Privacy @lemmy.ml MigratingtoLemmy @lemmy.world 6mo ago

How to randomly pad files before encryption to prevent file fingerprinting?

Hi, I was planning to encrypt my files with GPG for safety before uploading them to the cloud. However, from what I understand GPG doesn't pad files/do much to prevent file fingerprinting. I was looking around for a way to reliably pad files and encrypt metadata for them but couldn't find anything. Haven't found any recommendations on the privacyguides website either. Any help would be appreciated!

Thanks

24 comments

Just use rclone. It does this natively.
- Can you point to where such a capability is mentioned in the documentation? I'm using rclone right now
  
  Here
  
  I recommend making a giant tarball and encrypting that with gpg and then encrypting again with rclone.
Yes GPG should add appropriate padding (random initialization vector) to not reveal whether two ciphertexts have the same plaintext. It makes no real attempt to conceal that the two plaintexts have the same length. If you want that, best bet is to make all ciphertexts the same length, by padding plaintexts out to 1MB or whatever, and turning off compression. Actually you might first check the manual to see if there is already an option for that. There are a lot, and I no longer keep track.

Cryptographer's saying (Silvio Micali, I think): "A good disguise does not reveal the person's height". So you are on the right track.
- I also have media and other binary blobs which I'd like to archive in an encrypted fashion, will GPG suffice? ChatGPT mentioned OpenSSL for this but I'm not sure where that's taking me.
  
  Openssl really isn't the right thing for that. GPG is fine for individual files if you don't mind leaking the approximate length. You may be better off with borg backup depending on your exact use case.
Any encryption worth being called that randomises itself such that the same file, encrypted twice with the same key, produces completely different ecrypted versions.

To put it another way, if similarities in files could be detected despite their encryption, then the encryption would be worthless.

https://en.m.wikipedia.org/wiki/Ciphertext_indistinguishability
You could use Duplicati. I'm not sure if it does padding but it simplifies encryption and prevents corruption.
Sounds like you want a proper backup solution. Take a look at borg backup, a tool that supports encrypted, deduplicated, compressed, incremental backups. You can even directly save to your cloud via protocols such as ssh, s3, etc.
Have you considered cryfs?
- I have thought of it, but it doesn't seem as portable to me as just rclone. I don't like installing Cryptomator either.
check out PicoCrypt
If there are really no good padding tools I'll probably start a new git repo and write one, would be a pretty handy CLI tool

24 comments