Author

Topic: [Open Source] Booknemonic - Convenience on digital signatures and encryption (Read 315 times)

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Major update:

Added command line interface.


In the future I'll add arguments to be ran from a command prompt. This is the first release of the cli. I think it'd be better if Booknemonic had its own console application, or even better, a very simple library. I haven't done this in the past, so it's a nice exercise. Source code is on Github: booknemonic/booknemonic-cli/

Release (binaries): booknemonic-cli.v0.1.zip (1.10MB)
SHA-1: AC4FB9FE510D067F759B1D36CE67263A38D83866




Code:
-----BEGIN SIGNED MESSAGE-----
I, BlackHatCoiner, published the v0.1 of Booknemonic-cli in 7th of March 2021.
SHA-1: AC4FB9FE510D067F759B1D36CE67263A38D83866
-----BEGIN SIGNATURE-----
advance concert visit awesome neglect fire dizzy club deny danger disease sign rebel donkey tone educate dumb desert mosquito happy crane jungle grit near
IAJiT0ICE6g/E4jb+watODST/N8rb+YqZwhWFgGeZ6+6NziCaCQxGS5araPT7rj/jBCLh4icw36HTIZZXN86evQ=
-----END SIGNED MESSAGE-----
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Version 1.0 is officially released.
  • Added option for contacts. This way, you can organize others' public words.
  • Worked on the UI.


Future changes:
  • Encrypted Messenger.
  • Having your own encrypted book. (For your personal notes)
  • Automatically show words on type instead of writing the entire word. (Just like on electrum)
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Major update:

I added option for file encryption/decryption with ECC. This is how it works:
  • Program converts the bytes of the file to base64 (plus the filename).
  • It compresses the base64 encoded string.
  • It encrypts the compressed string with ECDSA and saves it on a file with .encrypted extension. (of the same directory)

Unfortunately, asymmetric encryption isn't recommended for large amounts of data, because of the memory limit. Furthermore, it increases the size of the file. For example, it turns a 20MB video to 35MB. Decryption of course restores the previous size, but that's not the point.

Screenshot:

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Some minor updates about the version 0.2:
Code:
Bug fixed on "Import private words".
Design changed on some places to look better and more user-friendly.
Any useless spaces (like double spaces) that are submitted on textfields are skipped.
Added the english wordlist to be read from anyone that runs the program.

I'm searching of a way to implement autocomplete on textBoxes for more than just a word. I was trying to make it look like electrum, but internet has not helped me today.

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
It is mostly a clean code but the only "messed up" part is lack of tests, and tests aren't possible unless you decouple your UI and business logic. For example you can't write any tests for a simple method like this simply because it "depends" on UI.
I'm not sure that I understand what you're saying here. That I can't test on UI? How is business logic related?

To be clear Autarkysoft is the name of the organization (like Microsoft, Newtonsoft), Bitcoin is the name of the library and to avoid conflict we use both when referring to the name of a library meaning Autarkysoft.Bitcoin (like Microsoft.NET.Test.Sdk, Newtonsoft.Json).
Done, I changed it.

It's unbelievable that once I published the project, I immediately found vulnerabilities. I made these changes and updated the source code on github:
Code:
Removed unnecessary code.
Removed the string allEnglishWords, replaced it with BIP0039.GetAllWords(BIP0039.WordLists.English)
Disabled Maximize.
Set ReadOnly to true on the 2 textboxes that generate keys.

I thank Coding Enthusiast for helping me with allEnglishWords. Now that the program doesn't parse a string with 2048 words, it goes faster.
legendary
Activity: 1042
Merit: 2805
Bitcoin and C♯ Enthusiast
As I said, I'm a beginner on C#, so my code may be messed up. I would like to tell me if you think that I've done something wrong.
I opened an issue.
It is mostly a clean code but the only "messed up" part is lack of tests, and tests aren't possible unless you decouple your UI and business logic. For example you can't write any tests for a simple method like this simply because it "depends" on UI.

I have to look at your code more to understand what it does to be able to comment on the cryptography part though.

To be clear Autarkysoft is the name of the organization (like Microsoft, Newtonsoft), Bitcoin is the name of the library and to avoid conflict we use both when referring to the name of a library meaning Autarkysoft.Bitcoin (like Microsoft.NET.Test.Sdk, Newtonsoft.Json).
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
  Booknemonic
Sign/Verify and Encrypt/Decrypt easily and simply.

Nine months have passed since I created my account here, on bitcointalk and I can admit that I learn something new every-single-day. There are some forum experts that have helped me thousands of times and I thank them! I've not just understood the way bitcoin works, but much more. You see, bitcoin created me an interest towards cryptography. Reading terms like "digital signatures", "encryption", "hash function" made me spend time on understanding them. Sending a message that can be read only by the person that owns a key seems impressive for me. IMO, maths are underrated. Last year I started learning C#, because I've always wanted to create softwares.
It's time to publish my first open-source project.

During my stay here, I got familiar with PGP keys and the way they work. I like saying that I'm still a beginner, though. The problem I noticed is that PGP keys are enormous to write them down on a paper. Furthermore, the GPG model seems too complicated to work on and even to understand. Encrypting and making digital signatures using Electrum seemed a better choice since it's pure ECC. Still, it would be hard enough to write 66 hexadecimal characters on piece of paper, because of possible mistakes. Since bitcoin geniuses thought of a way to encode an entropy to words, so we could keep our funds safe and easy to access, I don't understand why we couldn't do that for our identities too.
Today, I finished the v0.1 of Booknemonic, a program that does this job.



Booknemonic.orgSource code

The program encrypts and signs messages exactly like electrum plus mnemonic encoding. It follows these steps:

1) Creates a private mnemonic by encoding an entropy.
2) Takes the public key of the first derivation path.
3) Encodes that 256-bit public key to a bigger mnemonic.

So now, the roles of private and public key have changed to private and public mnemonic.
Because the phrases "private mnemonic" and "public mnemonic" are hard to pronounce, I named them public words and private words that are mathematically connected.


As I said, I'm a beginner on C#, so my code may be messed up. I would like to tell me if you think that I've done something wrong. I have used .NET Core 5 and the following libraries:

I would also like to thank the people that helped me with queries on these threads:

I want to spread this. Therefore, I'll merit anyone that will reply with a creative encrypted message.  Smiley
Code:
----- PUBLIC WORDS -----
advance concert visit awesome neglect fire dizzy club deny danger disease sign rebel donkey tone educate dumb desert mosquito happy crane jungle grit near
-------------------------

I'm signing a message with these words too, to prove that I own them:
Code:
-----BEGIN SIGNED MESSAGE-----
I'm Angelo, also known as BlackHatCoiner, and I'm signing the first published message using Booknemonic. (08/12/2020)
-----BEGIN SIGNATURE-----
advance concert visit awesome neglect fire dizzy club deny danger disease sign rebel donkey tone educate dumb desert mosquito happy crane jungle grit near
IDaA76W5ZynVxeFeHN69mbGKG/dCmzdCi30R9X+7i6PrR4UJAEAsHuSJ3YUD6kKD6UcrFRjU6UsL9VSP05XvfrE=
-----END SIGNED MESSAGE-----
Jump to: