Ariel Costas' Blog

Why breaking encryption is a bad idea

During the last few years many governments have tried to ban end-to-end encryption with the excuse of trying to “prevent terrorism”. However, this is not only a stupid measure, but it’s just another attempt to being able to spy all the citizens' private communications.

The Guardian published some hours ago UK may force Facebook services to allow backdoor police access. Let’s discuss how this end-to-end encryption works, why it is a terrible idea to break it and how to communicate privately if this measure fails (first rule is to not rely on Facebook).

Why not to break encryption

Encryption is the best way to communicate without any third-party knowing what you’re talking. If you’re an individual, you might be talking about what you want to buy, search symptoms of some disease you could have or rant about how bad your government is.

This is awful! It means in the best of the cases you’ll only get ads for something you want to buy, in the second case, means private healthcare insurance might give you a higher price “just in case” (this doesn’t happen in Europe, but in the US you still rely on private insurance). And in the last one, the government might be somewhat totalitarian and try to put you in jail for speaking against it (what happens in China or any other dictatorship).

How to communicate privately

The solution is PGP encryption+signing. This technology is based on public keys, where there are two keys: one is public and the other one is private (and must be well protected, usually with a passphrase and special permissions in the OS).

With the private key you sign, so people can read the message with your public key and know it’s you. That signature is undeniable, so you can’t then say “I didn’t send that”, because that would mean someone got access to your private key and the passphrase that protects it (more on this later).

With the public key you encrypt, so only the person with the corresponding private key can read that message. This is probably what you want most, because it’s a warranty nobody in the middle can know the content of the message, even if it’s sent via unsecured channels.

An example

Let’s give an example of two people: A and B; or better known as Alice and Bob. They want to communicate privately, so they generate a key-pair (a private and a public key) each. Then they exchange their keys through a trustable medium, in which they know they have the correct key.

Alice wants to send a message to Bob, so what she would do is encrypt the message with Bob’s public key, so only he can read it. But here comes the first problem: how does Bob know the message comes from Alice and not anyone else who says to be her? The solution is simple: Alice will first sign her message with the private key, and then encrypt that signed output with Bob’s public key. This way, ladies and gentlemen, is how end-to-end communication works.

But we skipped something: how do they exchange keys? The ideal way would probably be meeting physically with a flash drive and exchange the key that way. But that’s not viable many times, because people communicate from big distances. Another way is to publish it somewhere (like a website or a key server) and the other person just download it and import it to their key manager (e.g. GnuPG).

How to apply this in real life

Great, examples are cool and all that, but… How do I do this? Well, the first step is to generate your key pair. For that, I’m going to use GnuPG (GPG), which is usually included in GNU+Linux distributions (e.g. Ubuntu, Debian, Fedora…) and can be downloaded in Windows and macOS from https://gnupg.org/download/.

Generating and distributing a key

The first step is to create your key pair, for what you’ll use $ gpg --full-gen-key. It will ask you for the kind of key you want, which is RSA and RSA. For the key size, you can choose whatever you want, 3072 or 4096 are the recommended sizes. Then you just specify some extra data and will ask you to choose a passphrase. This is important, because you want to protect the private key from being used by anyone else without you knowing.

Once you have your key, you can sign messages for others and encrypt them for yourself. But for others to communicate with you, they need your key. So, just export it with $ gpg --armor --export your@email.com. The –armor flag forces an ASCII armor, so you can send it via email or upload it somewhere without any encoding issues. Another step you might want to take is upload it to key servers like https://keys.openpgp.org, so anyone can download it from their client.

Signing messages

Now you’re fully set up, you can try and sign a message. First, you write it on a text editor (like Notepad or Notepad++, not Office). After saving it, you can sign it using $ gpg --armor --sign /path/to/message, and after typing in your passphrase you’ll get another file in that directory, containing the signed message, named the same but with a .asc extension. That’s your signed message. Anyone with your public key can verify undeniably that was sent by you.

Encrypting messages

But what you wanted to do was to send encrypted messages, so you need the other person’s public key too. So, let’s receive their key from the keyserver ( supposing they used one), what you’ll do is run $ gpg --keyserver https://your.keyserver.org --recv-keys your@friends.email replacing the –keyserver for the actual server, and the address for the real one. If the key is not in a server, and it’s on a normal server, you can download it with your browser and run $ gpg --import /path/to/downloaded/key, or use something like cURL from the terminal.

// receive the key and |pipe| it to GnuPG
curl -f https://thewebsite.com/key.gpg | gpg --import 

Once you have the message and the public key, you can finally proceed to encrypt the message running $ gpg --armor --sign --encrypt -r your@friends.email message.txt. What you’re saying is basically “Hey gpg, using ASCII-armor, sign with my key this message, and encrypt it so only the –recipient your@friends.email can read it with their private key”.

Try doing this for your own email, you’ll get a .asc file, which decrypted (with $ gpg --decrypt file.asc)will look like the following:

ariel@linux:~ $ gpg --decrypt test.asc 
gpg: encrypted with 4096-bit RSA key, ID D0708A9C6729EEA1, created 2021-03-14
      "Ariel Costas <ariel@costas.dev>"
Hi there

this is a signed message for my blog post

Goodbye
gpg: Signature made Fri 02 Apr 2021 01:40:37 PM CEST
gpg:                using RSA key CC460CB965540CEABF6F237C0813EA757FA7AAE6
gpg: Good signature from "Ariel Costas <ariel@costas.dev>" [ultimate]

This confirms the following:

Conclusion

It’s quite easy to communicate in an encrypted manner, either for normal usage or for organizing bad stuff. Which means, breaking WhatsApp’s encryption would be useless.

Dear governments who might be reading this, stop trying to use dumb excuses to legalize spying on your citizens, that’s not ok. Everyone deserves to have private conversations without the state controlling them. And for those who support breaking encryption, I invite you to publish ALL YOUR INBOXES and messages exchanged ever.