.

Disclaimer

Covert is an early stage research prototype and comes with absolutely no warranty.

Description

"In cryptography and steganography, plausibly deniable encryption describes encryption techniques where the existence of an encrypted file or message is deniable in the sense that an adversary cannot prove that the plaintext data exists." – Wikipedia

Scenario

Deniable encryption allows the sender of an encrypted message to deny sending that message. This requires a trusted third party. A possible scenario looks like this:

Bob needs to travel to a country with a legislation that requires individuals to surrender cryptographic keys to law enforcement. That being the case, Bob wants to keep his private data out of their eyes, to protect his privacy. He creates two keys, one intended to be kept secret, the other intended to be sacrificed.

Bob constructs an innocuous message M1 (intended to be revealed to the secret police in case of discovery) and another one, containing the personal data M2 he does not want anyone to know about.

He constructs a cipher-text C out of both messages, M1 and M2, stores it on his device.

Bob travels to the country, passes the border control and later uses his key to decrypt M2 (and possibly M1, in order to read the decoy message, too).

The secret police arrest Bob and finds the encrypted blob on his device, becomes suspicious and forces Bob to decrypt the message.

Bob uses the sacrificial key and reveals the innocuous message M1 to the secret police. Since it is impossible for them to know for sure if there are other messages contained in C, they might assume that there are no other messages.

Goals

Bear in mind this project was created with the requirements below in mind, it may not suit your use case.

Requirements

Use known and proven cryptographic algorithms (AES-256, PBKDF2) and libraries.
The system must be mathematically indecipherable without the key.
The mechanism should not require secrecy, and it should not be a problem if it falls into enemy hands.
An adversary cannot prove concealed content exists without observing the program's execution during encryption.
Portable, without any system dependencies (statically linked binaries).
Does not require kernel or userspace filesystems.

Algorithms

Covert uses scrypt to hash the passphrases and AES256-GCM to encrypt the partitions.

Documentation

All the documentation lives in the docs folder.

How to

Technical details

Approach

License

GNU Lesser General Public version 3. See LICENSE.md

Directories ¶

Path	Synopsis
cmd
internal
aes/cbc
aes/gcm
msg
pkcs7
scrypt
srand
pkg
v1

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL