Skip to content

Call for action: Please send me an encrypted file

tl;dr: Please encrypt a file and send it to me together with a (short) description, how I can make it readable for me.

Everyone is talking about encryption and nobody does it. This is a short summary of my initial asumption. Did you ever try to encrypt a file and to send it someone? How did you do it?

This is a fairly simple and basic task which you can present in a beginner’s course:

Assume another person uses a public computer (Internet cafe, library, etc.). You want to send a file to this person and keep the content confidential to other people. Encrypt a file on your computer and send it to the person.

I ask myself how you would do it. Thatswhy I decided to conduct a little experiment: Dear reader, please encrypt a (no so big) file and send it to me (via mail to, you can use my PGP key if you like, comment this post or use some other means to contact me). Add some information which to decrypt the file. You have no idea how to do this? I desperately want to know about it. Please write a mail or leave a comment. You tried and failed? I desperately want to know about it. Please write a mail or leave a comment. I would like to know how easy or hard this task is.

I plan to analyse the data on a anonymous basis and will introduce some tools in later posts.


Qbi's Weblog am : Zahlen zum Verschlüsselungsexperiment

Vorschau anzeigen
Ich hatte euch gebeten, mir eine verschlüsselte Datei zu schicken. Die An- und Vielzahl der Antworten war überwältigend. Vielen Dank an alle, die mitmachten! Doch was kam dabei heraus? Unten findet ihr eine Auswertung in Zahlen: Insgesamt erhielt ich k


Ansicht der Kommentare: Linear | Verschachtelt

rozzin am :

This text was sent TLS-encrypted to your webserver. It was automatically decrypted upon receipt.

rozzin am :

Hmm.... Here’s an example that will at least probably not be automatically decrypted:


Decode the above ciphertext by piping it through “openssl base64 -d | sudo openssl pkeyutl -decrypt -inkey /etc/letsencrypt/live/” (substituting the correct path to the private key on the server, if “/etc/letsencrypt/live/” is not the correct path).

Jens Kubieziel am :

Thanks for your effort. However your text is just Base64-encoded, not encrypted. Everyone can “decrypt” it by just Base64-decoding it.

rozzin am :

Well, it should be obvious to everyone reading the text decoded form the base64 that it was actually supposed to be something more like this:


(and it should be clear only to Jens, or to whomever has admin access to the server..., that it was actually supposed to be exactly that)

There’s a lesson here about “quick + clever hacks for security”....

I also just sent you an e-mail with an enigmail-enabled Thunderbird (though not with an engimail-enabled _identity_, and without having your public key in advance), to see how the process degraded.

That e-mail ended up being sent with no encryption: after having explicitly selected the option to encrypt the message in my default, enigmail-enabled profile, I selected an auxiliary profile (different sending e-mail address) which had not had enigmail enabled, and the decision to encrypt was `quasi-silently’ discarded (quietly enough that I managed to not notice).

Jens Kubieziel am :

Now it worked. This is quite an interesting approach. Thanks for your efforts.

rozzin am :

Interestingly, _someone_ has published an OpenPGP key marked for

$ gpg --verbose --search
gpg: data source:
2048 bit RSA key 92D4F7628F0E7F25, created: 2018-02-01
Keys 1-1 of 1 for “”. Enter number(s), N)ext, or Q)uit >

It has no signatures on it.

If someone other than you generated that, it seems like a bit of an odd thing to have done--since an actual attacker hoping to decrypt and read e-mail destined for that address would have to be in a position to even receive/intercept the encrypted e-mail .

Maybe someone was hoping to read secrets posted to your blog comments, though.

Jens Kubieziel am :

This is really strange. I put out a warning in German (and also a request to send my the private part :-))

Atari-Frosch am :

I sent you a text file attached to an e-mail, sent and encrypted with Thunderbird/Enigmail to the given email address, using your well known public key. :-)

rugk am :

here is a link:
(using PrivateBin, see

Password sent via mail.
Attention: You can only open it once, afterwards it destroys itself.

Sky am :

Yes to Atari-Frosch who used enigmail - I’ve used it and it’s easy. I sent you an actual encrypted file just now using GPGTools/OpenPGP on OSX to encrypt the file. On OSX the encryption process is a single right-click (context-sensitive menu) to encrypt, plus type a password. Same for decryption if you install GPGTools. You can install it on a public computer, create no key (or a garbage key if required), decrypt my message (password encrypted only - no PGP key required) and throw away the GPGTools install afterward if you wish.

Typically I would not separately encrypt a file - I would attach it within an encrypted message. GPGTools on OSX makes this so easy you don’t even notice it’s happening.

Kommentar schreiben

Umschließende Sterne heben ein Wort hervor (*wort*), per _wort_ kann ein Wort unterstrichen werden.
Standard-Text Smilies wie :-) und ;-) werden zu Bildern konvertiert.
BBCode-Formatierung erlaubt
Die angegebene E-Mail-Adresse wird nicht dargestellt, sondern nur für eventuelle Benachrichtigungen verwendet.

Um maschinelle und automatische Übertragung von Spamkommentaren zu verhindern, bitte die Zeichenfolge im dargestellten Bild in der Eingabemaske eintragen. Nur wenn die Zeichenfolge richtig eingegeben wurde, kann der Kommentar angenommen werden. Bitte beachten Sie, dass Ihr Browser Cookies unterstützen muss, um dieses Verfahren anzuwenden.