Saturday, 28 September 2013

Sending encrypted (7z AES-256) files to/from your Dropbox

Protecting your important files that you still want to have easily accessible on Dropbox can be done in multiple ways. There are quite some services out there that offer encryption on top of the existing Dropbox service, but most of them require installing additional software, or have some kind of limitations while using them on multiple OS/devices.
However using an open source utility souch as 7-zip enables you to do it a bit more multi OS capable, for no financial fee at all. It does however require you to utilise a set of scripts, which can be used for sending (encrypting) files to Dropbox and decrypting them when you want to access their content.

The article here by Anil Avadhani, describes how to create a set of scripts to utilise the above premisis - sending/encrypting and receiving/decrypting files on your Dropbox. It is focused on Windows OS (windows 7 to be precise), but with little shell scripting knowledge you can do the same on many varieties of GNU/Linux or BSD* OSs, probably also on Macs (I am not an expert on the latter). There are also utillities available for Android (I use ZArchiver) and iPhone that enable you to open files encrypted in such manner, so even if you are trying to access them via your mobile device you should be still able to do it.

What I have done here is changed a little bit of the scripts by Anil Avadhani, since his implementation uses password stored in plaintext inside the script itself, which is not up to my liking.

So I have created two simple scripts, one in PowerShell and one (a lot simpler) in WScript. You can utilise them by simple changing Anil's scripts in the following manner.
Anils original scripts (.bat files) conaint the following lines:
REM Set default password for encryption
SET keyphrase=Enter_Your_Password_Here_Using_Alphabets_And_Digits_Only

just change that to (add REM in front of the SET keyphrase=... line):
REM Set default password for encryption
REM SET keyphrase=Enter_Your_Password_Here_Using_Alphabets_And_Digits_Only

and add the following lines after it (uncommend - remove REM in front of the code you would like to use - WSCript - if you lack PowerShell or leave as it is to use PowerShell):
REM If your computer does not have PowerShell installed or if your execution policy is too restrictive use
REM the following VBS script, (less secure)
REM Read vbs script output and store it into a variable
REM for /f "tokens=*" %%i in ('cscript //nologo %~dp0Read_Pass.vbs') do set keyphrase=%%i
REM for computers with PowerShell use the following line
for /f "tokens=*" %%i in ('powershell -ExecutionPolicy Bypass -File %~dp0Read_Pass.ps1') do set keyphrase=%%i

You will of course need to add the two files to the same directory you have created Anils .bat files in. In my case I just put everything on the Dropbox folder and that way I don't have to recreate scripts on each computer I use them on, I just have to add the shortcuts to them to the "Send to" menu. Anils blog discribes the method on how to do it on Vista/Windows 7. To find the Send To folder on windows 8 just paste the following command into the run dialog:

Here are the actual code for the PowerShell part (just copy/paste-it into a new file with a .ps1 extension):
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing") 
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") 
$objForm = New-Object System.Windows.Forms.Form
$objForm.Text = "Enter Password"
$objForm.Size = New-Object System.Drawing.Size(280,150)  #the size in px of the window length, height
$objForm.StartPosition = "CenterScreen" #loads the window in the center of the screen

$MaskedTextBox1 = New-Object System.Windows.Forms.MaskedTextBox
$MaskedTextBox1.PasswordChar = '*'
$MaskedTextBox1.Top = 40
$MaskedTextBox1.Left = 20

$MaskedTextBox2 = New-Object System.Windows.Forms.MaskedTextBox
$MaskedTextBox2.PasswordChar = '*'
$MaskedTextBox2.Top = 60
$MaskedTextBox2.Left = 20

$objForm.KeyPreview = $True
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Enter") 
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Escape") 

$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(15,85)
$OKButton.Size = New-Object System.Drawing.Size(75,23)
$OKButton.Text = "OK"

$CancelButton = New-Object System.Windows.Forms.Button
$CancelButton.Location = New-Object System.Drawing.Size(90,85)
$CancelButton.Size = New-Object System.Drawing.Size(75,23)
$CancelButton.Text = "Cancel"

$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(5,10) 
$objLabel.Size = New-Object System.Drawing.Size(250,30) 
$objLabel.Text = "Please enter the password into both fields and press OK to continue:"

$objForm.Topmost = $True

function SubmitPWD {
if ($MaskedTextBox1.Text -eq $MaskedTextBox2.Text)
Write-Host $MaskedTextBox1.Text
} else {
$objLabel.Font = New-Object System.Drawing.Font("Verdana",10)
$objLabel.BackColor = [System.Drawing.Color]::Red
$objLabel.Text = "Password entry mismatch, please reenter passwords:"
$MaskedTextBox1.Text = ""
$MaskedTextBox2.Text = ""
$OKButton.Text = "Retry"

[void] $objForm.ShowDialog()

and for the WScript it is a bit simpler, just a couple of lines:
' Read_Pass.vbs
' Read password (input string) and echo it to console
' Sadly does not have any kind of text hashing without using external dll files
' you can improve it by using dll from:
UserInput = InputBox( "Please enter the password (alphanumeric only): ", "Send to/from 7z AES/Dropbox PWD" )
WScript.Echo UserInput

And that should be it. If you find it usefull drop me a note. Big thanks to mr. Anil Avadhani for thinking of it and writing the instructions for the whole process in the first place.

Have fun...

No comments: