115 - PrivySwap tutorial

115- Encryption series: simple apps to encrypt things from your little brother or sister. Tutorial of:
PrivySwap v 1.0
===== written Nov.08.2011 by JCPMA ©

Summary
*Diffie-Hellman, Public Key Exchange Passkey manager
*Why: Stronger passwords
*Small portable
*Easy to use
*Private Key is kept secret
*Mutual Key is kept secret
*Public Key is not a secret

[screenshot: privyswap-ss22.png]
http://www.mediafire.com/download.php?zlluz1zoo8r8hmk
http://www.box.com/s/ugflzhcc7c8frc8vgvh3

Voon-Li Chung is one of my heroes. He wrote Privycrypt, an app for text encryption, and is the creator of PrivySwap, an app that simplifies Public Key Exchange. PrivySwap is a small portable program at under 400 KB for Windows. (Although somewhere in cyberspace there may exist a UNIX port of it.)

The point of Public Key Exchange is to enable encryption where the passkey need NOT be transmitted, and thus reduce risk of cracking.

Although it was created to be a companion program to Privycrypt, the beautiful part of PrivySwap is that the passkey it generates can be used in ANY encryption program which can handle its length (56 characters)!
For instance Scrambled Egg, Copyright (C) 2011 by Cristi Constantin.
Website : http://scrambled-egg.googlecode.com/ or similar type app.

Tips on using PrivySwap
===
-Just as both parties each require a copy of the encrypting software, so it is that both require a copy of the passkey manager, namely PrivySwap.
-Your Private Key can be up to 28 characters. It is something you think up yourself. Alternatively you can have a shorter Private Key and check the box "Expand private key to full length". It's best to have a long Private Key. Keep this a SECRET.
-Next, press the Compute Public button. This will generate your Public Key. Your Public Key is for all to see.
-Now clear the Public Key field. Obtain your friend's Public Key and paste it in the Public Key field. Make sure your own Private Key is in the Private Key field. Click the Compute Mutual button. This generates a Mutual (Pass)Key. Use this Mutual Passkey to encrypt your messages. Keep the Mutual Key a SECRET.
-At the other end, your friend would generates the same Mutual Key, but using their own Private Key and your Public Key. They will then decrypt your cipher-text using the Mutual Key.

The Copyright © holders have all rights reserved. The software and web documents are provided "as is" without express or implied warranty of any kind by the parties and contributors involved.

privyswap1_0.zip http://www.mediafire.com/download.php?tppmt94d7hedtl0
privyswap1_0.zip http://www.box.com/s/td0uhjeqsnfzdrxzzqt3

The contents of archive privyswap1_0.zip:
(MD5 of privyswap1_0.zip: 0DC41FB213332751CC9D5E03DAF90268)

- copy of privyswap.exe
(MD5 of privyswap.exe: a4553b13a781a7a9877cd2a30f715b06)
- copy of privyswap info & license (the readme file)
- quikguide.txt http://www.box.com/s/enuu9d68qu48kb961co6
- screen shot privyswap-ss22.png http://www.mediafire.com/download.php?zlluz1zoo8r8hmk http://www.box.com/s/ugflzhcc7c8frc8vgvh3

- crypton1.2 signature: privyswap1_0.sgn http://www.mediafire.com/download.php?eyk9dg9wfmq2830 http://www.box.com/s/psne4uxdrvmoip79c9j9

- crypton1.2 public key: jcpma2011-public-crypton-key_242A.pbl http://www.mediafire.com/download.php?3bruccy636bkd23 http://www.box.com/s/b4anqmo29hoqd1fovaov

privyswap filesharing directory http://www.mediafire.com/?38aewn13oah94
privyswap filesharing directory http://www.box.com/s/sl9bmt4ldgioov02g49q

- my privyswap public key is:
a21bc4ef48e722b90763e991544dba81aebca8b9df6deffdc038848f

(In the future if I find a javascript html version of PrivySwap or something similar to PrivySwap, I will definitely post a link to it!)

±±±± pre-amble of Public Key Exchange encryption
A casual/vague synonym for Public key exchange may be "Diffie-Hellman exchange" named after the duo who invented this type passkey encryption. They could be considered the grandparents of Public Key Exchange encryption. RSA, Elgamal, & DSA are some of the variations of this type of encryption†.
I'm most comfortable with traditional passkey use, the kind that does not involve a Public key exchange. Examples are many: webmail login; using a bank card at an ATM or retail shoppe; logging on to a computer; logging in to a blog account to post a blog entry; etc... This is much SIMPLER, but LESS SECURE. If someone guessed or found your password it would be easy for them to pretend to be you. Non-crucial information can be encrypted by any of the vast number of available encryption apps to prevent it from being viewed by nosy neighbors. It's fast and easy and most of the time it is adequate. However for sensitive data, Public key exchange types of software should be considered for encryption.

I was introduced to Public key exchanges when PGP, and GnuPG started to become popular. These programs secure email's text and email's file sending. (PGP doesn't really stand for Pretty Gconfusing Privacy, nor does GnuPG stand for Gnu Privacy Gconfusion.) It was a steep learning curve for me to just get a grasp of the basic/minimal concepts before I even touched any of the software.
This type of key use enables:
1. encryption targeted for a specific receiver.
2. a working hybrid key that is difficult to crack.

Public key exchange based programs like PGP, and GnuPG have a built in Key Manager. The key manager performs two crucial functions:
i.) It creates unique pairs of private-public keys.
ii.) It creates hybrids between your own private key and an external third-party public key (OR in some cases hybrids between the program's temporary key, your private key and an external third-party public key).

If anyone gets a hold of two public keys, it would be extremely difficult, if not impossible, for them to figure out the hybrid key. (If they were to get a hold of a private key,... well that's "a different story!").

(†)"Introduction to Cryptography" (Copyright 1999, Network Associates, Inc., Santa Clara, CA 95054 http://www.nai.com)
end of pre-amble ±±±±