Use digital One Time Pads
INSTALL ONETIME AND CREATE FOLDERS
The OneTime application is available as part of the Debian jessie repository — simply run the following:
$ sudo apt-get install onetime If you’re using the Adafruit printer, you’ll also need rng-tools:
$ sudo apt-get install rng-tools At this stage, you may wish to create a folder for your pads:
$ mkdir -p onetimepad/{bobtoalice,alicetobob} Use cd to go to the first folder, for example:
$ cd home/pi/onetimepadbobtoalice
GENERATE RANDOM PADS
The following commands create a 10MB block of random data, and splits it into numbered 1MB chunks, named bob_to_ alice_0009 and so on. Feel free to change the numbers:
$ sudo dd if=/dev/hwrng of=bob_to_ alice.pad bs=1000 count=10000
$ sudo split -b 1000000 -d -a 4 bob_to_ alice.pad bob_to_ alice_
$ sudo shred -uz bob_to_ alice.pad Repeat this for the “Alice to Bob” pad. Give your contact a copy of both pads.
ENCRYPT YOUR DATA WITH OTP
OneTime has a simple format for encoding files: $ onetime -e -p ~/pathto/your.pad yourfile. ext So, for example:
$ onetime -e -p ~/onetimepad/bobtoalice/bob_ to_ alice_ 0001 ~/Desktop/kitten.jpg (The file must be smaller than the pad.) You’ll see alongside the original file a file with the same name and the .onetime extension. Make sure to run the shred command on the pad you just used and the original file.
DECRYPTING OTP MESSAGES
Once ‘Alice’ receives your message and has installed OneTime, the command to run is simple, provided she has a copy of the same pads:
$ onetime -d -p ~/pathto/your.pad yourfile.ext So in the example case we’re using:
$ onetime -d -p ~/onetimepad/bobtoalice/bob_ to_ alice_ 0001 ~/Downloads/kitten.jpg.onetime The decrypted file will appear in the same folder as the .onetime file. ‘Alice’, in turn, should be sure to run the shred command on the pad and the encrypted file once decoded.