Cipherbox V3.0 Lite

by Northstrix in Circuits > Microcontrollers

631 Views, 0 Favorites, 0 Comments

Cipherbox V3.0 Lite

IMG_20221028_122705_hdr.jpg

While developing the Cipherbox, I put a lot of effort into making it as secure as possible, but I've completely forgotten about making it as affordable as possible. So, it's time for me to fix that mistake.

Cipherbox V3.0 Lite is the "affordable" version of the Cipherbox!

Cryptographically speaking - the Cipherbox V3.0 Lite is the same as the Cipherbox V3.0 (except for the key derivation function).

But unlike the Cipherbox V3.0, which requires a relatively expensive TFT display, Arduino UNO, RFID card reader, and four RFID cards, the Cipherbox V3.0 doesn't need all these components. It only requires an ESP32, Nokia 5110 LCD, EC11 Rotary Encoder, and other cheap components.

Supplies

IMG_20221028_162142_hdr.jpg
  • ESP32 x1
  • Nokia 5110 LCD with PCD8544 x1
  • EC11 Rotary Encoder x1
  • 4.7k resistors x7
  • 22nf capacitors x2
  • Buttons x2
  • 10µF capacitor x1 *optional

Encryption Algorithms

BASA.png
ASA.png
BS.png
AS.png
S.png
3d.png

Out of 6 encryption algorithms utilized by this device, 4 perform something called superencryption (the first four on the list).

As defined by NIST, superencryption is an encryption operation for which the plaintext input to be transformed is the ciphertext output of a previous encryption operation.

Organizing encryption algorithms in that way allows us to easily build a combined encryption algorithm that is at least as strong as the strongest one in the cascade, has a longer key, might be more resistant to some attacks, and might produce a ciphertext with higher entropy. Anyway, it won't hurt to have an additional layer of security (or several of them).

Now, let's get to the description part.

First of all, I would like to state these three facts:

  1. All encryption algorithms utilized by this device are symmetric (the same key is used to both - encrypt and decrypt data);
  2. All encryption algorithms utilized by this device make use of the integrity verification feature.
  3. All encryption algorithms utilized by this device make use of the key incrementation and random numbers during the encryption process to prevent the chosen-plaintext attack and increase the entropy of the ciphertext.

As for the encryption algorithms themselves:

  • Blowfish + AES + Serpent + AES is the strongest encryption algorithm utilized by this device. It takes 8 characters as input and produces 64 characters long output. (I bet it can also be classified as quantum-resistant);
  • AES + Serpent + AES is almost the same as Blowfish + AES + Serpent + AES, except for the Blowfish part;
  • Blowfish + Serpent is an encryption algorithm that takes 8 characters as input and produces 32 characters long output;
  • AES + Serpent is a bit weaker than the first two but still strong enough to keep your data secure. It takes 8 characters as input and produces 32 characters long output;
  • The Serpent is the bare minimum for keeping your data secure. It takes 8 characters as input and produces 32 characters long output;
  • The 3DES is an outdated and the least secure encryption algorithm utilized by this device. Although you can still use it to encrypt your data, I wouldn't recommend it for anything sensitive. I've only included this algorithm for you to play with. It takes 4 characters as input and produces 16 characters long output.

Don't forget that there's also an encrypted tag attached in front of the encrypted string.

Integrity Verification

F4B38QUL8U7R56J.png

The Cipherbox V3.0 is the second version of the Cipherbox that utilizes the integrity verification feature, the absence of that feature was (in my opinion) somewhat of a nearly-grave vulnerability present in the first version of the Cipherbox. Although that wouldn't've allowed the attacker to decrypt your ciphertexts, that would've allowed the attacker to forge a new ciphertext using the legitimate ciphertexts produced by the Cipherbox.

Let me explain how it works (and how it won't work anymore). The Cipherbox V1.0 was in no way an easy target. It's been already protected from the brute-force attack, chosen-plaintext attack, and "somewhat protected" from the block-swapping attack. I wrote "somewhat protected" because even though an attacker couldn't change the block order within the ciphertext without causing it to become at least partially undecryptable, an attacker could still swap the block N1 of the ciphertext N1 with the block N1 of the ciphertext N2, they could swap the block N2 of the ciphertext N1 with the block N2 of the ciphertext N2, so on and so forth.

By doing so, an attacker could forge a new ciphertext that would appear legitimate to Cipherbox 1 and even would've been decrypted correctly.

To fix that vulnerability, I've used HMAC-SHA256 (Hash-Based Message Authentication Code) to verify the integrity of the information encrypted by the Cipherbox. Unlike the usual hash function that only takes a string-to-be-hashed as an input, HMAC also takes the key to make sure that even if an attacker gets their hands on the hashes, stuff like the rainbow table will be useless.

Now let me show you how it works in practice.

Before I continue, I would like to remind you that I DO NOT ENCOURAGE HACKING IN ANY WAY!!!

I hacked MY OWN Cipherbox because I wanted to show you how the integrity verification feature works and why it's crucial to have it.


Let's suppose that there are three records stored in the encrypted form:

  • Send John Smith $100
  • Send Anna Smith $250
  • Send Mark Brown $500

An attacker obtained physical access to the device and extracted the database from it.

An attacker found these three Ciphertexts that they're unable to decrypt. But, let's suppose that an attacker knows where the ciphertext with the value of the bonus for Mark Brown is stored, which block has the encrypted value of the bonus, and where the ciphertext with the value of the bonus for John Smith is stored. Let's suppose that attacker knows that the bonus received by Mark Brown is more than the bonus received by John Smith, and an attacker wants to increase the bonus for John Smith. To do so, the attacker takes the block with the encrypted value of the bonus for Mark Brown and replaces John Smith's bonus with Mark Brown's bonus. That trick would've worked with Cipherbox 1, and the forged ciphertext "Send John Smith $500" would've been decrypted without any problems. Cipherbox 3 (and also Cipherbox 2) would decrypt that ciphertext too. But unlike Cipherbox 1, a later version of the Cipherbox computes a tag for each plaintext and then prints that tag in an encrypted form. When Cipherbox 3 (and also Cipherbox 2) decrypts the ciphertext, it also decrypts the tag and computes the new tag for the decrypted text. It then compares both tags. If these tags don't match, it turns the decrypted text red and throws the alert "Integrity verification failed!"


*All names demonstrated here are entirely fictitious. Any similarity to actual persons, living or dead, is purely coincidental.


Create a Free ThingSpeak Account

FT1G1FBL8K7LPHP.png
F1RS083L8K7LPHY.png
FI1LHNZL8K7LPHZ.png
FFD4UY5L8K7LPI8.png
FZ2489ML8K7LPI9.png
FMYYWS9L8K7LPIA.png
FN4VWOVL8K7LPIB.png
FLL9K4FL8K7LPIC.png

To store notes in the cloud, you need a ThingSpeak account. A free ThingSpeak account allows you to send data to it 3,000,000 times a year.

To create a free ThingSpeak account:

  1. Go to thingspeak.com and click the "Get started for free" button;
  2. On the next page, click the "Create one!" hyperlink;
  3. In the form that should appear after that. Enter your email, first name, and last name. And click the "Continue" button;
  4. Open your email and find a letter from "service@account.mathworks.com";
  5. Open that letter and click the "Verify email" button on it.
  6. Now, get back to the tab demonstrated in picture 4 and click the "Continue" button;
  7. Set the password for your account and click the "Continue" button;
  8. Click the "OK" button.

*All credentials demonstrated here are fictional. Any similarity to actual credentials is purely coincidental.

Create New Channel

FTEFRNSL8U7QYT4.png

To create a channel:

  1. Click "Channels" -> "My Channel";
  2. On the page that will open, click the "New Channel" button;
  3. Check the checkbox right of "Field 2";
  4. Name the channel and fields however you want;
  5. Scroll down and press the "Save channel" button.

Get the Channel's ID and API Keys

F5V99XLL8RCTY4L.png

To work with the channel - you need its ID, Write API Key, and Read API Key.

To get the channel's ID, Write API Key, and Read API Key - open the channel and go to the "API Keys" tab.


The values demonstrated on the screen are:

Channel ID: 1234567

Write API Key: A1B2C3D4E5F6G7H8

Read API Key: K9L8M7N6O5P4Q3R2


*Channel ID and API Keys demonstrated here are entirely fictitious. Any similarity to the actual channel ID and API keys is purely coincidental.

Install Drivers and Configure Arduino IDE *Optional

If you've never flashed ESP32 before. You'll need to configure Arduino IDE and install drivers to upload the firmware to the board.

You can find the CP210x driver for ESP32 here: https://www.silabs.com/developers/usb-to-uart-brid...

In case you don't have Arduino IDE, you can download it here: https://www.arduino.cc/en/software

Configuring IDE isn't a part of this tutorial, you can read about it here: https://randomnerdtutorials.com/installing-the-esp...

Download Firmware

df.png

You can download the firmware from one of the three sources.

GitHub: https://github.com/Northstrix/Cipherbox

SourceForge: https://sourceforge.net/projects/mcu-cipherbox

OSDN: https://osdn.net/projects/cipherbox

The reason why I've uploaded the firmware to SourceForge and OSDN is that I realized that not everyone needs a 166Mb archive from Github with the firmware for all versions of the Cipherbox, photos, and lots of extra code.

For comparison, the archive with the firmware hosted on SourceForge and OSDN weighs less than 0.1Mb.

Download and Install the Libraries

Adafruit-GFX-Library: https://github.com/adafruit/Adafruit-GFX-Library

Adafruit-PCD8544-Nokia-5110-LCD-library: https://github.com/adafruit/Adafruit-PCD8544-Nokia-5110-LCD-library

Adafruit_BusIO: https://github.com/adafruit/Adafruit_BusIO

esp32_arduino_sqlite3_lib: https://github.com/siara-cc/esp32_arduino_sqlite3_lib

EncButton: https://github.com/GyverLibs/EncButton

espsoftwareserial: https://github.com/plerup/espsoftwareserial/

thingspeak-arduino: https://github.com/mathworks/thingspeak-arduino


The process of unpacking libraries is typical. You can unpack the content of the archive into the folder: ...\Arduino\libraries. Or open the Arduino IDE, click Sketch -> Include Library -> Add .ZIP Library... and select every archive with the library.

Although, I provided you a link to the "thingspeak-arduino" library, I would advice you to install that library via the Library Manager (Sketch -> Include Library -> Manage Libraries...).


Other required libraries are already present in one way or another.

Install ESP32 Filesystem Uploader

FEWRVR2L8SS9D2Y.png

The primary purpose of the ESP32 Filesystem Uploader is to let you upload files into ESP's filesystem. In this tutorial, the purpose of this tool is to upload an empty SPIFFS image into ESP.

Download the "ESP32FS-1.0.zip" file here https://github.com/me-no-dev/arduino-esp32fs-plugin/releases/

And then extract the content of that archive into the "...\Arduino\Tools\" folder.

After that, restart the Arduino IDE.

Format ESP32'S Built-In Flash Memory

mk.png

Click Tools -> ESP32 Sketch Data Upload. Then click Yes in the pop-up window. The program is going format the built-in flash memory.

Some boards will flash without any problems.

Unfortunately, that's not the case for all boards. If you configured IDE correctly, installed drivers, selected the corresponding port, and still keep getting this error: A fatal error occurred: Failed to connect to ESP32: Timed out waiting for packet header. Connect a 10µF capacitor to the board while flashing.

Connect the positive lead of the capacitor to the EN pin of the ESP32;

Connect the negative lead of the capacitor (usually indicated by the gray stripe) to the GND pin of the ESP32.

Don't forget to disconnect the capacitor after the board flashes.

Generate Keys

keys.png

To make the unauthorized deciphering of your data computationally infeasible - It is crucial to generate your own keys and never reuse them.

The best way to generate the keys is to throw 20-sided dice.

If you get a number from 1 to 9, write it down.

If you get a number from 10 to 15, write down a letter corresponding to that number.

10 = A;

11 = B;

12 = C;

13 = D;

14 = E;

15 = F.

If you get 20, write down 0.

If you get something else, don't write anything and throw the dice again.


There's also an easier option.

I modified one of my previous projects to work as a random number generator, the generated output seems "random enough" for me, but I haven't run any tests. So, I can't guarantee that it's random.

Use it at your own risk.

To generate the keys - launch gen.exe from the "Cipherbox-main\V3.0\Untested RNG" folder, and then click the "Generate keys for Cipherbox V3.0" button. The background turns from black to blue when you press that button.

Modify the Firmware

mf.png

Open the file "Firmware_for_ESP32.ino", scroll down a bit, and then replace my values of the ssid, password, myChannelNumber, myWriteAPIKey, myReadAPIKey, hmackey, Blwfsh_key, key, serp_key, second_key, and TDESkey with yours.

Flash the ESP32

f.png

Upload the firmware from the folder "Firmware_for_ESP32" into the ESP32.

Assemble the Cipherbox V3.0 Lite

Cipherbox Circuit Diagram.png

I know that the circuit diagram is a bit tangled, but believe me, it's not as bad as it looks, especially after you've started assembling the device.

*I didn't specify where to connect the Nokia5110 LCD's BL pin because some versions of this display require you to connect it to the GND, while others request you to connect it to 3.3V.

The version of the display that I work with requires that pin to be connected to the GND.

Log In

IMG_20221028_122949_hdr.jpg
IMG_20221028_124442_hdr.jpg
IMG_20221028_124606_hdr.jpg

Well, it's more like "sign up and immediately log in" the first time you're entering a new username. Every other time, it's just "log in."

You can enter any username and password you want, just make sure to keep them both secret. Let me explain why. The username determines the name of the database that will be used to store your notes, while the password is used in the key derivation process.

If an attacker discovers your username, an attacker will be able to delete all records with your logins, credit cards, and notes. If an attacker approximates four RFID cards that you use to unlock the device in the right order and discovers your username and password, an attacker will be able to decrypt all your data.

Although if you don't need the vault capabilities and only want to use ciphers, you can log in under any username or leave the username field empty. Just make sure to always enter the same password, or you won't be able to decrypt your ciphertexts.


Double-click the encoder button to move to the next tab.


I got the verification number "1295" for the password "ABCDEFGHIJKLMNOPQRSTUVWXYZ9876543210abcdef"


After logging in and getting to the main menu.

  • Turn the rotary encoder to the right to go down the menu.
  • Turn the rotary encoder to the left to go up the menu.
  • Press the "A" button to open the selected menu.
  • While in the submenu, press the "B" button to return to the main menu.


While entering a text in a tab:

  • Click the encoder button four times to continue;
  • Click the encoder button five times to cancel the current operation.


*If the hex value decreases when you rotate the encoder to the right, I would advise you to swap the wires connected to the D26 and D27 pins.

Add Login

IMG_20221028_131123_hdr.jpg
IMG_20221028_131240_hdr.jpg
IMG_20221028_130811_hdr.jpg
IMG_20221028_125659_hdr.jpg
IMG_20221028_130136_hdr.jpg
IMG_20221028_130430_hdr.jpg
IMG_20221028_130559_hdr.jpg

The Cipherbox V3.0 utilizes the "Blowfish + AES + Serpent + AES" encryption algorithm combined with the SQLite RDBMS to securely store your logins, credit cards, and notes.


To add a login:

  1. Select the "Logins" line in the main menu;
  2. Press the "A" button;
  3. Select the "Add Login" line;
  4. Press the "A" button;
  5. Enter the title;
  6. Click the encoder button four times;
  7. Enter the username;
  8. Click the encoder button four times;
  9. Enter the password;
  10. Click the encoder button four times;
  11. Enter the website;
  12. Click the encoder button four times;
  13. Press any button to return to the main menu.


According to the tests that I've conducted during the development of my previous projects - ESP32 can encrypt and decrypt a record with a length of 600-characters without any problems. So, technically, you can put 600 characters into each field in every category.


*All credentials demonstrated here are entirely fictitious. Any similarity to actual credentials is purely coincidental.

View Login

IMG_20221028_131123_hdr.jpg
IMG_20221028_131447_hdr.jpg
IMG_20221028_131519_hdr.jpg
IMG_20221028_131546_hdr.jpg
IMG_20221028_131612_hdr.jpg
IMG_20221028_131645_hdr.jpg
IMG_20221028_131809_hdr.jpg

To view a login:

  1. Select the "Logins" line in the main menu;
  2. Press the "A" button;
  3. Select the "View Login" line;
  4. Press the "A" button;
  5. Select the login you would like to view by rotating the encoder;
  6. Press the "A" button to view the chosen record;
  7. Press any button to move to the next tab.


*All credentials demonstrated here are entirely fictitious. Any similarity to actual credentials is purely coincidental.

Edit Login

IMG_20221028_131123_hdr.jpg
IMG_20221028_131306_hdr.jpg
IMG_20221028_131852_hdr.jpg
IMG_20221028_132104_hdr.jpg
IMG_20221028_132739_hdr.jpg

To edit a login:

  1. Select the "Logins" line in the main menu;
  2. Press the "A" button;
  3. Select the "Edit Login" line;
  4. Press the "A" button;
  5. Select the login you would like to edit by rotating the encoder;
  6. Press the "A" button to set the new password for the selected login;
  7. Enter the new password;
  8. Click the encoder button four times;

Delete Login

IMG_20221028_131123_hdr.jpg
IMG_20221028_131318_hdr.jpg
IMG_20221028_132412_hdr.jpg

To delete a login:

  1. Select the "Logins" line in the main menu;
  2. Press the "A" button;
  3. Select the "View Login" line;
  4. Press the "A" button;
  5. Select the login you would like to delete by rotating the encoder;
  6. Press the "A" button to delete the chosen record;

Encrypt Text

IMG_20221028_143428_hdr.jpg
IMG_20221028_133256_hdr.jpg
IMG_20221028_133711_hdr.jpg

As I've mentioned before, Cipherbox utilizes six encryption algorithms.

You can use any of them to encrypt your data.


To encrypt text:

  1. Open the Serial Monitor because the ciphertext will be printed to it.
  2. Select the line with the name of the encryption algorithm you would like to use. (Blowfish + AES + Serp + AES; AES + Serpent + AES; Blowfish + Serpent; AES + Serpent; Serpent; 3DES);
  3. Press the "A" button;
  4. Choose the input source;
  5. Press the "A" button;
  6. Enter the text you want to encrypt;
  7. Either click the encoder button four times or press the "Send" button in the Serial monitor depending on the chosen input source to encrypt the text.


Plaintext:

It's an affordable version of Cipherbox


Ciphertext:

2A03138C0CEC6E3CAE3DF02C743F99161216E2C6C6CD1E664DC8BDA9429755A3CB9AFC14F7AA4D471AA494A07FFEF7FB407906DCA04C80896644C5DC37730334BD61F16B8662CBB767E25A94F1FD71559CDCAB8E61F60ECB5B7EE76BF116FB2E1BD13285418F2BDC8F49E2BDDDD02A611480D43843D589A7E2C65F32E7D7CB26C42ED3A3C76A02FB5EE1B31BCF69FC38142AC209213E1891D707FD7E312CCD873F11A917299CBC8B2E43F68492091D3DB61584DF5D0495CFDACCB95EBF4344E060A7CEF23167552A18BBA02942A4AE766AEC050708B8EAE5BACAF7A11635C96A76D40FE792AF7219B7CA15BE0532320F562173276C3544C2259A072767173C14B34C63E3285C8690D537272F53601677B17A84A8B95542168BF407602331DDB5

Decrypt Text

IMG_20221028_143428_hdr.jpg
IMG_20221028_143640_hdr.jpg
IMG_20221028_144924_hdr.jpg
IMG_20221028_145001_hdr.jpg

To decrypt text:

  1. Open the Serial Monitor because you'll need to paste the ciphertext to it.
  2. Select the line with the name of the encryption algorithm you've used to encrypt the text;
  3. Press the "A" button;
  4. Select the "Decrypt" line;
  5. Press the "A" button;
  6. Paste the ciphertext to the Serial Monitor;
  7. Press the "Send" button in the Serial monitor.


Ciphertext:

2A03138C0CEC6E3CAE3DF02C743F99161216E2C6C6CD1E664DC8BDA9429755A3CB9AFC14F7AA4D471AA494A07FFEF7FB407906DCA04C80896644C5DC37730334BD61F16B8662CBB767E25A94F1FD71559CDCAB8E61F60ECB5B7EE76BF116FB2E1BD13285418F2BDC8F49E2BDDDD02A611480D43843D589A7E2C65F32E7D7CB26C42ED3A3C76A02FB5EE1B31BCF69FC38142AC209213E1891D707FD7E312CCD873F11A917299CBC8B2E43F68492091D3DB61584DF5D0495CFDACCB95EBF4344E060A7CEF23167552A18BBA02942A4AE766AEC050708B8EAE5BACAF7A11635C96A76D40FE792AF7219B7CA15BE0532320F562173276C3544C2259A072767173C14B34C63E3285C8690D537272F53601677B17A84A8B95542168BF407602331DDB5


Plaintext:

It's an affordable version of Cipherbox

Hash String

IMG_20221028_133852_hdr.jpg
IMG_20221028_134029_hdr.jpg
IMG_20221028_134133_hdr.jpg
IMG_20221028_134208_hdr.jpg
IMG_20221028_134256_hdr.jpg

The Cipherbox utilizes two hash functions: SHA-256 and SHA-512.

If you're not familiar with the hash functions, let me give you a simple explanation of what the hash function is.

The hash function is an algorithm that takes your input (in that case, it's a string) and gives you a fixed-length output derived from that input. One of the essential properties of the hash function is that it always produces the same result for the same input. That allows you to use the hash function to verify the data integrity.

To hash a string:

  1. Select the "Hash functns" line in the main menu;
  2. Select the "SHA-512" or "SHA-256" depending on the hash function you want to use;
  3. Enter the string you want to hash;
  4. Click the encoder button four times.


Input:

Cipherbox


Hash:

97e52cf8b4c283a38d85a8e52dd9ce62f57f6e004b4c2ef35ad91f5a3c5378769d578eee19a8dae5386df5406ed5a5262c76043558cd5418e2c53f27f01b6106

Execute SQL Query (Statement)

IMG_20221028_155816_hdr.jpg
IMG_20221028_155903_hdr.jpg
IMG_20221028_160358_hdr.jpg

The Cipherbox utilizes the SQLite relational database management system to store your encrypted data in an organized form.

SQLite allows you to execute queries and statements on it. The difference between a query and a statement is that a query returns something after being executed. I wrote the word "query" in the "SQL" submenu because the Cipherbox always prints the output of the callback function after something is executed, even if you execute a statement.

To execute a query or a statement on the SQLite:

  1. Select the "SQL" line in the main menu;
  2. Press the "A" button;
  3. Choose the input source;
  4. Press the "A" button;
  5. Enter the query you want to execute;
  6. Either click the encoder button four times or press the "Send" button in the Serial monitor depending on the chosen input source to execute the query.


Here are three useful statements for you:

  • Drop table Logins
  • Drop table Credit_cards
  • Drop table Notes


Each of these statements removes all records in the corresponding category. As a side effect, you won't be able to add a record to that category until you reboot the device.

Add Note to the Cloud

IMG_20221028_145243_hdr.jpg
IMG_20221028_134452_hdr.jpg
IMG_20221028_145338_hdr.jpg
IMG_20221028_145848_hdr.jpg
IMG_20221028_150518_hdr.jpg
IMG_20221028_150708_hdr.jpg
IMG_20221028_151437_hdr.jpg

Ok, let's get to the final feature utilized by Cipherbox V3.0 - the ability to store the encrypted notes in the cloud.


Before you continue reading this tutorial, I would like to remind you that the so-called "Online Stored Notes" is a raw and unstable feature. And there's no guarantee that it would work at all! There's also no warranty of any kind provided for anything you do with the Cipherbox V3.0 or any of its component(s). Proceed at your own risk.


To add an encrypted note to the cloud:

  1. Select the "Onl strd nots" line in the main menu;
  2. Press the "A" button;
  3. Select the "Add Note" line in the "Onl strd nots" submenu;
  4. Press the "A" button;
  5. Wait till the Cipherbox connects to the Wi-Fi network using the credentials you've specified in the firmware. If it takes too long, hold the encoder button and return to step 1;
  6. Enter the title (max. length - 16 chars);
  7. Click the encoder button four times;
  8. Enter the content (max. length - 32 chars);
  9. Click the encoder button four times;
  10. Wait till you see the "Press any any bttn to continue" inscription at the bottom of the screen;
  11. Press any button to return to the main menu.


Cipherbox V3.0 encrypts all "Online Stored Notes" notes with the "Blowfish + Serpent" encryption algorithm.

View the Last Cloud-Stored Note

F1NTWKHL9RIWKF0.jpg
IMG_20221028_134535_hdr.jpg
IMG_20221028_150836_hdr.jpg
IMG_20221028_150939_hdr.jpg

Because the "Online Stored Notes" feature is still raw, and because of my lack of knowledge of how to properly pull data from ThingSpeak - you can only view the last saved note.


To view the last saved note:

  1. Select the "Onl strd nots" line in the main menu;
  2. Press the "A" button;
  3. Select the "Last Savd Note" line in the "Onl strd nots" submenu;
  4. Press the "A" button;
  5. Wait till the Cipherbox connects to the Wi-Fi network using the credentials you've specified in the firmware. If it takes too long, hold the encoder button and return to step 1;
  6.  Wait till the Cipherbox reads the channel and decrypts the last saved note;
  7. Press any button to return to the main menu.

Decrypt a Note From the Cloud

FXQX5VGL99XKVK6.png
FSKNE76L99XKVK7.png
FGZ158BL9RIWKH0.jpg
IMG_20221028_134556_hdr.jpg
IMG_20221028_151939_hdr.jpg
1.png
2.png
IMG_20221028_152053_hdr.jpg
3.png
4.png
IMG_20221028_151004_hdr.jpg

Well, necessity is the mother of invention. Just because the Cipherbox can't pull the arbitrary note from the cloud doesn't mean you can't.

To decrypt an arbitrary note from the cloud - log in to your ThingSpeak account, get to that channel's "Data Import / Export" tab, and click the "Download" button.

Then, open the "feed.csv" file that just got downloaded and open the Serial Monitor because you'll need to paste the encrypted title alongside the encrypted content to it.

After that:

  1. Select the "Onl strd nots" line in the main menu;
  2. Press the "A" button;
  3. Select the "Decrypt Note" line in the "Onl strd nots" submenu;
  4. Press the "A" button;
  5. Paste the encrypted title to the Serial Monitor;
  6. Press the "Send" button in the Serial monitor;
  7. Paste the encrypted content to the Serial Monitor;
  8. Press the "Send" button in the Serial monitor;
  9. Press any button to return to the main menu.

Find a Good Use for Cipherbox V3.0 Lite

IMG_20221028_150722_hdr.jpg
IMG_20221028_121721_hdr.jpg
IMG_20221028_124757_hdr.jpg
IMG_20221028_142856_hdr.jpg

I did my best to make the Cipherbox V3.0 as affordable as I could while sacrificing as less security as I could. And I think I was able to achieve that.

The only difference between the Cipherbox V3.0 and Cipherbox V3.0 Lite from the security point of view is a different key derivation function that doesn't require four RFID cards.

And let me remind you that although the Cipherbox can significantly raise the cost of unauthorized access to your data, even that "cryptographic fortress" can't give you a 100% guarantee that your personal data would stay untouchable to anyone.

Perhaps, it's not about giving you a 100% guarantee. It's about raising the cost of unauthorized access to your data as high as possible.

And by the way, if you want to make your own version of the Cipherbox, please do so! It would be interesting to observe how many forks will be available on GitHub and how each fork will evolve. Don't forget that there's always room for improvement, even if it seems that there's none.

If you have any questions, don't hesitate to ask them in the comments.

I hope you will find a good use for this device.

If you like this tutorial, please share it.

Thank you for reading this tutorial.