Foil Pics allows you to encrypt some pictures from the gallery with a password stronger than the lock code. Strictly speaking, each picture is encrypted with a unique random 256-bit AES key which in turn is encrypted with an RSA key which in turn is encrypted with your password. If the bad guys get your encrypted pictures, they would have to crack the AES key (different for each picture) or the RSA key (shared by all pictures but harder to crack) in order to extract the content. If they get the encrypted RSA key as well, then they can brute force your password. So in the end, the encryption is as strong as your password.
The format of the encrypted file is described here.
The RSA key is stored in ~/.local/share/foil/foil.key
- you can copy it from one device to another. Using the same RSA key on different devices, protected with different passwords, is actually not such a bad idea. If you forget the password, you can use the backup key to decrypt the images, assuming that it has a different password that you still remember.
Source code: https://github.com/monich/harbour-foilpics
Comments
cvp
Mon, 2017/12/04 - 13:22
Permalink
Thank you for the nice app!!
Are you planning to add support for videos as well?
slava
Mon, 2017/12/04 - 15:10
Permalink
Videos are significantly larger than images meaning that a) they don't fit entirely into RAM and b) decrypting the entire video would take considerable time. So they have to be somehow decrypted on the fly and fed into the video player, to avoid creating temporary files (readable by other processes). It's doable (e.g. by emulating some sort of a network stream) but it doesn't look like an easy task.
slava
Mon, 2017/12/04 - 15:43
Permalink
or alternatively, a decrypted video could be exposed via fuse filesystem, as a file available only to the current process. It's worth noting that in either case (fuse or network source emulation) decrypted data would have to pass through kernel, making it available for stracing by a sufficiently privileged process. That may not be acceptable to real paranoics :)
slava
Mon, 2017/12/04 - 15:46
Permalink
(continuing to talk to myself) Even though decrypted images never leave the app's address space, a real paranoic would still say that a sufficiently privileged process could read the app's memory and extract images from there. Oh well, there's no safe place in the world for real paranoics. This app is more about securing files in the internal storage than protecting against realtime hacking. If you have a rogue provileged process running on your phone, you are screwed anyway. So I guess either network emulation or a fuse file would be ok for the purposes of this app.
DarkTuring
Mon, 2017/12/04 - 04:37
Permalink
fantastic!!
ferlanero
Sun, 2017/12/03 - 17:35
Permalink
An absolute must to to protect your privacy! Thanks!
TMavica
Sun, 2017/12/03 - 17:07
Permalink
Nice apps!
Kelmi
Sun, 2017/12/03 - 15:44
Permalink
Awesome, thank you! I really like this app for my xperia x. ;)
Caballlero
Sun, 2017/12/03 - 02:18
Permalink
Nice; thanks for this.
Bocephus
Sun, 2017/12/03 - 01:51
Permalink
Yes! This is an essential feature that was missing from SfOS. Thank you!
t0t3u
Sun, 2017/12/03 - 01:25
Permalink
Great job!
minitreintje
Sat, 2017/12/02 - 23:33
Permalink
Great idea! Installing as we speak :)
Erdrandbewohner
Sat, 2017/12/02 - 20:30
Permalink
Great! Works perfect. Thank you! :)
slava
Sat, 2017/12/02 - 19:56
Permalink
With a few hacks I managed to make it compatible with Jolla Store, so it should appear there too at some point.
slava
Tue, 2017/12/05 - 12:20
Permalink
Yep, it's there.
lkdhf
Sun, 2017/12/03 - 03:03
Permalink
Brilliant, thanks!
Pages