Cryptopuck is intended to provide a portable, discrete and hassle-free solution for encrypting USB flash drives, SD cards or other removable media. Whether you are a reporter on a war-front, a photographer at a demonstration that gets cracked down by the police, a developer at the office in need to transfer proprietary files on USB sticks or just a privacy-minded individual, Cryptopuck is for you. If you need your drive to be encrypted without wasting time or attracting attention by pulling out a laptop, just plug it in Cryptopuck and… it is encrypted! Only the holder of the private key can decrypt them, enabling you to plausibly claim incapable of decrypting the files, as the private key could be handled by somebody else, e.g. your customer or boss. It uses public key cryptography, so even if the Cryptopuck falls into the wrong hands, it is unable to decrypt the files. Βefore deploying the Cryptopuck on the field, keep in mind it is a proof-of-concept system that toys around with the idea of a portable gadget that encrypts your removable media. It incorporates hardware and software which have neither been audited nor designed for security-critical applications. There is absolutely no guarantee that your files will be safely encrypted or remain in tact after using Cryptopuck.
A portable device that encrypts removable media, how hard can it be? Well, apparently not that much. Despite not having any particular previous experience with encryption, I vaguely knew that asymmetric encryption allowed the ciphering of data using a public key that can be shared freely and decrypting with a private key that has to be safeguarded and kept, well, private. I assumed this should be the way to go instead of symmetric encryption where data is encrypted and decrypted using the same key, e.g. a password. This is preferred since the Cryptopuck could fall into the wrong hands or its owner “coerced” to supply the key to decipher the files.
Not knowing any better, the first thought was to use a trusted 8-bit microcontroller to do the job. The idea was to have the gadget in a low power state when inactive, turn it on when a drive is inserted, mount it and then encrypt it. To my surprise, I easily found a library with Arduino implementations of many well known cryptographic algorithms. However, as one would expect 8-bit microcontrollers are way too slow to handle considerable amounts of data and are not so secure when it comes to generating random numbers. Moreover, I also realized that asymmetric algorithms are not designed to encrypt en masse, i.e. files, since this is neither quick nor necessarily safe. Apparently, the standard approach includes encrypting data symmetrically with a randomly generated key and then encrypting that key asymmetrically. It was at that moment the idea of using a low-end microcontroller was buried away.
Each Friday is PiDay here at Adafruit! Be sure to check out our posts, tutorials and new Raspberry Pi related products. Adafruit has the largest and best selection of Raspberry Pi accessories and all the code & tutorials to get you up and running in no time!