Call for action: Please send me an encrypted file
tl;dr: Please encrypt a file and send it to me together with a (short) description, how I can make it readable for me.
Everyone is talking about encryption and nobody does it. This is a short summary of my initial asumption. Did you ever try to encrypt a file and to send it someone? How did you do it?
This is a fairly simple and basic task which you can present in a beginner’s course:
Assume another person uses a public computer (Internet cafe, library, etc.). You want to send a file to this person and keep the content confidential to other people. Encrypt a file on your computer and send it to the person.
I ask myself how you would do it. Thatswhy I decided to conduct a little experiment: Dear reader, please encrypt a (no so big) file and send it to me (via mail to, you can use my PGP key if you like, comment this post or use some other means to contact me). Add some information which to decrypt the file. You have no idea how to do this? I desperately want to know about it. Please write a mail or leave a comment. You tried and failed? I desperately want to know about it. Please write a mail or leave a comment. I would like to know how easy or hard this task is.
I plan to analyse the data on a anonymous basis and will introduce some tools in later posts.
Qbi's Weblog am : Zahlen zum Verschlüsselungsexperiment
Vorschau anzeigen
Kommentar wurde hinzugefügt. Hinweis: Dieser Kommentar wird ohne Bewilligung nicht dargestellt.
Ansicht der Kommentare: Linear | Verschachtelt
rozzin am :
rozzin am :
Decode the above ciphertext by piping it through “openssl base64 -d | sudo openssl pkeyutl -decrypt -inkey /etc/letsencrypt/live/” (substituting the correct path to the private key on the server, if “/etc/letsencrypt/live/” is not the correct path).
Jens Kubieziel am :
rozzin am :
(and it should be clear only to Jens, or to whomever has admin access to the server..., that it was actually supposed to be exactly that)
There’s a lesson here about “quick + clever hacks for security”....
I also just sent you an e-mail with an enigmail-enabled Thunderbird (though not with an engimail-enabled _identity_, and without having your public key in advance), to see how the process degraded.
That e-mail ended up being sent with no encryption: after having explicitly selected the option to encrypt the message in my default, enigmail-enabled profile, I selected an auxiliary profile (different sending e-mail address) which had not had enigmail enabled, and the decision to encrypt was `quasi-silently’ discarded (quietly enough that I managed to not notice).
Jens Kubieziel am :
rozzin am :
$ gpg --verbose --search
gpg: data source:
2048 bit RSA key 92D4F7628F0E7F25, created: 2018-02-01
Keys 1-1 of 1 for “”. Enter number(s), N)ext, or Q)uit >
It has no signatures on it.
If someone other than you generated that, it seems like a bit of an odd thing to have done--since an actual attacker hoping to decrypt and read e-mail destined for that address would have to be in a position to even receive/intercept the encrypted e-mail .
Maybe someone was hoping to read secrets posted to your blog comments, though.
Jens Kubieziel am :
Atari-Frosch am :
rugk am :
here is a link:
(using PrivateBin, see
Password sent via mail.
Attention: You can only open it once, afterwards it destroys itself.
Sky am :
Typically I would not separately encrypt a file - I would attach it within an encrypted message. GPGTools on OSX makes this so easy you don’t even notice it’s happening.