New ciphering software for non-tech savvy activists

Hi,

I have developed a foss program that ciphers data. Target audiences are groups of non-tech savvy activists, not able or not willing to use programs such as Kleopatra or Veracrypt, that need to protect highly sensitive data that needs to be accessed after an unknown amount of time (could be weeks or months, i.e. only in case of emergency). An example are antirepressive files in case of arrest, that provide the arrestee’s colleagues with instructions on the arrestee’s needs (medication, pets to take care of, lawyer to contact etc.). In this example, threat actors are primarily authoritarian governments.

The program consists of a serverless HTML file intended to be used in Tails in the Tor Browser, and it offers a symmetric and an asymmetric cipher mode, and an asymmetric cipher mode that includes Shamir’s secret sharing for the decipher key.

It also has some extra features such as the option to export and import data from/to QR codes, and set default text fields (among other). The collective asymmetric cipher mode (the one with Shamir’s secret sharing), as you can see in the docs, is made to target the threat vector of police infiltrators or collaborators.

I have detailed the cryptographic processes as diagrams and other info in the repo:

https://0xacab.org/gilare/cinf/-/blob/no-masters/docs/asymmetric-collective.md

https://0xacab.org/gilare/cinf/-/blob/no-masters/docs/asymmetric.md

https://0xacab.org/gilare/cinf/-/blob/no-masters/docs/symmetric.md

The program is meant to be used collectively: e.g. a group of activists manage their files through a single key pair.

It would be awesome if somebody could take a look at the cryptographic processes and provide feedback, last thing I want to do is provide insecure software to my friends and other activists, and I want to make sure I have not made a mistake somewhere. This is not the first review iteration, but I just want to be completely sure before I mark my software as production ready.

If you know somebody that has the needed knowledge to review this I would greatly appreciate it if you could ask them to take a look <3

A demo: https://gilare.itcouldbewor.se/cinf/

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post

Don’t promote proprietary software

Try to keep things on topic

If you have a question, please try searching for previous discussions, maybe it has already been answered

Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience

Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)