Encrypted Note Storage V3.0
by Northstrix in Circuits > Microcontrollers
1038 Views, 4 Favorites, 0 Comments
Encrypted Note Storage V3.0
The third version of the encrypted data vault is a device that is capable of encrypting your notes, calculating hashes for your notes, verifying if the note was modified or forged (by comparing hashes), generating random strings in both ASCII and hexadecimal formats.
This device utilizes the following encryption algorithms:
- AES-128
- AES-192
- AES-256
- Serpent
- AES-128 + Serpent + AES-128
- AES-192 + Serpent + AES-192
- AES-256 + Serpent + AES-256
By the way, this device is partially compatible with the Encrypted Data Vault: Raspberry Pi Pico + ESP32 Version. You can use this device to decrypt the notes encrypted by the data vault using AES + Serpent + AES encryption algorithm in counter mode (if the note length doesn't exceed 512 characters). And you can encrypt notes on this device, and later on, decrypt them on the data vault.
If and only if you will use the same keys on both devices.
Before you continue reading this tutorial, beware that if you lose the device and the firmware that you uploaded into it, you will lose the ability to decipher your notes!
Supplies
- ESP32 x1
- D-SUB port x1
- VGA monitor x1
- VGA cable x1
- 4.7k resistor x1
- Button x1
- 10µF capacitor x1 *optional
AES + Serpent + AES Encryption Algorithm in Counter Mode
AES + Serpent + AES is the strongest encryption algorithm utilized by this device. It requires three keys to function: Two AES' keys and one Serpent's key. This algorithm takes eight characters (64 bits) and three keys as an input, generates 192 random bits in the encryption process, and produces a sixty-four-character string in the hexadecimal format as an output. If the length of the input block isn't equal to eight, then the padding is applied. The number of rounds performed by the AES and the key length of the AES's keys depend on the chosen mode.
The encryption process goes as follows:
1) The algorithm takes an input block;
2) If the length of an input block isn't equal to eight, then the padding is applied;
3) Input block is passed to the AES alongside 64 random bits;
4) AES encrypts obtained 128-bit block using the first key;
5) The result of the previous step is split into two equal 64-bit halves;
6) 64 random bits are concatenated to each half;
7) Each of the 128-bit halves is encrypted using Serpent;
8) Each ciphertext from the Serpent is encrypted using AES with the second key;
9) Concatenation of two ciphertexts produced by the AES using the second key is the resulting ciphertext.
AES's key is incremented each time after the algorithm uses that key.
And by the way, if you give the algorithm the same input more than once, the output will be different every time. This property applies to every encryption algorithm utilized by this device!
By default, AES is set to 256-bit mode.
Install CP210x Driver and Configure Arduino IDE *Optional
If you've never flashed ESP32 before you need to configure Arduino IDE and install CP210x driver to upload the firmware into the board, you can download the CP210x driver for ESP32 here: https://www.silabs.com/developers/usb-to-uart-bridge-vcp-drivers
Configuring IDE isn't a part of this tutorial. You can read about it here: https://randomnerdtutorials.com/installing-the-esp32-board-in-arduino-ide-windows-instructions/
Download Code From GitHub
The code includes the firmware for ESP32, a pre-compiled open-source program to store the encrypted notes, and the source code of this program.
You can download the code here https://github.com/Northstrix/Encrypted_Note_Storage_V3.0
Download and Install the Bitluni's ESP32Lib Library
Download library here: https://github.com/bitluni/ESP32Lib
And then unpack the content of the archive into the folder: ...\Arduino\libraries.
Every other required library is already installed in one way or another.
Generate Keys
The best way to do it is to throw 20-sided dice.
If you get a number from 1 to 9, write it down.
If you get a number from 10 to 15, write down a letter corresponding to that number.
10 = A;
11 = B;
12 = C;
13 = D;
14 = E;
15 = F.
If you get 20, write down 0.
If you get something else, don't write anything and throw the dice again.
Since I'm going to expose the keys to the whole world, I've used the keys generated by a weak RNG from the previous tutorial. Don't ever use a weak RNG to generate the keys! That will compromise the security of the device.
And only use the same keys on more than one device in one case: if you need the ability to use one device to decrypt the notes encrypted on another device.
Modify the Firmware
Open the file Encrypted_note_vault_version_three.ino and replace the existing keys with those you've generated.
You can also change the default text color in the setup() function.
Flash the ESP32
Upload the modified firmware from the folder Encrypted_note_vault_version_three into the ESP32.
Some boards will flash without any problems.
Unfortunately, that's not the case for all boards. If you configured IDE correctly, installed drivers, selected the corresponding port, and still keep getting this error: A fatal error occurred: Failed to connect to ESP32: Timed out waiting for packet header. Connect a 10µF capacitor to the board while flashing.
Connect the positive lead of the capacitor to the EN pin of the ESP32;
Connect the negative lead of the capacitor (usually indicated by the gray stripe) to the GND pin of the ESP32.
Don't forget to disconnect the capacitor after the board flashes.
Connect the D-SUB Port, Button and Resistor to the ESP32
Finally, it's time to assemble the device. There are only three components that you need to connect to the ESP.
Power Up the Device
When you connect the VGA monitor and power up the device, you should see the menu. Default text color depends on the value of the clr variable.
Set Master Password
The purpose of the master password is to prevent the third side from deciphering your notes by simply getting physical access to the device. The master password is used to derive a part of the key. The master password isn't stored in the permanent memory. You need to enter it every time you're powering up the device. After you disconnect power from the device, every modified part of the key will be lost because it's stored in the volatile memory.
After the master password is entered, it's hashed with SHA-512, then this hash goes through Serpent 576 times, and after that, the obtained result is used to modify the parts of two AES's keys.
One of the numbers derived from the master password is used as a verification number. The verification number must always be the same for the same password.
To set a master password:
1) Enter 13 into the text field;
2) Press Send button;
3) Enter your master password;
4) Press Send.
I've used this master password:
Finally, the encrypted note storage is beginning to look like one. Not t0 m3nt1on f8nction like it!
And obtained the verification number 167
Set IV
The purpose of the initialization vector is the same as the purpose of the master password. It just works differently - instead of deriving a part of the key from the input string, the initialization vector (in that case) sets the number of iterations of the first eight sections of the key. It works as a counter. Each section of the AES's key can have a value between 0 and 255. IV only affects the first eight sections of the key. It works as follows: iterate the current section until it reaches 255, on the next iteration set the current section equal to zero and increment the next section by one. The same principle applies to every section.
Now let me explain why I wrote (in that case) - IV is supposed to be a number that is used as a starting point for the counter. In that case, it is a starting point for the counter (in the counter mode), but instead of being a starting point itself, it increments the key by itself! That's the key difference between that case and what IV is supposed to be. And by the way, you can only call the number of the key incrementations an IV only in cases where cipher uses counter mode. In the case of the Serpent encryption algorithm, the number of the key incrementations is exactly what I called it because in that case, Serpent doesn't encrypt data in the counter mode.
I hope I wrote an explanation that's clear enough. Anyway, if you don't get something, you can always ask a question in the comment section.
I've used 654321 as an IV.
Hash Data
To prevent unauthorized modification of the note or forgery of a fake note using already obtained ciphertexts you should hash the note and then store the hash in an encrypted form!
To hash a string enter 10 into the text filed, press Send, paste the string that you want to hash, and then press Send.
I came up with these results:
Input:
The third version of the encrypted data vault is a device that is capable of encrypting your notes, calculating hashes for your notes, verifying if the note was modified or forged (by comparing hashes), generating random strings in both ASCII and hexadecimal formats. In some sense, this device resembles my previous project. In some sense, it's a branch of that project. Anyway, with all of its flaws and inconveniences, it can protect your notes from unauthorized access by encrypting them with one of the seven available encryption algorithms, two of which (AES-192 + Serpent + AES-192 in counter mode & AES-256 + Serpent + AES-256 in counter mode) aren't just secure, but insanely secure! You can also set a master password and initialization vector to make your notes indecipherable even if the adversary gets physical access to the device.
Hash:
cc3f176112eb3ec52ab70d87c1b273f0af4f06cebbda80af1d701729f8fd649e7f0320200fd4deebb10aa4d155575c6d39a924f1a590f6cdf4b38b5809160cc1
The only purpose of the button is to get back to the menu.
Encrypt Note Using AES + Serpent + AES in Counter Mode
To encrypt a note using AES + Serpent + AES In Counter Mode:
1) Enter 1 into the text field;
2) Press Send button;
3) Enter the note that you want to encrypt;
4) Press Send.
I was able to encrypt and decrypt a 512-character long note using this encryption algorithm without any problems!
Eventually, I came up with these results:
Plaintext:
The third version of the encrypted data vault is a device that is capable of encrypting your notes, calculating hashes for your notes, verifying if the note was modified or forged, generating random strings in ASCII and hex formats. In some sense, this device resembles my previous project. In some sense, it's a branch of that project. Anyway, with all of its flaws and inconveniences, it can protect your notes from unauthorized access by encrypting them with one of the seven available encryption algorithms.
Ciphertext:
e4b340f6c5d2fc770789e14d5ba42df086b8ac626d7d7e0dc8e4c9881208f7238427d0783b0e0fbc8b07a0a9b1f3c54a3c4044aa16fe8169301cb2b6741ea3025fd667d9ca22f82450364a473fafeb3baf47af50dc4dc19ebecbedca4dafdf770e48ce8a7ca59a6c90e7725c3ad24a6f174464c9e10c45cfba5d2b17b5b88c4a1aa50c39a5a1b43215c0e3b54a5e853e913eb3e0dcfc57087ee3092895fde957c41c6d72c7c3f933aa39d4fe21dae966cc7c71fe4015c769b38ef154c4425b5881e67962f6abd2e6f72ad21f3404510a632babc64df32b44226b61cdc0231f263e2bd9ebe2553cfe0fc654aa5f87cb189b79ee0e85267463b3021f1edfc0b4abe64109401c855e234fdd96d7a31833f8aca68033bfbb01747f3089bef4b94e49df3fb864eeafdb113990aff7164a1330288211240438bd30fa9aa3989078336b541fb0d9f53d2504b15c65e1432404c78d8bd0f498940d18de2f79db5061bbedc7efb056230690af33018d3bf557e5315f16a8503a914e6e56e7930f794b40a2bac0190ab0981bec8f1caea03e6bc2150a1f39800318495d9001d9e5205ab0d33390a3761af49408af0f51de1bdcd9e94ec2efd07273b2248d7e90da922a4d1546990f844606df69320ea93b41cede23e1691661c6de6b2ed1c27359ddb312eb5b72556b9913a896a97fdbdca3eadf16c1e45cabe19c2a8aa713c9ca5f35c4e9f5be880505b30c6f0cf391ccbd18dadc9abee30f1c48bf29b18d52cc9f388c841a7ea141c5a639d846514738b8eb144b2a2937a9489d09eaaffd8d3d57e4cf2e66adb2af0f94ae065cc66b60a7ad4c0a068fdad310b1e02378085e8b0db7fa6d2af17de4755a512fb2a4e48f7d24bfa427888fefb795f6667d178925c5a9c25e14ec9c51be8d144f3a71929abf880b7a3a47fe82f242ede77d7fc9d6ef71bec04ea777a4a49714e9a8764f871f3243732d8c7842311fb47cf3f9e199b9b8b0eaa4a1883600dfa215769f3a06f27d007fd04aa17b5dbdfa761793e635681cefdb204d647da0b479dbc8d8dd06e8213907e2e777cde16f76191872e7e2882713801deabaa6eeed4587803cd3713b03c20cd2768a66d24a845cd8e2468ba0289681d2b0a51cc468606312f4ade6c3159093f5e95e2ba4075e3fe530215a1ac2b64992f16ebe237fd7f1cc2b1e7034cccc3f3e6c725106051958e4fbef67dc89964503d9a4ac49b2330fdf09285898d94e5b04707d2af27ad9778c7bb2b34d37ffe645fa032e85a3385e95c9ffec8d528b188044d5f5856bf2a4cdfbd851d2c04299af2513220a3beea031d3519ad3867708549b35bbf89aa24ecfa16b912e3c3cf89f334b0da9e8abedcbd7e97b0442a29ab6a5d24480ae8eacb3968f4fb7e61949312b434e822734bbb596727a5d1208d04b0b9eae5f90b78cb2a450e1fe061b9c022bed0a3722a9a810fbaf6769b845d3d1ae6cb102cc5c5666cf4ea927219881cbbc64fe16db7493d1eb45b62618ba7131a3c099da5a3ff9c9418336b6bcfdbd7ed119b425b4b8b41eeaf1b925e42cef9ff63c66e48d41637047dfbc5a1980e14b6af0a0fff0fb8f2cea6aadea882e565a515ebcb777aa304508068d9c0b19798000188d28c46fb2ef836aa951768c55118b1e432034dff54151bf0dda5310f41c473d87bb30e763577a6377e50c6d602e71dd0b612bc82ae6aec44900a478fea3cc625823a7ca42aefcf98cf5527f105ea5f755c989b7d8dc695a8a2f40d499433497353549955af40c43cc119ae301e4d7391d07acb34798862df1c3a6aed9d85c95cba68ac54e46329d297599dec273165fbd0537967ab0f5c07d3eb42b7c509ccf973ae27de9466a2562f068b7bb4c84f7e4833c9d59257879572e5fa12e493c606506502b7106cd6999af433a7d638d09393a289dfa2088c0e1fd77f07274951c14f0ad2cd60286c03381b79fb07c98ef36cd30ba9f125e7376fab45ab34e1c6b6a79c7409f492960fa36da4529be679005e867cb2b4cc2931bc7c290f14dc6bc301a173cc542f3d5b9f4d7b77070f2fb9058e1a77df57eeec0c0b4fdb39f51072dc9971510c52310c6c7e35858d4e61412b7db85227ae2cdfa359a663ebc65427cb8081a6f8e4cf702ba0037acb69fe25d71ef1d4b5aa05a62bdae3a76cf8213a8430ca4c5a2fabbed2fbddda7093b58aa88ecd972726a7d9601b3748beb0bcd2cc83045d6210ebdba00e128dd9537825a1f3b582d7e187c07b0a0275e4c90617dc09275bb517e9e4566e6db6e7c82d662ac4999eccc0a29a1ffc369711be93902d8a47509dfa112bc2538af8afb90eca674d35f5f850601571a4395e75c701ce7619614f33eaea3d150216cfb000951c88cc826db42ecb0e8dcaab62394f2def1583ae88cdac5674fb3f2ddf17924f8d25dc4aadd354780f20194c548221389e7af9f2139c632f2dcb654e696390d0076b39cd2d23382b71801924a1fcf669d9fb19812ac38ed0d3c25f11bd7f94dcf4af55fef645b1f88ca90d4d1b9ad0a5a9aedc65dcda9c8bbe901c267978be48912cd79447a90ee711605ff096dcd25ff27ff71b539d18f4c0d82eeac004b9bd088a050f476bdc4941c76ea75e10c2a4a682c717068787a1dda35d8884cdec58f6468fc96339960eca2fac7cc4d2d2eb5ca5a35ca7aede3257ac10a7495d554b8c99ae0f3a9c27ef3d977c7c2ef88eec901b3228a07b1bec22858d2229ae90c32033f5762aab9c5c28720ef01cce16b7b0a0ed9bd71eb5d0b19f2e3bf2f3115721caf1aacda3e682155fe9c01afedc99d257d8700f0a5d6b1bc33bb07084c772af51ac68f4b8819057cee77da30da73896833ce014aa8091b9dc9d77b08da194faf4d69ce3e8818ada4c69daadd
Encrypt Note Using AES in Counter Mode
To encrypt a note using AES In Counter Mode:
1) Enter 3 into the text field;
2) Press Send button;
3) Enter the note that you want to encrypt;
4) Press Send.
I was able to encrypt and decrypt a 1024-character long note using this encryption algorithm without any problems!
Eventually, I came up with these results:
Plaintext:
The third version of the encrypted data vault is a device that is capable of encrypting your notes, calculating hashes for your notes, verifying if the note was modified or forged (by comparing hashes), generating random strings in both ASCII and hexadecimal formats. In some sense, this device resembles my previous project. In some sense, it's a branch of that project. Anyway, with all of its flaws and inconveniences, it can protect your notes from unauthorized access by encrypting them with one of the seven available encryption algorithms, two of which (AES-192 + Serpent + AES-192 in counter mode & AES-256 + Serpent + AES-256 in counter mode) aren't just secure, but insanely secure! You can also set a master password and initialization vector to make your notes indecipherable even if the adversary gets physical access to the device.
Ciphertext:
8255dfc420912eb10a6a064889cc50e2082710d0676f377e5f88712ee4719f0db74f709331e1ed1ca81e9f8fdf727366f5258e8e3440a8aa1d445e2fcff24d2157b2df499deb12def7e668f96c008194e337de05c7af0b789d52d59c7abc951e5e217fc6b7ff96bf14594dff09dc099d0b123097efb3bc6e4957b34b351054ffa355eccff068f03477e4cf98d440916b7f8bb89685470ec36784ac9eedf2501f748780ba4a93339f3925e9e8f08cdcd7951836d24b44878c63f3beb42b95964ae48c5fb4ce6396afc47bd4d2ac708037ea53466dc661865dfb49d9a17c9ab2a516a229264165752ed41bda9ca6b6d5967aab0c8b3dae77de6e0ee8c290961d9e6e46a3866a321a3170cbe832a78c2d8d91f7c6346de5a803f28a1d70879dc26c8db87113346548de8022cd7e05c348cc99f8eec09c73ae88b8928956e85f5220c65bf928f0ac74c1613c0607ae8eea8b3463b4787122a0a0bc74657040c839edb315dfe9a87ea4178080f809dd57ed928be3996caa7d8b69e0d12061eeefbcbac0b824bf71b6b36d25f3342a63ab986b80e3054a1a8fc1be9389a4f0c690e8bac9726776bef5ba41a4e00b5477de43a5701fd096148e680fa5182738a2ffab7c6fc9c6dde831015f8839b29e0dc5c77393233d1cc97d13a9e2c1c3fcf5675e3d1349f91921cfb2e404792db30bc7b63db6a0d03816ac4a7663754a6fc8c0ffd13ee77e6e0cc448594f080ee9e843b2b642d2c2dafe4470ecc580d1aac10842a68ebd6f100e855d8fa8b8a4021426dd00e7d4b9548d360ecc3f488c909035708c92ca56e345dea9fec93fc7b24d2d5442b3ecaf45f54d2b3279fe071832fa86a7067df835c4341fa0081ac8688ddf67142c492d25366a236adecbae146d76c9c7c6d972ed013e686f05537e64e1531f686202a8bbf3756d4d59164d0ce4f7be8bcf70e455f0eae4174404466bcbcc7c4f4926ac4ada74d4c6154535c33c31fef5b104772a677b5a3392b49b6412f1631df9670d1feb7f667c39975bafbe19e00d7e3eed9b6ad37ba7bb1756ee2aa173bdedb5b8e916ce5f43b0a03d22d8f2162fd91f96cdd09b7c92ba2463e0431c9d6c2bd9be83b09ba0d42ae4e064371a7ba799150e97c1e09638be9aee986a04274fb56a73b2af02dd023eafc946a7205867000faf772bb6f3714a30787aa5f7ecd26c2239ded92d854df2ba067dc355c24179427cb7b456ea4fd11b598b5cd0aaf34c48392c8710e55529f6a9c0206096907b51ae23b5a023b0492cd8778c811b5096d04150c1d14578dafacafb95d2673c4662ac9309019e2cdddefafd8ca0db455c35abd267a4726d7b3dfb6b2d349f7b8bcde46fe0c0136cdc6e28e69fe180f5cd976cf35215128b9ee82959c18af94fe11c59040ff563d31b3be41b09cfc1ebe7126cb77108c16b6a4ce85f58fa6cb9efe9f1ab1d05563e418aa9fca80a30c2d565bf7fd122ca0dea0e29e58af24c0825787b9663aa7bf510d34bcf8ecf1249b2aa4feda5bb087e2f6029a5597d47bc66c1a7f4924a35542ca8cff1120fe053eacf6219e009499ff5bb5edc20f9e418078499a21c4f8ffc7b86488dbf698bcafef74627d47adfe02e9a53c2ccc9fe2065a3761897a49ba11b90656de0c7169bc25759bc46dd612372de33c898658e9816bf8ae664369a29e8cee4815f1316865554b6bf34d5babcfd312087ec819d63c01ad3cf11faf49c62f37fd1eb73ec377dcdaf2b813515d9c60e7ae6d6b40b4e18b5d1bd6903cfee9eb9283e7af17b693d78bda45624d702bb8300c79020b0bb48882079a7b1ef652336459db90ee820bbac45e4b6457cd712a5bdaab14fb3cfd65c68483ba5f0192d8c7a6e961e3f6ebbd60e10d3a890e55e0d08b1787a8d8d2d524397df3deb66550b14c01f06a86791776b30def746a308baa48cfa75700e0fb881dcbcb1bb0a949a9543113c65662aab95a26f84dc125517228acea61afa53561613878772a488e60bf84296f0a39552330d36b8f78bbb38216d5f72c7b374581ea10f8a687b9d7a6312dc8ef3e85ea03b20c3f3680ccdbb5218dc5eeb08721ccbed1e5f29f0e162e93b4bb34c239a3002ef5de1ff3935de3f0fe61bd5ebe3d786b3488546792b9754cb864e0f711185531403974a40a774dd8f7ff1aa8d71d29b0fe9d5a0430684f3edfe396f5d3b7178c039aee9f1a8ec76fd2232168d587038d4915d000f0d1f69d005eba0604665315cb0fce0b3188d90dec4a84eabd9b23c30e8006310898619d6f671264f96654fd4117fbb5a0006baa9362de8d40244ba32f0044e0747adc687ea62de956d07cc710ce904732f4b786a05f8018e14a2e277c6af24f7083b1dc86b2529405e4ff5d09ea6df400872afeaee2a8036
Encrypt Note Using Serpent
Important note!!! Stuff like master password and initialization vector doesn't affect Serpent!
Let me explain what that means. Even if you set the master password and the initialization vector, and then encrypt a note using the SERPENT ENCRYPTION ALGORITHM ONLY, that note can be decrypted by anyone who gets physical access to your device without a need to know neither the master password nor the initialization vector.
Beware of that flaw. And beware that it only affects Serpent!
The other six encryption algorithms don't have that problem.
To encrypt a note using Serpent:
1) Enter 5 into the text field;
2) Press Send button;
3) Enter the note that you want to encrypt;
4) Press Send.
I was able to encrypt and decrypt a 1024-character long note using this encryption algorithm without any problems!
Eventually, I came up with these results:
Plaintext:
The third version of the encrypted data vault is a device that is capable of encrypting your notes, calculating hashes for your notes, verifying if the note was modified or forged (by comparing hashes), generating random strings in both ASCII and hexadecimal formats. In some sense, this device resembles my previous project. In some sense, it's a branch of that project. Anyway, with all of its flaws and inconveniences, it can protect your notes from unauthorized access by encrypting them with one of the seven available encryption algorithms, two of which (AES-192 + Serpent + AES-192 in counter mode & AES-256 + Serpent + AES-256 in counter mode) aren't just secure, but insanely secure! You can also set a master password and initialization vector to make your notes indecipherable even if the adversary gets physical access to the device.
Ciphertext:

Save Encrypted Note Into Database
Even though this device can store your encrypted notes in its built-in memory, I would still recommend you to keep them in the database.
The database can hold up to 4094-character ciphertexts. That means that it can hold the entire 504-character note encrypted with AES + Serpent + AES and the entire 1016-character note encrypted with either AES or Serpent. Any ciphertext longer than 4094 characters will be truncated.
To put the encrypted note in the database:
1) Launch Notes.exe;
2) If you're launching the program for the first time, Enter 1 and then press Enter;
3) Enter 2 and then press Enter;
4) Enter the label. Make sure that there are no spaces in the name of the label;
5) Press Enter;
6) Paste the encrypted note into the program window (Ctrl + V);
7) Press Enter.
I've added all three ciphertexts from the previous steps into the database.
Display All Stored Records in the Console
To display all stored records in the console:
1) Launch Notes.exe (if it weren't already launched);
2) Enter 4;
3) Press Enter.
Export Encrypted Notes Into the .csv File
To export the encrypted notes into the .csv file:
1) Launch Notes.exe (if it weren't already launched);
2) Enter 5;
3) Press Enter.
Content.csv file will appear in the database folder.
Decrypt Note Using AES + Serpent + AES in Counter Mode
Let's suppose that a couple of days have passed, and now you need to retrieve your notes. Before you decrypt the note, you need to set the same master password and IV that you've used while encrypting that note.
That applies to both AES + Serpent + AES and the AES encryption algorithms.
In my case, the master password is:
Finally, the encrypted note storage is beginning to look like one. Not t0 m3nt1on f8nction like it!
and the IV is 654321
After setting the master password and IV, the decryption process is typical.
To decrypt a note using AES + Serpent + AES in counter mode:
1) Enter 2 into the text field;
2) Press Send button;
3) Paste the ciphertext that you want to decrypt;
4) Press Send.
Ciphertext:
e4b340f6c5d2fc770789e14d5ba42df086b8ac626d7d7e0dc8e4c9881208f7238427d0783b0e0fbc8b07a0a9b1f3c54a3c4044aa16fe8169301cb2b6741ea3025fd667d9ca22f82450364a473fafeb3baf47af50dc4dc19ebecbedca4dafdf770e48ce8a7ca59a6c90e7725c3ad24a6f174464c9e10c45cfba5d2b17b5b88c4a1aa50c39a5a1b43215c0e3b54a5e853e913eb3e0dcfc57087ee3092895fde957c41c6d72c7c3f933aa39d4fe21dae966cc7c71fe4015c769b38ef154c4425b5881e67962f6abd2e6f72ad21f3404510a632babc64df32b44226b61cdc0231f263e2bd9ebe2553cfe0fc654aa5f87cb189b79ee0e85267463b3021f1edfc0b4abe64109401c855e234fdd96d7a31833f8aca68033bfbb01747f3089bef4b94e49df3fb864eeafdb113990aff7164a1330288211240438bd30fa9aa3989078336b541fb0d9f53d2504b15c65e1432404c78d8bd0f498940d18de2f79db5061bbedc7efb056230690af33018d3bf557e5315f16a8503a914e6e56e7930f794b40a2bac0190ab0981bec8f1caea03e6bc2150a1f39800318495d9001d9e5205ab0d33390a3761af49408af0f51de1bdcd9e94ec2efd07273b2248d7e90da922a4d1546990f844606df69320ea93b41cede23e1691661c6de6b2ed1c27359ddb312eb5b72556b9913a896a97fdbdca3eadf16c1e45cabe19c2a8aa713c9ca5f35c4e9f5be880505b30c6f0cf391ccbd18dadc9abee30f1c48bf29b18d52cc9f388c841a7ea141c5a639d846514738b8eb144b2a2937a9489d09eaaffd8d3d57e4cf2e66adb2af0f94ae065cc66b60a7ad4c0a068fdad310b1e02378085e8b0db7fa6d2af17de4755a512fb2a4e48f7d24bfa427888fefb795f6667d178925c5a9c25e14ec9c51be8d144f3a71929abf880b7a3a47fe82f242ede77d7fc9d6ef71bec04ea777a4a49714e9a8764f871f3243732d8c7842311fb47cf3f9e199b9b8b0eaa4a1883600dfa215769f3a06f27d007fd04aa17b5dbdfa761793e635681cefdb204d647da0b479dbc8d8dd06e8213907e2e777cde16f76191872e7e2882713801deabaa6eeed4587803cd3713b03c20cd2768a66d24a845cd8e2468ba0289681d2b0a51cc468606312f4ade6c3159093f5e95e2ba4075e3fe530215a1ac2b64992f16ebe237fd7f1cc2b1e7034cccc3f3e6c725106051958e4fbef67dc89964503d9a4ac49b2330fdf09285898d94e5b04707d2af27ad9778c7bb2b34d37ffe645fa032e85a3385e95c9ffec8d528b188044d5f5856bf2a4cdfbd851d2c04299af2513220a3beea031d3519ad3867708549b35bbf89aa24ecfa16b912e3c3cf89f334b0da9e8abedcbd7e97b0442a29ab6a5d24480ae8eacb3968f4fb7e61949312b434e822734bbb596727a5d1208d04b0b9eae5f90b78cb2a450e1fe061b9c022bed0a3722a9a810fbaf6769b845d3d1ae6cb102cc5c5666cf4ea927219881cbbc64fe16db7493d1eb45b62618ba7131a3c099da5a3ff9c9418336b6bcfdbd7ed119b425b4b8b41eeaf1b925e42cef9ff63c66e48d41637047dfbc5a1980e14b6af0a0fff0fb8f2cea6aadea882e565a515ebcb777aa304508068d9c0b19798000188d28c46fb2ef836aa951768c55118b1e432034dff54151bf0dda5310f41c473d87bb30e763577a6377e50c6d602e71dd0b612bc82ae6aec44900a478fea3cc625823a7ca42aefcf98cf5527f105ea5f755c989b7d8dc695a8a2f40d499433497353549955af40c43cc119ae301e4d7391d07acb34798862df1c3a6aed9d85c95cba68ac54e46329d297599dec273165fbd0537967ab0f5c07d3eb42b7c509ccf973ae27de9466a2562f068b7bb4c84f7e4833c9d59257879572e5fa12e493c606506502b7106cd6999af433a7d638d09393a289dfa2088c0e1fd77f07274951c14f0ad2cd60286c03381b79fb07c98ef36cd30ba9f125e7376fab45ab34e1c6b6a79c7409f492960fa36da4529be679005e867cb2b4cc2931bc7c290f14dc6bc301a173cc542f3d5b9f4d7b77070f2fb9058e1a77df57eeec0c0b4fdb39f51072dc9971510c52310c6c7e35858d4e61412b7db85227ae2cdfa359a663ebc65427cb8081a6f8e4cf702ba0037acb69fe25d71ef1d4b5aa05a62bdae3a76cf8213a8430ca4c5a2fabbed2fbddda7093b58aa88ecd972726a7d9601b3748beb0bcd2cc83045d6210ebdba00e128dd9537825a1f3b582d7e187c07b0a0275e4c90617dc09275bb517e9e4566e6db6e7c82d662ac4999eccc0a29a1ffc369711be93902d8a47509dfa112bc2538af8afb90eca674d35f5f850601571a4395e75c701ce7619614f33eaea3d150216cfb000951c88cc826db42ecb0e8dcaab62394f2def1583ae88cdac5674fb3f2ddf17924f8d25dc4aadd354780f20194c548221389e7af9f2139c632f2dcb654e696390d0076b39cd2d23382b71801924a1fcf669d9fb19812ac38ed0d3c25f11bd7f94dcf4af55fef645b1f88ca90d4d1b9ad0a5a9aedc65dcda9c8bbe901c267978be48912cd79447a90ee711605ff096dcd25ff27ff71b539d18f4c0d82eeac004b9bd088a050f476bdc4941c76ea75e10c2a4a682c717068787a1dda35d8884cdec58f6468fc96339960eca2fac7cc4d2d2eb5ca5a35ca7aede3257ac10a7495d554b8c99ae0f3a9c27ef3d977c7c2ef88eec901b3228a07b1bec22858d2229ae90c32033f5762aab9c5c28720ef01cce16b7b0a0ed9bd71eb5d0b19f2e3bf2f3115721caf1aacda3e682155fe9c01afedc99d257d8700f0a5d6b1bc33bb07084c772af51ac68f4b8819057cee77da30da73896833ce014aa8091b9dc9d77b08da194faf4d69ce3e8818ada4c69daadd
Plaintext:
The third version of the encrypted data vault is a device that is capable of encrypting your notes, calculating hashes for your notes, verifying if the note was modified or forged, generating random strings in ASCII and hex formats. In some sense, this device resembles my previous project. In some sense, it's a branch of that project. Anyway, with all of its flaws and inconveniences, it can protect your notes from unauthorized access by encrypting them with one of the seven available encryption algorithms.
Decrypt Note Using AES in Counter Mode
It's the same thing with the master password and an IV if you haven't already set it.
To decrypt a note using AES in counter mode:
1) Enter 4 into the text field;
2) Press Send button;
3) Paste the ciphertext that you want to decrypt;
4) Press Send.
Ciphertext:
8255dfc420912eb10a6a064889cc50e2082710d0676f377e5f88712ee4719f0db74f709331e1ed1ca81e9f8fdf727366f5258e8e3440a8aa1d445e2fcff24d2157b2df499deb12def7e668f96c008194e337de05c7af0b789d52d59c7abc951e5e217fc6b7ff96bf14594dff09dc099d0b123097efb3bc6e4957b34b351054ffa355eccff068f03477e4cf98d440916b7f8bb89685470ec36784ac9eedf2501f748780ba4a93339f3925e9e8f08cdcd7951836d24b44878c63f3beb42b95964ae48c5fb4ce6396afc47bd4d2ac708037ea53466dc661865dfb49d9a17c9ab2a516a229264165752ed41bda9ca6b6d5967aab0c8b3dae77de6e0ee8c290961d9e6e46a3866a321a3170cbe832a78c2d8d91f7c6346de5a803f28a1d70879dc26c8db87113346548de8022cd7e05c348cc99f8eec09c73ae88b8928956e85f5220c65bf928f0ac74c1613c0607ae8eea8b3463b4787122a0a0bc74657040c839edb315dfe9a87ea4178080f809dd57ed928be3996caa7d8b69e0d12061eeefbcbac0b824bf71b6b36d25f3342a63ab986b80e3054a1a8fc1be9389a4f0c690e8bac9726776bef5ba41a4e00b5477de43a5701fd096148e680fa5182738a2ffab7c6fc9c6dde831015f8839b29e0dc5c77393233d1cc97d13a9e2c1c3fcf5675e3d1349f91921cfb2e404792db30bc7b63db6a0d03816ac4a7663754a6fc8c0ffd13ee77e6e0cc448594f080ee9e843b2b642d2c2dafe4470ecc580d1aac10842a68ebd6f100e855d8fa8b8a4021426dd00e7d4b9548d360ecc3f488c909035708c92ca56e345dea9fec93fc7b24d2d5442b3ecaf45f54d2b3279fe071832fa86a7067df835c4341fa0081ac8688ddf67142c492d25366a236adecbae146d76c9c7c6d972ed013e686f05537e64e1531f686202a8bbf3756d4d59164d0ce4f7be8bcf70e455f0eae4174404466bcbcc7c4f4926ac4ada74d4c6154535c33c31fef5b104772a677b5a3392b49b6412f1631df9670d1feb7f667c39975bafbe19e00d7e3eed9b6ad37ba7bb1756ee2aa173bdedb5b8e916ce5f43b0a03d22d8f2162fd91f96cdd09b7c92ba2463e0431c9d6c2bd9be83b09ba0d42ae4e064371a7ba799150e97c1e09638be9aee986a04274fb56a73b2af02dd023eafc946a7205867000faf772bb6f3714a30787aa5f7ecd26c2239ded92d854df2ba067dc355c24179427cb7b456ea4fd11b598b5cd0aaf34c48392c8710e55529f6a9c0206096907b51ae23b5a023b0492cd8778c811b5096d04150c1d14578dafacafb95d2673c4662ac9309019e2cdddefafd8ca0db455c35abd267a4726d7b3dfb6b2d349f7b8bcde46fe0c0136cdc6e28e69fe180f5cd976cf35215128b9ee82959c18af94fe11c59040ff563d31b3be41b09cfc1ebe7126cb77108c16b6a4ce85f58fa6cb9efe9f1ab1d05563e418aa9fca80a30c2d565bf7fd122ca0dea0e29e58af24c0825787b9663aa7bf510d34bcf8ecf1249b2aa4feda5bb087e2f6029a5597d47bc66c1a7f4924a35542ca8cff1120fe053eacf6219e009499ff5bb5edc20f9e418078499a21c4f8ffc7b86488dbf698bcafef74627d47adfe02e9a53c2ccc9fe2065a3761897a49ba11b90656de0c7169bc25759bc46dd612372de33c898658e9816bf8ae664369a29e8cee4815f1316865554b6bf34d5babcfd312087ec819d63c01ad3cf11faf49c62f37fd1eb73ec377dcdaf2b813515d9c60e7ae6d6b40b4e18b5d1bd6903cfee9eb9283e7af17b693d78bda45624d702bb8300c79020b0bb48882079a7b1ef652336459db90ee820bbac45e4b6457cd712a5bdaab14fb3cfd65c68483ba5f0192d8c7a6e961e3f6ebbd60e10d3a890e55e0d08b1787a8d8d2d524397df3deb66550b14c01f06a86791776b30def746a308baa48cfa75700e0fb881dcbcb1bb0a949a9543113c65662aab95a26f84dc125517228acea61afa53561613878772a488e60bf84296f0a39552330d36b8f78bbb38216d5f72c7b374581ea10f8a687b9d7a6312dc8ef3e85ea03b20c3f3680ccdbb5218dc5eeb08721ccbed1e5f29f0e162e93b4bb34c239a3002ef5de1ff3935de3f0fe61bd5ebe3d786b3488546792b9754cb864e0f711185531403974a40a774dd8f7ff1aa8d71d29b0fe9d5a0430684f3edfe396f5d3b7178c039aee9f1a8ec76fd2232168d587038d4915d000f0d1f69d005eba0604665315cb0fce0b3188d90dec4a84eabd9b23c30e8006310898619d6f671264f96654fd4117fbb5a0006baa9362de8d40244ba32f0044e0747adc687ea62de956d07cc710ce904732f4b786a05f8018e14a2e277c6af24f7083b1dc86b2529405e4ff5d09ea6df400872afeaee2a8036
Plaintext:
The third version of the encrypted data vault is a device that is capable of encrypting your notes, calculating hashes for your notes, verifying if the note was modified or forged (by comparing hashes), generating random strings in both ASCII and hexadecimal formats. In some sense, this device resembles my previous project. In some sense, it's a branch of that project. Anyway, with all of its flaws and inconveniences, it can protect your notes from unauthorized access by encrypting them with one of the seven available encryption algorithms, two of which (AES-192 + Serpent + AES-192 in counter mode & AES-256 + Serpent + AES-256 in counter mode) aren't just secure, but insanely secure! You can also set a master password and initialization vector to make your notes indecipherable even if the adversary gets physical access to the device.
Decrypt Note Using Serpent
As I've mentioned before, Serpent isn't affected by stuff like the master password and initialization vector.
To decrypt a note encrypted with Serpent, do the following:
1) Enter 6 into the text field;
2) Press Send button;
3) Paste the ciphertext that you want to decrypt;
4) Press Send.
Ciphertext:
410369A3A9ED2A507097937FFB5F1CE3823AFF03139639842E987B62E6507ACDF2B32845F647548BC847F6B847F12E6F4F10688EE7BE0F9920F4BA731051FD3ACFAB21E27A6200B91285876806EB9202E264132A85AE4E2D93EE0299973A0CCA9121EB4BFBA4160B528EA3BDCC812B1CCEEF1183DEEDF8162604A12EA25D90BD53D952C2C774478DF225F925BBBCCB3CC1F2B1D4785B95B9EB1BDC0A4A64BA523B166B82B4FD533E74A7A61688AB1A70104B4BBD0418FA41F33F5FCC756389FF747DADAB76B84471F5B956DBE1D9FE823D22A1AD3AE555734F9BC64FF30A746E054E25825FD8A13156CDDB5E266B2AD249DAE76A681635C7A6CD192F3413770525EDA4BE96E6BF99070B1926FEE80247202BF32462B21C51160DB81AB5312D8FA9923898D95A92A34DFDF52DB69A340FD56A7D98507D4EBA6F32DD30C5FB1ECECA12B30B70022BF4C50263946EC2288067FF82C3E411924AA9B2007B204482D52170AA57A20EA030A90B96430A8929A1F90EBFC23BB5BDA632B3BFF27BD7BCF71125801D097DA8E5030C690B7CC4225200838431BAABE5637FA09EECDA98A4E98D3D3F15D22CE59EDB3299182443C256992EAD27134F3F880AE05554EF1BF889068F89F1D876DDAE53AD1866513296957120AEE83C0315C48CD4BD79B951149E419DA62ADA5704FFC5867F751F6BB22FAE6298E048BFE92121930B96505CB4B4A91229A986A46541EA23A0F16CC4C3B26FD6DD98CDF25629CAB531D51A1EB31954BE2905E872272836F20E4EDF0B82750912757D90E7688067A3252A2C7D8335F4390F08D1DE8617B4BD925BDF934E006C743C044217A35F42CE02BDB059703BBB3A2CCFECBED486B8D1BF7A28AD9EF1CF532137FA4F9FEC0FD3F9C0BD13133451D7404DD12E5B2D28688F645546246D5F0BB9ACE6ECBB53E03332F9F954AB75E4D1FA647624D45405B63698182A5C6E0D2E2E3BCB7E0E83EB5480450BD169EAB4104D42F2518130EB92C369D7A612C8878B28CAFA75CB86F7F6E7DCDC02FC60A8E00BD8B4DEAA96EC6131682E3650656BF74EA4C67A83D08AE4F4874BC9A0E5E7B66678C799F8EAAB92B0D132B7C71CE60157DD9BFC809D13CB6E470DB22C950DBC9E4B20ACB5D1F3137AB32D289168D9C0373FC216A4BCE38B740519E17D1198497E340326E86FF84229785C946AB0BECA182130367058E823A41A43AB85E6C8C9B973793C3E1A05CDA050A926877FFCE18BFA2FFE6255127DE58AA3938316744B261A579DC4EC3626D2158EDEEEE3F730DDC853606A22F819FC44618D1940FCC4CB8A176013690E8F71D9F42CA7E782A12A663B231C5F0545BAA2A97153467495747C9378B68453B90716929F3FE7B66056D75299A6E97124A150D487E1A820057930FE66C0791402BF11852DEB5E6554AB3698A772DBDC86D006319E47DEDE61E0CE27DCE869E4E456740BD336D84BB93DDA9AD620C012AAD48B4F74CE716EEECAAD1FC3F52DB1D81794414A7635C16BA59B458CBDB709D0C428ACBED4C301E317AA2D37E632C6473FA1826D7415EA693E1E162BBAC870EB1DBE3D9973F5F40D5057D3D34E9396C9A9682D42E89A6C1EFDEA43D32E72B21C0FEEA29B19BF317D5974617802D1F21D557FCF4D3348AE7500ED04567F9F5FE84FD42FEE5CEF6D067791B91D14B30E0224F5A804F8FF33A764E2217C6DB56BB53CD5B6393AF82572447D3A67899A5DED446E28AA9F27CA62EF115BD4BF524194A8A39F1D0AC816625C2B1A2CC1564AD876F511B6720FFE8A9C9A3BF6B9FA909E91F3CD79263D5D4E1A47E31CDEF54E64EC13E2B005FA1C20108F348A1E82322A925D7D8FBA101A9BBA2B9B9A7A5C265BC2A49842D8099BB7FE3A6FD579228A21A8818BFEA6632C97C4EB56B52EEA660FA067975AB52901EED38C1EB1D1D309999DFF78E7200BACE0322E1DE7B4D2D08F88142642AE5458EA2DB6FA5D3C46B7143CF6D6EF8446DEE58E4B83A2AA04EF9CACF17961323EC72C360AF66FAA7FBDC93F8626CBCD8C7EBBC3F3502228AAD23BBE4F1E90D193032C451CE2D0A7517DBC4541ABDEB2AC1D95056FDEAD2E7373587C7AF7412DAC99AE83E108BD075BCCD37F5D8F99D971B571584833DBC08BA4E0AE26E7858BB160ED65C5FF3A9BB4A31265DAD34FBB4636BB3EB5F6BFA684133909BC2145C4DDF76B06DFDD85CA1F804EE623BFDE98010258EB07A3F7F2D93D2ED0655B70F8957E0ED5BEEF359FBFD281419D667654B1F09AEA9BBAC089A341C59C46F68EF4E0DAFCF0C3A0EE12D8C7AD9B694D3BA548384890C0B10BF08A8EB5D21342710FF265D64CF7399931D9B169A39AE6217AB804C2A289A9BDE181141B71691FFDFD81309D1B2CAB1123A6411FC8181983AE20
Plaintext:
The third version of the encrypted data vault is a device that is capable of encrypting your notes, calculating hashes for your notes, verifying if the note was modified or forged (by comparing hashes), generating random strings in both ASCII and hexadecimal formats. In some sense, this device resembles my previous project. In some sense, it's a branch of that project. Anyway, with all of its flaws and inconveniences, it can protect your notes from unauthorized access by encrypting them with one of the seven available encryption algorithms, two of which (AES-192 + Serpent + AES-192 in counter mode & AES-256 + Serpent + AES-256 in counter mode) aren't just secure, but insanely secure! You can also set a master password and initialization vector to make your notes indecipherable even if the adversary gets physical access to the device.
Install ESP32 Filesystem Uploader
The primary purpose of the ESP32 Filesystem Uploader is to let you upload files into ESP's filesystem. In this tutorial, the purpose of this tool is to upload an empty SPIFFS image into ESP.
Download the file called ESP32FS-1.0.zip from here: https://github.com/me-no-dev/arduino-esp32fs-plugin/releases/
then extract the content of the archive into the folder: ...\Arduino\Tools\
After that, restart the Arduino IDE.
Upload an Empty SPIFFS Image Into ESP
Click Tools -> ESP32 Sketch Data Upload. Then click Yes in the pop-up window. It's going to upload an empty SPIFFS image into the ESP. I have no rational explanation for that, but after that step, the file system finally begins to work as it's intended to.
Save Record Into Built-In Memory
To save a record:
1) Open the Serial Monitor;
2) Set the baud rate to 115200;
3) Enter 17 into the text field, and press send;
4) Enter the filename into the text field, and press send;
5) Enter the content of the file into the text field, and press send;
I've created four files:
Description
Required components
Encryption algorithms
Conclusion
Load Record From Built-In Memory
To load a record:
1) Open the Serial Monitor;
2) Set the baud rate to 115200;
3) Enter 18 into the text field, and press send;
4) Enter the filename into the text field, and press send;
I've extracted the content of the file called Description.
The file content is displayed in the Serial Monitor.
File content:
E58B4438808628969592A25AC0B1F30A4AF8C1AC16625EF6A26AE9B8510A766A89141C780152DA10AF8F6B09EC32ECE504472FFB2A6C71A833123E156C5BB84A9B90A711AA0D87EE03F8C14675EAB0743E9248CC7CABE7EC07B7423095AED099F3BE9B40F710EB7E7F022815114B6FD67B1BF67CC26D0EF39046A5553659CB54B1585B69A9ED148306A1A71E2645740B041BA341B0CB17D4D0414C9DA2B01616AFA045300142F7C032AF25F8717D3FE1664FF846B09E329879AF6E9FE99478830540486F50F4A29405C19209DEE686DE
Decrypted note:
The third version of the encrypted data vault is a device that is capable of encrypting your notes.
Remove Record From Built-In Memory
To remove a record:
1) Open the Serial Monitor;
2) Set the baud rate to 115200;
3) Enter 19 into the text field, and press send;
4) Enter the filename into the text field, and press send;
I removed the file called Encryption algorithms.
List All Stored Records
Filenames displayed with the slash / before them. That means that the file is stored in the root directory. When you enter the filename, you don't need to enter a slash indicating the root directory.
All stored files are displayed in both Serial Monitor and VGA monitor.
To list all stored records:
1) Open the Serial Monitor;
2) Set the baud rate to 115200;
3) Enter 20 into the text field, and press send;
Find a Good Use for This Device
In some sense, this device resembles my previous project. In some sense, it's a branch of that project. Anyway, with all of its flaws and inconveniences, it can protect your notes from unauthorized access by encrypting them with one of the seven available encryption algorithms, two of which (AES-192 + Serpent + AES-192 in counter mode & AES-256 + Serpent + AES-256 in counter mode) aren't just secure, but insanely secure! You can also set a master password and initialization vector to make your notes indecipherable even if the adversary gets physical access to the device.
One of the other advantages of this device is cost. Even if you don't have an old VGA monitor, you can easily find a used one for under 30 USD. ESP32 will cost you 15 USD at worst, and if you're willing to wait a couple of weeks, you can get it for roughly 8 USD. In the worst possible case, this device will cost you around 45 USD, but if you have an old VGA monitor and you're willing to wait for the ESP to arrive from Shanghai, the whole thing will cost you around 8 USD.
If you like this tutorial, please share it.
Thank you for reading this tutorial.