Encryption - 2langnic/GlobaLeaks GitHub Wiki

In the GlobaLeaks Project's software we use several encryption functionalities to safeguard the integrity of the data being submitted by the Whistleblower and the security of the application. In this page we summarize all of the current "encryption use" of GlobaLeaks along with future plans.

Encryption features

Below the encryption features currently being used in GlobaLeaks.

PGP File Encryption

Files uploaded by the Whistleblower are encrypted with the PGP key of the Receivers. The files are encrypted individually, only with each single Receiver PGP key, in order to avoid PGP-Key-Id leak and asynchronously in order to avoid kind of resource exhaustion attack.

Configurable File Encryption Policy

GlobaLeaks provide a file encryption policy that, by default, does not allow a whistleblower to apply for a submission to a Receiver that doesn't have properly configured it's own PGP public key. However it's possible to disable such strict policy with advanced settings "Enable insecure configuration without PGP encryption.", but in that case all the users (whistleblower, admin, receivers) will be notified of this condition.

AES File Encryption

Files being uploaded are encrypted with a temporary, symmetric AES-key in order to avoid writing any kind of unencrypted file's data chunk to disk. The encryption is done in "streaming" by using AES 128bit in CTR mode. The key files are stored temporarily to /dev/shm/ (ramdisk) and are unique for each file being uploaded. That way the file can be later processed for the PGP encryption, being resilient also if globaleaks application get restarted (due to a software upgrade).

PGP Email Encryption

All email notifications sent to the Receivers are by default encrypted with PGP.

Password Encryption

All the passwords of Receivers and Admin being stored to the database are hashed using scrypt as described in the Password Storage section of the Application Security Design and Details document.

UUIDv4 Randomness

All the Tip and Files are identified by a UUIDv4. The generation of UUIDv4 generation is enforced trough the use of os.urandom .

TLS for SMTP Notification

All of the notification are sent trough SMTP over TLS encrypted channel by using SMTP/TLS or SMTPS, depending on the configuration.

Encryption Libraries

We currently use the following encryption libraries for various means:

• PyOpenSSL
• Python-Cryptography
• Python-GnuPG
• Py-scrypt

Future Encryption Improvements

We plan to further improve the use of data encryption in globaleaks during our future developments that are reported below.

Client Side OpenPGP.js Encryption

We want to integrated support for PGP encryption directly into the Browser as a way to further improve the security but especially to reduce the complexity of use of PGP. We plan to use OpenPGP.js and that's going to be a major implementation. Here the Draft Security Model for the client-side encryption, to be done in a multi-step, configurable security model.

Remove GnuPG in place of pure python OpenPGP stack

We want to switch to a pure python implementation of OpenPGP (server-side) in order to reduce the dependencies and to further improve the security of our apparmor sandbox . We are discussing to use OpenPGP-Python ported on Cryptography in place of Python-GnuPG.

Disk Encryption

We want to integrate Linux's LuKS disk encryption in order to have protection of all the data in /var/globaleaks/ .

Entropy Improvements

We want to improve the entropy by using Havege Algorithm

Swap Encryption

We want to Encrypt the Swap automatically in order to further reduce possible attacks caused by memory pressure