princesspi/Cryptographic_Method_and_Tooling_for_Multi-Factor_Pseudonymous_Attribution_Proofs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

initial ponypostan~!

Browse Source
This commit is contained in:
princesspi 2026-06-14 02:13:59 +00:00
parent 4e9e00a1a0
commit b639991886
2 changed files with 67 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
README.md
View File

@ -1,3 +1,67 @@
# Cryptographic_Method_and_Tooling_for_Multi-Factor_Pseudonymous_Attribution_Proofs
## By [Princess Pi](https://linktr.ee/princesspi3)
## Table of Contents
1. [Abstract](#abstract)
2. [Usecase](#usecase)
3. [Writeup](#writeup)
1. [Proving Attribution](#proving-attribution)
4. [Archive Format Map](#archive-format-map)
5. [Safeguards](#safeguards)
6. [Screencaps](#screencaps)
7. [Repo](#repo)
8. [Poni](#poni)
Cryptographic method with tooling for a multi-factor pseudonymous attribution proofs
## Abstract
Spiffy way to sign an archive with an SSH key, plus add a seperate attribution passphrase/message so that users can verify attribution via signed message OR by revealing the passphrase/message, without compromising cryptographic durability.
## Usecase
For when you want to distribute files pseudonymously with two seperate options for proving attribution in whatever way you please.
## Writeup
A new ED25519 SSH key is generated for each round, prompts for an attribution passphrase/message which is hashed along with the inner 7Zip archive via SHA512 and stored in the outer layer of the 7Zip archive.
Internal 7Zip archive is signed with the SSH key, and the signature stored in the outer layer of the 7Zip archive.
SHA512 checksums are generated for all included files and stored in the outer layer of the 7Zip archive.
Included in the archive are bash shell scripts to verify SHA512 matches, SSH key signature match, and archive integrity on the fly, fast and easy. An additional script is used to test an attribution passphrase/message easily.
The public key included can additionally be used to encrypt messages sent to author.
Final distributable is an optionally encrypted 7Zip archive, containing verification files, scripts, and instructions. Also is an inner 7Zip archive for the contents, where the messages/files/etc are stored.
### Proving Attribution
**1. Signature Match**
Users can match the signature with the provided public key. A shell script in the archive automates this, along with SHA512 matches, and archive integrity check.
Automated Verification: `./verify-everything.sh`
**2. Attribution Passphrase/Message Reveal**
Should the originator pleases, they can release the attribution passphrase/message, which can be tested by a shell script in the archive.
Method: `SHA512(<attribution pass><contents.7z>)`
Automated Check: `./test_validate_passphrase.sh`
## Archive Format Map
![Encrypt-Share-Attribution-Archive-Format.png](assets/Encrypt-Share-Attribution-Archive-Format.png)
## Safeguards
1. All inputted passphrases are verified by match, length cracklib-check, entropy, and HaveIBeenPwned.com's API.
1. HIBP is only sent the first few bytes of the SHA1 hashed passphrase, and full hash is checked against what is returned.
2. 7Zip archives can optionally both have 32 bytes of securely generated random data added to each of them to break signatures.
3. 7Zip archives can optionally be encrypted.
1. AES-CBC in 256-bit mode with PBKDF2+SHA256 hashing loop.
2. Encryption configured in 7Zip to encrypt filenames, eliminating filename leaks.
4. Script is written as a schizophrenically safe shell script.
5. Newly used SSH keys and attribution passphrases/messages are stored in an encrypted 7Zip archive for security.
## Screencaps
Inside the distributable 7Zip archive, scripts work to verify signature, integrity, and attribution passphrase/message.
![547ffd4c30f5fdb2c960b9bd8aeeb5e4.png](assets/547ffd4c30f5fdb2c960b9bd8aeeb5e4.png)
Script automates robustly making these archives.
![7c00ef5912450834cd4663881a3b0cd2.png](assets/7c00ef5912450834cd4663881a3b0cd2.png)
## Repo
**[PrincessPi/Encrypt-Share-Attribution @ thecoven.info](https://git.thecoven.info/PrincessPi/Encrypt-Share-Attribution)**
## Poni
**Princess Pi is a very pretty pony :3**
![file_0000000065b051f6a40ca56a38a9ef1d_conversation_id67a79387-d2c8-800f-aadf-1d5c18e7b30bmessage_ide54ca5d7-68c3-4509-b9f9-5732db877e83.png](assets/Princess_Pi_is_a_Pretty_Pony.png)

1
magic.txt Normal file
View File

@ -0,0 +1 @@
how do i look? do i look alright?