X-File standard

██╗ ██╗ ███████╗██╗██╗ ███████╗ ╚██╗██╔╝ ██╔════╝██║██║ ██╔════╝ ╚███╔╝ █████╗█████╗ ██║██║ █████╗ ██╔██╗ ╚════╝██╔══╝ ██║██║ ██╔══╝ ██╔╝ ██╗ ██║ ██║███████╗███████╗ ╚═╝ ╚═╝ ╚═╝ ╚═╝╚══════╝╚══════╝ === transparent standard for secure plain text === The safe and transparent way for sharing text documents between different parties, where part of the text is kept private. It is the digital equivalent of a FOIA request, with two specific goals: + lock and unlock your text with a key + verify that a text was not modified === Why do we need it? === The privacy of text documents is an "all or nothing" game. A document is either fully open plain text for anyone to read, or it is fully encrypted and you can't even get an idea of what is inside. X-Files bring the best of both worlds. Share the information from a text document and keep private the details that are only revealed to those with a key. This opens the way for: + Protecting sensitive data: emails, names, numbers + Sharing a document to public, releasing the key later + Making sure that your text is original and wasn't modifed Simplicity. Keep it simple for emails, forum boards, text files, web pages or anywhere that your text needs to be protected. === Syntax === Given a block of text, the encrypted portions of that text will be the ones enclosed on double parenthesis, for example: ((Acme Ltd)). That is the only thing you need for using this standard, below is an example of what to expect. === Text example === Lorem ((ipsum)) dolor sit ((amet)), consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud ((exercitation)) ullamco laboris nisi ut aliquip ex ea ((commodo consequat)). Duis aute irure dolor in reprehenderit in voluptate ((velit esse cillum dolore)) eu fugiat nulla pariatur. Excepteur sint ((occaecat cupidatat)) non proident, sunt in culpa qui ((officia deserunt)) mollit anim id est laborum. This text gets converted to: -------------------------------------- Lorem █████ dolor sit ████, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud ████████████ ullamco laboris nisi ut aliquip ex ea █████████████████. Duis aute irure dolor in reprehenderit in voluptate ████████████████████████ eu fugiat nulla pariatur. Excepteur sint ██████████████████ non proident, sunt in culpa qui ████████████████ mollit anim id est laborum. =x-file.xyz=hFz-UXQJcvRgpSmseYTTXuUg6dbNxhjFTNV7kW5PjzPsBzAg tFA9q0aqLPlPVhFwE4yyLl7I3AZkYIYeDhr2EaXH0h+oTYsCPt58nzGw4C2y EN7-5uhDTHKZPDhDv390B3SuOp8jenWtobYfqF9NNnPmyhmMpgk2NhFQZCZe xDl5o2ztLY860s0NUYlCfFfjUshtL7OtCqZVOLM6fKQLGqIbS+== -------------------------------------- Only those with a valid key are able to read the secret contents. === Downloads === A Java implementation is available to download and use. This includes the code that generates encrypted messages and a desktop tool for creating these messages. Ready to run: https://gitlab.com/x-file.xyz/java/raw/master/latest/x-file.jar Just double click and should open the UI tool. Source code: https://gitlab.com/x-file.xyz/java == Future implementations == Next release is a Javascript version for browsers, soon to be published. === Privacy levels (planned for the future) === The key and encryption algorithms are modifiable. This means a progression from a basic level of security all the way up to hard-mode. In the present time, only level 1 (basic) encryption is added by default until the format of message encryption is considered as stable. == Level 1: Basic == Using AES 128-bit as encryption algorithm, the password is possible to ommit. This is useful to keep sensitive information (e.g. an email address) difficult for bots to harvest when the content is open on the Internet. == Level 2: Medium == Uses AES 256-bit or a different algorithm for encryption. The password should not be easy to guess (e.g. contain a mix of numbers, letters, special chars and minimal size). == Level 3: Hard == Does not use AES as encryption algorithm, using an algorithm such as Camellia, Salsa20 or similar. The password uses the same rules as level 2, with an added verification of the chosen password against a database of passwords previously leaked to ensure originality. === Building an encoder === The body of the encrypted message is composed by two parts: + body + footer The body is the original text, except for the text portions within ((...)) that is converted to ███████ and this way obfuscate these portions as illustrated by government documents. Right after the body comes the footer. This footer contains an identifiable signature "=x-file.xyz=" that is followed by the encrypted portions of the text. The data structure of the footer is explained on the next section. This data structure is first encrypted with the algorithm (default is AES-128 bit with a default password). The default password is 16 time the char #, meaning: ################. When a key is provided that is smaller than 16 bit, the key portion is the last portion of the password. For example for a password 123456, the output will be ##########123456. When bigger than 16 chars, it is shortened from the beginning until the position 16 of the provided key. The resulting footer is then converted with the XXENCODE algorithm so that it uses only alphanumerical characters. This feature permits the footer to be posted without causing interference on different data mediums (web forum sites, email). The final signature of the footer is an "==" so that we can know where the encrypted portion of the text ends. This also serves as help for end-users to identify the end of text so that the message is copied in full. == Footer == Each data field on the footer is separated by a new line "\n" character. The first line is the SHA1 signature which starts with the text "sha1=" the rest of the text on this line is the signature itself. Each new line on this footer represents one of the texts that is censored. Using the same example of text, the footer before encryption and running through XXENCODE would be: sha1=9ac06a452bb23b4b4a101e4c9a9028f0992205db ipsum amet exercitation commodo consequat velit esse cillum dolore occaecat cupidatat officia deserunt This footer is then encrypted using the selected algorithm, by default is used the AES-128 bit. The encrypted result is then encoded using XXENCODE as mentioned on the previous section. === Contact === Questions and feedback are welcome. Drop an email to our group: incoming+x-file.xyz/java@gitlab.com === License === The applicable license is EUPL-1.2 for the tools and related content. Copyright (c) 2017 x-file.xyz