Turnstile encrypts data so that it can only be decrypted on another computer (and can’t be decrypted on the encrypting computer).
Cryptographically, Turnstile is just a wrapper around libsodium’s box. Similar functionality could be acheived with an ECIES variant.
Encrypting
- The source computer makes an ephemeral keypair.
- The source’s private key is used with the target’s public key to make the precomputed key.
- The precomputed key is used to encrypt the message.
- The source’s public key is part of the encrypted message, but otherwise not kept.
- The source’s private key is discarded.
Decrypting
- The target computer has a long-lived keypair.
- The target’s private key is used with the source’s public key (contained in the encrypted message) to make the precomputed key.
- The precomputed key is used to decrypt the message.
Uses Cases
Logging
Piping logs through Turnstile causes logs to be readable only after moving them off-box, to
the computer with the target private key. This means that historical logs are protected if a
webserver, for example, is compromised.
Encrypting Files
If you are given a recipient’s public key, you can encrypt data and put it in a public place,
knowing that only they can decrypt it. (You can’t even decrypt it yourself, so you’d better keep
the original, if it’s needed.)
Usage
Creating a base62 ed25519 key on the target machine:
target:/some/dir $ turnstile keygen
new secret key written into /home/fadedbee/.turnstile/i8q8p2L8gZpZsPD8NRcTiFfQHLfrhoq3IvsaEwWzPJH.secret
Encrypt a stream on the source machine:
source:/other/dir $ echo "hello world" | turnstile encrypt i8q8p2L8gZpZsPD8NRcTiFfQHLfrhoq3IvsaEwWzPJH > filename.txt.t7e
Encrypt a file on the source machine:
source:/other/dir $ turnstile -i filename.txt -o filename.txt.t7e encrypt i8q8p2L8gZpZsPD8NRcTiFfQHLfrhoq3IvsaEwWzPJH
Decrypt a stream on the target machine:
target:/some/dir $ cat filename.txt.t7e | turnstile decrypt
hello world
(filename.txt.t7e contains the target’s public key. Decryption reads the associated secret key from /home/fadedbee/.turnstile/i8q8p2L8gZpZsPD8NRcTiFfQHLfrhoq3IvsaEwWzPJH.secret.)
Decrypt a file on the target machine:
target:/some/dir $ turnstile -i filename.txt -o filename.txt.t7e -o decrypted.txt decrypt
target:/some/dir $ cat decrypted.txt
hello world
Stream/File Format for Version 1.0.X.##
Header:
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|FA|DE|DB|EE|t |u |r |n |s |t |i |l |e |Version |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| |
+ Encryptor's Public Key +
| |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| |
+ Intended Decryptor's Public Key |
| (informational only) |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| Initial Nonce |
+ +--+--+--+--+--+--+--+--+
| |
+--+--+--+--+--+--+--+--+
Chunks:
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| Len | |
+--+--+ +
| |
+ Ciphertext +
| |
v v
Final Chunk:
Documentation of trade-offs anmd compromises.
Requiring private keys to be contained in files (in ~/.turnstile)
It would have been possible to specify target secret keys on the command line, rather than
using ~/.turnstile.
This would be insecure for multi-user machines, as ps and top show the
command line arguments of other users.
Using Base62
- Base64 is more common, but needs to be quoted in shell commands and does not cut and paste easily.
- Base58 has guards which might be useful for hand-typing keys, but is longer and variably sized.
- In a nice coincidence, 43 base 62 digits provide 256.03 bits. log2(62)*43 == 256.03
Including the Target Public Key in the Encryption Output
There is no need for the target public key to exist in the encryption output.
Pros:
- Allows decryption to only try one secret key, rather than all that it knows.
- Users can in
