What is deniable encryption, and what is it used for?
Deniable cryptography describes encryption methods, enabling to use plausible denial of existing encrypted messages, which means there is no way to prove the existence of data in the plain text.
In many countries worldwide (for example, in the UK or the US) you may be jailed or face legal issues for refusing to provide your password as required by law enforcement agencies, even if you are not suspected of any law violations.
Moreover, if a powerful group of people (government, a gang of bandits) have a suspicion that you store the necessary information on your laptop (confidential papers, bitcoin wallet), come to you for a search or robbery and find an encrypted file, they most likely will not analyze it for potential vulnerabilities, but will simply torture you until you tell them the password.
FractalCrypt permits an encrypted file with an arbitrary number of keys. If any set of men ask you for a password, and you say that there is no information in the encrypted container or you have forgotten the password, it is far more likely that they will not believe you. Whereas, using FractalCrypt you can safely give away the keys to unclassified volumes, and there is no way to prove that there are actually more volumes than you have disclosed.
In addition, a file encrypted in such a way, unlike, let us say, a cryptocontainer on an unallocated drive space, can be transferred over the Internet, copied to a USB stick, etc.
How does FractalCrypt work?
First, it creates a cryptocontainer of a user-specified size, filled with random characters. To create the first volume, the program archives the user-specified files to the beginning of the cryptocontainer and encrypts it using the first key. Thus, knowing the first key, you can access the first-layer files and the rest of the cryptocontainer.
To create the second volume, the program will archive the files in the rest of the cryptocontainer and encrypt it with the second key; So, the first key is also needed to create or access data from the second volume.
The capability of plausible deniability is that the encrypted file is indistinguishable from noise; There is no way you can find out the amount of data stored in the cryptocontainer.
How to use FractalCrypt?
In order to get N-layer files, the user must enter N passwords.
To add a new layer (also referred to as a volume) without risk (i.e., overwriting the noise), you should enter all the keys; otherwise, if you enter only a part of the keys, the new layer will be written over the encrypted data.
The user can also delete a layer, in this case it is overwritten with noise; All layers over it are removed as well, so only the top layer can be safely removed.
Screenshots
Show
Startup window
Creating new container
Main window. Two passwords are entered, so it is possible to get the files of the second volume or create a third one
Archive creation window
Technical details
AES-256 is used for encryption in XTS mode. PBKDF2 is used to generate a key (10k iterations) and an initialization vector (25k iterations).
Each layer, when decrypted, has the following header:
8 bytes - "fractal" c-string signature (null-terminated)
8 bytes - the length of the subsequent zip archive in big endian, aligned to 16 bytes
Contributing
PRs and contributions are welcomed. If you have a contribution in mind, please check out the Contribution Guide for information on how to do so.
Building from sources
FractalCrypt uses the Qt framework (downloading from the official site requires registration), the OpenSSL library for encryption, and the QuaZip library for creation and processing ZIP archives.
QuaZip is a wrapper over the Gilles Vollant's Minizip package (according to the license terms, we inform that the files of these libraries have been changed in our project) which uses the zlib library.
Windows
For Windows, zlib comes with Qt.
You should individually download and install only OpenSSL, for instance, by following the link.
OpenSSL is supposed to be available at C:\OpenSSL-Win64, you can change this in your file FractalCrypt.pro.
By default, Qt will try to link OpenSSL dynamically, in this case you may need the file C:\OpenSSL-Win64\bin\libcrypto-1_1-x64.dll in the directory with executable file.
Linux
You should individually install the zlib and openssl libraries if they are not included in your distro.
On apt-based systems, this can be done with the following commands:
sudo apt-get install zlib1g-dev libssl-dev
How to build FractalCrypt without Qt Creator:
- Install Qt libs
sudo apt-get install qt5-default qt5-qmake qtbase5-dev-tools qtchooser libqt5core5a qtbase-abi-5-12-8
- Clone this repo
git clone https://github.com/zorggish/FractalCryptGUI.git
cd FractalCryptGUI
- Build and run the project
qmake -project
qmake FractalCrypt.pro
make
./FractalCrypt