Skip to content

skye-cyber/CryptoSharePKI

BranchesTags

Repository files navigation

Dynamic PKI-Enabled File Encryption System

Overview

This project implements:

  1. PKI -> Public Key infrastructure
  2. PKI-enabled file encryption and decryption system with automated directory monitoring and file sharing capabilities. The system is designed to facilitate secure file sharing, authentication, and encryption in a networked environment, using certificates issued by a Root CA and signed by an Intermediate CA.

Features

  1. PKI Framework:

    • Root CA initializes the chain of trust and generates Intermediate CA credentials.
    • Intermediate CA acts as the signing authority for host certificates.

  2. Host Certificates:

    • Hosts generate unique certificate signing requests (CSRs) and obtain signed certificates from the Intermediate CA.
    • Signed certificates are installed with the Intermediate CA and Root CA certificates to complete the chain of trust.
    • During this process a PKCS#12 (.p12) is created and stored in th userKit/host_certs dir, this certificates is to be imported to a browser to enable server access.

  3. File Encryption and Decryption:

    • Encrypts files dynamically using public keys from a shared public key store.
    • Decrypts encrypted files when accessed and re-encrypts them after closure.

  4. File Sharing:

    • Hosts can share files over the network using a lightweight file-sharing server.
    • Includes support for file downloads within the same network.
    • The server is protected behide the PKI framework such that only the certified entities can access it.
    • User can specify the file of folder to share in SharKit-conf.ini

Files and Structure

CryptoSharePKI
├── CryptoCA
│   ├── CA_CSR_server.py
│   ├── config.ini
│   ├── intermediate_ca
│   ├── IntermediateCA_self_monitor.py
│   ├── pki_certs
│   ├── root_ca
│   └── RootCA.py
├── docs
│   ├── auto_cert_gen_unix.png
│   ├── auto_cert_gen_win.png
│   ├── autRootcr_unix.png
│   ├── certficate_verified.png
│   ├── cert_gen_unix.png
│   ├── cert_info1.png
│   ├── cert_info2.png
│   ├── cert_info.png
│   ├── chromium_cert_import.png
│   ├── chromium_cert_request.png
│   ├── demo.mkv
│   ├── directWIN.png
│   ├── doc.txt
│   ├── evolution-PGP-public key.png
│   ├── File sharing _ Upload and Download.pdf
│   ├── firefox_cert_request.png
│   ├── gurnicon.png
│   ├── importer_unix.png
│   ├── import_unix_sucess.png
│   ├── PRIVIlege_windows.png
│   ├── README.docx
│   ├── root_ver_fail.png
│   ├── shared-dark.png
│   ├── share_files_dark.png
│   ├── share_files_light.png
│   ├── sm-create-namespaces.png
│   ├── trust_verify_true.png
│   ├── verifyCATrust_unix.png
│   ├── verify_seccess.png
│   └── win_privilges.png
├── gunicorn.conf.py
├── host_importer.py
├── installer.py
├── manage.py
├── README.md
├── requirements.txt
├── setup.py
├── ShareKit
│   ├── App
│   ├── device_info.py
│   ├── EFS.py
│   ├── ensure_admin.py
│   ├── __init__.py
│   ├── net_scanner.py
│   ├── read_config.py
│   ├── server_cert.py
│   └── sharekit-conf.ini
├── simulate.py
├── simulations
│   ├── cleanup_netns.sh
│   └── setup_netns.sh
├── tests
│   ├── AutoCertsGen.py
│   ├── host_cert_importer.py
│   ├── host_cert_monitor.py
│   ├── hosts.json
│   ├── opensslSetup.py
│   ├── [email protected]
│   └── scp_distribute_certificates.py
├── userKit
│   ├── AutoCertsGen.py
│   ├── config.ini
│   ├── export2p12.py
│   ├── hostCertMonitor.py
│   ├── host_certs
│   ├── opensslSetup.py
│   ├── PKI_colors.py
│   ├── requirements.txt
│   ├── src
│   └── verifyCATrust.py
└── utils
    ├── colors.py
    └── __init__.py

Project Description

  • TheuserKit directory contains user logic files.
  • TheCryptoCA directory contains all CA implementation files.
  • TheShareKit directory contains file sharing server implementation.
  • Theutils directory contains common dependency logic files.
  • Thesimulations directory contains Namespace simulation logic for linux environment, which simulates the file sharing between clients.
  • The manage.py implements simple CLI acess to all the project operation for: CA, User, && File sharing.

Setup Instructions

A.

clone The project.

git clone https://github.com/skye-cyber/CryptoSharePKI

B.

1. Root CA Setup

  1. Transfer the Root CA files to the server machine (Windows/Linux).

  2. Install the required libraries:

    python -m pip install -r requirements.txt

    or simply:

    pip install -r requirements.txt

    or sometimes on windows:

    py -m pip install -r requirements.txt

  3. Initialize the Root CA:

    python manage.py init

    or on linux:

    ./manage.py init

    This script generates the Root CA keys and sets up the Intermediate CA.

title

  1. Start the Intermediate CA server:
python manage.py server intermediate
  • This starts a PKI server where hosts/users can connect to obtain, sign, or update their certificates.

title

C.

2. Host/User Setup

Steps

  1. Transfer the host files to the user's computer.

  2. Install the required libraries:

    python -m pip install -r requirements.txt

    or simply:

    pip install -r requirements.txt

  3. Generate Certificates:

    python manage.py setup
    • This script generates the host's unique certificate and requests signing from the Intermediate CA.
    • The Intermediate CA:
      • Signs the certificate.
      • Provides its own certificate and that of the Root CA.
    • These certificates are installed locally, completing the chain of trust.

  4. Verify Certificates:

    • Once installed, the host verifies the authenticity of the Intermediate CA certificate.

image

D.

3. File Sharing

Steps

  1. Start the File Sharing Server:

    python manage.py share

  2. Configure the Server:

    • Open the .ini file in ShareKit and:
      • Set up folder-sharing options.
      • Define the download location.

  3. Access the File Sharing Server:

    • Members of the same network can:
      • Access the server using its IP address.
      • Download files directly.
      • Upload files to the host. THIS IS ONLY IF THEY CAN CORRECTLY AUTHENTICATE TO THE INTERMEDIATE AND ROOT CA

title

title

title

NOT YET COMPLETED |-->

Advanced Usage

File Encryption and Decryption

  1. Encrypt Files:

    • Automatically encrypts files in the monitored directory.
    • Uses the recipient's public key, fetched dynamically from the public key store.

  2. Decrypt Files:

    • Decrypts files when accessed, saving a temporary plaintext version.
    • Opens the decrypted file using the system's default application.
    • Re-encrypts the file after closure.

  3. File Monitoring:

    • Uses the watchdog library to monitor file creation and modification events.

Public Key Store

  • The public key store (PUBLIC_KEY_STORE) contains public keys for all machines in the network.
  • Public keys are named after their respective machine identities (e.g., machine_name.pem).

Directory Monitoring Setup

Configuration

Edit the following variables in the script as needed:

  • WATCHED_DIR:
    • Path to the monitored directory (e.g., /mnt/shared_folder or \\server_ip\shared_folder).
  • PUBLIC_KEY_STORE:
    • Path to the directory containing public keys.
  • PRIVATE_KEY_PATH:
    • Path to the host's private key file.
  • ENCRYPTED_EXTENSION:
    • File extension for encrypted files (default: .enc).

Run the Script

  1. Mount the shared folder:
    • Unix/Linux: 
      sudo mount -t cifs -o username=<username>,password=<password> //<server>/<shared_folder> /mnt/shared_folder
    • Windows: 
      net use X: \\<server>\<shared_folder> /user:<username> <password>
  2. Start monitoring: 
    python PKI_crypto.py monitor

Logging

Log File

  • All activities are logged in file_activity.log:
    • Encryption and decryption events.
    • Errors and warnings.

Sample Log Output

2024-11-23 14:10:00 - INFO - Watching directory: /mnt/shared_folder
2024-11-23 14:12:01 - INFO - File encrypted: /mnt/shared_folder/document.txt.enc
2024-11-23 14:14:45 - INFO - Decrypted file saved temporarily at /tmp/document.txt
2024-11-23 14:15:12 - INFO - Temporary file /tmp/document.txt deleted securely.
2024-11-23 14:15:13 - INFO - File encrypted: /mnt/shared_folder/document.txt.enc

|<--

Troubleshooting

SSL secure connection failure

Check server certificate

openssl s_client -connect <target server ip>:9001 -showcerts

title

File Not Encrypted

  • Ensure the file doesn't already have the .enc extension.
  • Verify the public key exists in the PUBLIC_KEY_STORE.

Certificate Issues

  • Verify the chain of trust by checking the Root CA and Intermediate CA certificates.
  • Ensure the Intermediate CA server is running and accessible.

Shared Folder Not Accessible

  • Check network connectivity and permissions.
  • Ensure the shared folder is mounted properly.

Future Improvements

  1. Key Management:

    • Automate updates to the public key store via an API or centralized server.

  2. Access Control:

    • Implement authentication for shared folder access.
    • Restrict decryption based on roles.

  3. File Integrity:

    • Add digital signatures to verify file authenticity before decryption.

  4. GUI:

    • Develop a graphical interface for easier management of encryption and file sharing.

  5. File Encryption

  • complete implementation of a robust and reliable encryption.

Contributors

  • [Wambua] – Project Lead

About

Public Key Infrastructure Implementation

Topics

pki ca public-private-key opensssl encrypted-file-sharing

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages