Basic PGP encryption/decryption and keys management

been asked to use pgp to encrypt files before upload them unto remote SFTP server.
So I worte this as a quick reference and notes.
here are some basic pgp commands to get you start to encrypt your files, emails and disk drive.

You can go GPG4Win and download GPG program

1. generate keys

gpg –gen-key

as you can see from the following content, I generate a key “pgptester”
the program will also ask you to provide passphrase password key

C:\Users\chako>gpg --gen-key
gpg (GnuPG) 2.0.30; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: pgptester
Email address: pgptester@gmail.com
Comment:
You selected this USER-ID:
    "pgptester <pgptester@gmail.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 5AE84DCA marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: public key of ultimately trusted key 0B40244A not found
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   3  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 3u
pub   2048R/5AE84DCA 2017-11-21
      Key fingerprint = 18C3 8B89 E9B8 7E08 F588  38A1 D86D C5CD 5AE8 4DCA
uid       [ultimate] pgptester <pgptester@gmail.com>
sub   2048R/B0EC6DC0 2017-11-21


C:\Users\chako>

2. List keys

gpg –list-keys

our new keys are list in the table “pgptester”
and “5AE84DCA” is our new public key. We can use the public key to encrypt files and
use private key to decrypt files.

C:\Users\chako>gpg --list-keys
C:/Users/chako/AppData/Roaming/gnupg/pubring.gpg
------------------------------------------------
pub   2048R/27D8D2AE 2017-11-15
uid       [ultimate] xttest <xttest@gmail.com>
sub   2048R/D5CD2620 2017-11-15

pub   2048R/6EC98110 2017-11-15
uid       [ unknown] pgptest@gmail.com

pub   2048R/5AE84DCA 2017-11-21
uid       [ultimate] pgptester <pgptester@gmail.com>
sub   2048R/B0EC6DC0 2017-11-21


C:\Users\chako>

3. encrypt files

# the long version
gpg –encrypt –recipient ‘Your Name’ foo.txt

# using terse options
gpg -e -r Name file.txt

gpg –batch –yes -e -r “public key” –always-trust “file path”

you can see after we encrypt “test_pic.jpg”, the program will create a encrypted file called “test_pic.jpg.gpg”

D:\>dir
 Volume in drive D has no label.
 Volume Serial Number is E0FD-4810

 Directory of D:\

11/19/2017  09:49 PM           108,611 test_pic.jpg
               1 File(s)        108,611 bytes
               0 Dir(s)      90,058,752 bytes free

D:\>gpg --batch --yes -e -r 5AE84DCA --always-trust test_pic.jpg

D:\>dir
 Volume in drive D has no label.
 Volume Serial Number is E0FD-4810

 Directory of D:\

11/19/2017  09:49 PM           108,611 test_pic.jpg
11/20/2017  10:52 PM           108,515 test_pic.jpg.gpg
               2 File(s)        217,126 bytes
               0 Dir(s)      89,948,160 bytes free

D:\>

4. decrypt files

gpg –output decrypted_pic.jpg –decrypt test_pic.jpg.gpg

We have to use private key top decrypt the files and after the decryption we get our test_pic.jpg back. 🙂

D:\>dir
 Volume in drive D has no label.
 Volume Serial Number is E0FD-4810

 Directory of D:\

11/20/2017  10:52 PM           108,515 test_pic.jpg.gpg
               1 File(s)        108,515 bytes
               0 Dir(s)      90,058,752 bytes free

D:\>gpg --output decrypted_pic.jpg --decrypt test_pic.jpg.gpg

You need a passphrase to unlock the secret key for
user: "pgptester <pgptester@gmail.com>"
2048-bit RSA key, ID B0EC6DC0, created 2017-11-21 (main key ID 5AE84DCA)

gpg: encrypted with 2048-bit RSA key, ID B0EC6DC0, created 2017-11-21
      "pgptester <pgptester@gmail.com>"

D:\>dir
 Volume in drive D has no label.
 Volume Serial Number is E0FD-4810

 Directory of D:\

11/20/2017  10:55 PM           108,611 decrypted_pic.jpg
11/20/2017  10:52 PM           108,515 test_pic.jpg.gpg
               2 File(s)        217,126 bytes
               0 Dir(s)      89,948,160 bytes free

D:\>

5. other management

list key

gpg –list-keys

delete key

gpg –delete-key ‘myfriend@his.isp.com’

D:\>gpg --delete-key pgptest@gmail.com
gpg (GnuPG) 2.0.30; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub  2048R/6EC98110 2017-11-15 pgptest@gmail.com

Delete this key from the keyring? (y/N) y

D:\>

import key

gpg –import key.asc

D:\>gpg --import testkey.asc
gpg: key 6EC98110: public key "pgptest@gmail.com" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

D:\>

export keys

gpg –export-secret-keys -a keyid > my_private_key.asc
gpg –export -a keyid > my_public_key.asc

gpg –export -a 5AE84DCA > pub.asc

GnuPG Data Location
C:\Users\{Your User Name}\AppData\Roaming\GnuPG

[Project] Small temporarily office network Part 3

[Tool] Change TP-LINK AC750 SMB User Password Without login to Admin page

This project is base on my previous project [Project] Small temporarily office network Part 2
I spend some time and create this tool which allows normal none-tech users can just run the program and change the smb user password easily.

First I have to analyst the login process and things ..etc

this is what i got from wireshark, the router use cookie as an authorization identity
# YWRtaW46YWRtaW42MjM0IQ== –> admin:admin6234!
# the router check cookie value to auth :/ and “admin6234!” is my pre-set password

ac750

Convert my python script into .exe executable file

1 Download  https://bootstrap.pypa.io/get-pip.py and run it. so it will install pip for you
2. install pyinstaller   ---> open cmd and type:  pip install pyinstaller
3. change to pyinstaller folder   ---> cd C:\Python27\Scripts
4. convert file with custom icon  -> pyinstaller --onefile --icon=my.ico --clean C:\Python27\update.py

Result:


----------------------------------------
[1]. Change Document Password
[2]. Change Audio Password
----------------------------------------



Please Enter Your Choice: 2



Audio new password ==>  h4Mzit2i6u




[*] Connecting to Default Gateway: 192.168.0.1
[*] Successfully Connected..
[*] Request has been sent!

Press close to Exit

🙂



#!/usr/bin/python

##################################
#   2017/6/29  Chako
#
#   Description: allow users to change router's smb passwd 
#                without login to router's admin page
#   
#    Router Model: TP-LINK AC750 Wireless Dual Band Gigabit Router
#    Model No. Archer C2
#
##################################
 
 
import socket
import os
import sys
import string
import random

Host = "192.168.0.1"
Port = 80
PasswordSize = 10
Password = ""
Account  = ""
Chars = string.letters + string.digits


print "\n\n"
print "----------------------------------------"
print "[1]. Chnage Document Password"
print "[2]. Chnage Audio Password"
print "----------------------------------------"
print "\n\n" 
 

var = raw_input("Please Enter Your Choice: ")
print "\n\n"

if var == "1":
    Password = "".join((random.choice(Chars)) for x in range(PasswordSize))
    Account = "2"
    print "Document new password ==>  " + Password
    print "\n\n\n"
elif var == "2":
    Password = "".join((random.choice(Chars)) for x in range(PasswordSize))
    Account = "3"
    print "Audio new password ==>  " + Password
    print "\n\n\n"


# YWRtaW46YWRtaW42MjM0IQ==    <base64> --> admin:admin6234!
# the router check cookie value to auth :/   and "admin6234!" is my pre-set password
request = "POST /cgi?2 HTTP/1.1\r\n"
request += "Host: " + Host + "\r\n"
request += "User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0\r\n"
request += "Accept: */*\r\n"
request += "Accept-Language: en-US,en;q=0.5\r\n"
request += "Accept-Encoding: gzip, deflate\r\n"
request += "Referer: http://" + Host + "/mainFrame.htm \r\n"
request += "Content-Type: text/plain\r\n"
request += "Content-Length: 70\r\n"
request += "Cookie: Authorization=Basic YWRtaW46YWRtaW42MjM0IQ==\r\n"
request += "Connection: keep-alive\r\n\r\n"
request += "[USER_ACCOUNT#" + Account + ",0,0,0,0,0#0,0,0,0,0,0]0,1\r\n"
request += "password=" + Password + "\r\n"
#print request+"\n\n\n"

 
print "[*] Connecting to Default Gateway: " + Host


 
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 
 
try:
    connect=s.connect((Host, Port))
    print "[*] Successfully Connected.."
except:
    print "[!] " + Host + " didn't respond\n"
    sys.exit(0)
 
 

s.send(request + "\r\n\r\n")
print "[*] Request has been sent!\n"
s.close()


k=input("Press close to Exit") 


🙂

—————————————————————————————-

UPDATE: 2017/6/29
add function let allow users to change network connection password

network_ac750

UPDATE: 2017/6/30
Was trying to use Python + Qt to create GUI however it has some compatible problem when I was trying to
convert .py to .exe. so i end up just build whole thing again in vb.net

Result:
vbupdate



#!/usr/bin/python

#!/usr/bin/python

##################################
#   2017/6/29  Chako
#
#   Description: allow users to change router's smb passwd 
#                without login to router's admin page
#   
#    Router Model: TP-LINK AC750 Wireless Dual Band Gigabit Router
#    Model No. Archer C2
#
##################################
 
 
import socket
import os
import sys
import string
import random

Host = "192.168.0.1"
Port = 80
PasswordSize = 10
Password = ""
Account  = ""
Network  = ""
Chars = string.letters + string.digits


print "\n\n"
print "----------------------------------------"
print "[1]. Change Document Password"
print "[2]. Change Audio Password"
print "[3]. Change Network Password (Network2.4G)"
print "[4]. Change Network Password (Network5G)"
print "----------------------------------------"
print "\n\n" 
 

var = raw_input("Please Enter Your Choice: ")
print "\n\n"

if var == "1":
    Password = "".join((random.choice(Chars)) for x in range(PasswordSize))
    Account = "2"
    print "Document new password ==>  " + Password
    print "\n\n\n"
elif var == "2":
    Password = "".join((random.choice(Chars)) for x in range(PasswordSize))
    Account = "3"
    print "Audio new password ==>  " + Password
    print "\n\n\n"
elif var == "3":
    Password = "".join((random.choice(Chars)) for x in range(PasswordSize))
    Network = "1"
    print "Network (Network2.4G) new password ==>  " + Password
    print "\n\n\n"
elif var == "4":
    Password = "".join((random.choice(Chars)) for x in range(PasswordSize))
    Network = "2"
    print "Network (Network5G) new password ==>  " + Password
    print "\n\n\n"



# YWRtaW46YWRtaW42MjM0IQ==    <base64> --> admin:admin6234!
# the router check cookie value to auth :/   and "admin6234!" is my pre-set password
if var == "1" or var == "2":
    request = "POST /cgi?2 HTTP/1.1\r\n"
    request += "Host: " + Host + "\r\n"
    request += "User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0\r\n"
    request += "Accept: */*\r\n"
    request += "Accept-Language: en-US,en;q=0.5\r\n"
    request += "Accept-Encoding: gzip, deflate\r\n"
    request += "Referer: http://" + Host + "/mainFrame.htm \r\n"
    request += "Content-Type: text/plain\r\n"
    request += "Content-Length: 70\r\n"
    request += "Cookie: Authorization=Basic YWRtaW46YWRtaW42MjM0IQ==\r\n"
    request += "Connection: keep-alive\r\n\r\n"
    request += "[USER_ACCOUNT#" + Account + ",0,0,0,0,0#0,0,0,0,0,0]0,1\r\n"
    request += "password=" + Password + "\r\n"
elif var == "3" or var == "4":
    request = "POST /cgi?2 HTTP/1.1\r\n"
    request += "Host: " + Host + "\r\n"
    request += "User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0\r\n"
    request += "Accept: */*\r\n"
    request += "Accept-Language: en-US,en;q=0.5\r\n"
    request += "Accept-Encoding: gzip, deflate\r\n"
    request += "Referer: http://" + Host + "/mainFrame.htm \r\n"
    request += "Content-Type: text/plain\r\n"
    request += "Content-Length: 197\r\n"
    request += "Cookie: Authorization=Basic YWRtaW46YWRtaW42MjM0IQ==\r\n"
    request += "Connection: keep-alive\r\n\r\n"
    request += "[LAN_WLAN#1," + Network + ",0,0,0,0#0,0,0,0,0,0]0,5\r\n"
    request += "BeaconType=11i\r\n"
    request += "IEEE11iAuthenticationMode=PSKAuthentication\r\n"
    request += "IEEE11iEncryptionModes=AESEncryption\r\n"
    request += "X_TP_PreSharedKey=" + Password + "\r\n"
    request += "X_TP_GroupKeyUpdateInterval=0\r\n"
	
#print request+"\n\n\n"

 
print "[*] Connecting to Default Gateway: " + Host


 
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 
 
try:
    connect=s.connect((Host, Port))
    print "[*] Successfully Connected.."
except:
    print "[!] " + Host + " didn't respond\n"
    sys.exit(0)
 
 

s.send(request + "\r\n\r\n")
print "[*] Request has been sent!\n"
s.close()


end=raw_input("Press Close to Exit") 
print "\n\n"

[Project] Small temporarily office network Part 2

In [Project] Small temporarily office network Part 1 I try to use old computer
to create a temp office LAN network. But after implement the change to real computer. I just realized that the old computer is super slow.
Thanks to new technology, I decided to use router(TP-LINK Archer C2 AC750 Dual Band Wireless AC Gigabit 1 USB Port Router).
This router can achieve 90% of the functions I need. multiple user account with multiple folders have different permission for different users.

The benefit to use this router is it is fast and small. XD I can upload file for 7~ 10 Mb/sec. And it is just an ordinary router size. 🙂

I only need to create LAN chat messenger and tool for automatic changing router password.

LAN chat messenger is done but I would like to add new function so it can allow user to use voice chat. 🙂