❄️ [DSP] Modeling Bletchley with Snowflake
by Paweł Świątkowski
29 Apr 2017
Step 1: One sentence summary
Bletchley is a tool for encrypting and decrypting files using public-key cryptography, so they can be sent over insecure channels.
Step 2: Motivation
Nowadays we use internet to send variety of things over the internet. We tend to use emails, Facebook Messenger or upload them somewhere and just share the link. Most of the time the very channel is “secure enough” so it can’t be eavesdropped on. But there are other cases when the contents of those can be exposed. They are, for example:
- Stolen phone or laptop
- Leaving signed in session in public places like internet cafes
- Sharing account with other people
What fails here is a human factor. As one side of communication I can be cautious not to fall victim to cases above, but if other side is not, the whole conversation might be exposed. Another part of the story is government surveillance, which may become rising issue in a couple of years.
Public-key cryptography is a good choice for such tasks, because it leaves one “endpoint” (key with which the message should be encrypted) public by design. In this way only one person (me) is responsible for maintaining security of the secret part. Even if sender’s account is exposed, nobody would be able to decrypt the message without receiver’s private key.
Step 3: Main features
(features that came up while I was writing steps 4 and 5 are in blue)
- Encrypting and decrypting files using public and private keys
- Storage of keys for easier use
- Sending encrypted files using emails
- Address book: email + name + public key
- Ability to mass send: encrypting file/message for each person and sending them their encrypted version with predefined message
- Generating public/private key pair for easier start
- Sending text without writing it to file first
- Sending public key to selected email address with predefined message
Step 4: Personas
Paweł (author of this blog), 29 years old. Software developer.
Since I change apartments (and thus my physical addresses) quite frequently, I don’t usually report my current location to a number of institutions. Instead, I use my parents’ address, which is also my official permanent residence. As a result, sometimes (especially at the beginning of the year) they receive documents that are supposed to go to me (for example tax reports). Usually they scan it and send me by email. I wan’t something more secure, so that my financial details don’t leak too easily.
Anna, 21 years old. Aspiring journalist, using computer mostly for text editing and browsing internet.
She does not like what her country’s government is doing and how it slowly descends into autocracy. She’s actively trying to oppose it, organizing protests etc. But she’s more and more afraid of “antiterrorist” law which would let police to invigilate her email accounts or Facebook communication. She would love to have a way to send some documents to her colleagues in a way that can’t be eavesdropped easily.
Elena, 45 years old. She has an abusive husband and she knows he checks her emails when she’s not looking.
She wants to share her story with her family, maybe with the police, but she can’t afford her husband finding out1.
Step 5: User stories
When I’m at my parents’ house, I install Bletchley on their computer and place the shortcut on the desktop. I enter my previously generated public key along with my email in application’s address book. I instruct my mom what four (at most!) clicks she needs to perform2 to send me my scanned documents.
Anna installs Bletchley on her Windows-powered laptop and reads the docs to understand how public-key cryptography works and how to operate the program3. She generates her key pair in the application and sends public key to her friends, instructing them to do the same. (Maybe she can do it from program itself, which would prevent her from sending her private key by accident?4) As they are sending her back their key, she adds them to the application’s address book.
Now, when in need, she sends more “risky” files encrypted to all of them.
Elena finds a public key on local police station’s website5. She decides to quickly draft a complaint using LibreOffice, but she does not want to save a file, fearing that her husband would find it, even if she deletes it. Instead, she pastes the text directly into Bletchley’s text box. It’s encrypted, sent to police’s mailbox and never saved4.
I skip additional steps, such as UI sketches for now. The most important ones are done and during that two new main features were detected.
I also found out that the “basic flow” I thought of, which is: selecting a public key from disk, encrypting a file with it and saving this file to disk - will probably not be needed at all. It might still be available somewhere, but not as a main view, as it would be a clutter for “normal users”, who would never use it.
Last but not least, I feel a bit more attached to the project now. Even the cheesy Elena’s story gives some motivation to push through with it if it might (even when a chance is remote) help people in need to send their message (pun kinda intended).
This story is a bit touchy-feely, I agree, but it is no problem. It’s those kind of stories that we tend to remember. ↩
It turns out there is important UX requirement here. I totally did not think about it earlier. ↩
Another important requirements: docs. Or better: a whole website about the application. ↩
Yeah, right… ↩