Add free search for your website. Sign up now! https://webveta.alightservices.com/
Categories
Security

An approach for securing some sensitive content

In the past I have mentioned about having proper MFA enabled VPN in some of my Youtube videos on ALight Technology And Service’s official Youtube channel (https://www.youtube.com/@alighttechnologyandservicesltd), I have come across a free VPN known as Pritunl, and Pritunl has SSO support and YubiKey support as per the documentation located here. However there is a glaring security issue in the setup process. The passwords and keys are generated and shown in plain text. This is a very big problem. So, I thought I would create a set of two tools that would do the following:

Tool-1 (on the server):

  1. Accepts a Key, IV i.e prompts for Key and IV, but when these are entered, the tool would not display the values i.e does not output the key and IV entered on the screen (more like prompting for a password).
  2. Prompts for a command to run
  3. Executes the command, captures the standard output and standard input.
  4. If there is a error – displays on the screen
  5. If no error, encrypts the standard output and displays on screen.

Tool-2 (on the clientside – on the laptop)

  1. Generate a IV, Key for symmetric encryption.
  2. Copy the Key to clipboard when required (button click for Windows application or some kind of console press key)
  3. Copy the IV to clipboard when required
  4. Accept a block of string, decrypt and copy the plaintext into clipboard.
  5. Whenever anything is copied into clipboard, automatically clear clipboard after a configurable time such as 10 or 20 seconds.

With these 2 tools, I can generate a new Key, IV pair, launch the server tool, input the key, IV. Then I can run some command, get the keys or passwords generated by commands encrypted and displayed. I can copy the outputted value on server into the desktop app, then decrypt and use wherever I want.

These are tools not necessary everyday but definitely necessary, especially if being targeted by hackers, spies and ransom asking goons (aka takers / all). I am considering open sourcing the code for these 2 tools. This code can also serve as an introduction to symmetric encryption in C#. The code would also have some usage of System.Diagnostics.Process class. I might even do a live coding session, shouldn’t take longer than 15 – 20 minutes. If I do a live coding session, I would explain the concepts.

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.