Use digital One Time Pads
1 Install OneTime and create folders
The OneTime application is available as part of the Debian jessie repository – simply run the following: $ sudo apt-get install onetime If you’re using the Adafruit printer, you’ll also need rng-tools: $ sudo apt-get install rng-tools At this stage you may wish to create a folder for your pads: $ mkdir -p onetimepad/{bobtoalice,alicetobob} Use cd to go to the first folder, for example: $ cd home/pi/onetimepadbobtoalice
2 Generate random pads
The following commands create a 10MB block of random data, and splits it into numbered 1MB chunks, named bob_to_alice_0009 and so on. Feel free to change the numbers: $ sudo dd if=/dev/hwrng of=bob_to_alice.pad bs=1000 count=10000 $ sudo split -b 1000000 -d -a 4 bob_to_alice.pad bob_to_alice_ $ sudo shred -uz bob_to_alice.pad Repeat this for the “Alice to Bob” pad. Give your contact a copy of both pads.
3 Encrypt your data with OTP
Onetime has a simple format for encoding files: $ onetime -e -p ~/pathto/your.pad yourfile.ext So, for example: $ onetime -e -p ~/onetimepad/bobtoalice/bob_to_alice_0001 ~/Desktop/ kitten.jpg (The file must be smaller than the pad.) You’ll see alongside the original file a file with the same name and the .onetime extension. Make sure to run the shred command on the pad you just used and the original file.
4 Decrypting OTP messages
Once ‘Alice’ receives your message and has installed One Time, the command to run is simple, provided she has a copy of the same pads: $ onetime -d -p ~/pathto/your.pad yourfile.ext So in the example case we’re using: $ onetime -d -p ~/onetimepad/bobtoalice/bob_to_alice_0001 ~/ Downloads/kitten.jpg.onetime The decrypted file will appear in the same folder as the .onetime file. ‘Alice’ in turn should be sure to run the shred command on the pad and the encrypted file once decoded.