Suggestions for Using Cryptpad
I have noticed an increase in groups using CryptPad for collaborative documents for reasons of more privacy and less dependence on/support of Google. These are great goals and I’m all for using it. It is possible to use tools like CryptPad in ways that don’t really enhance privacy, though, so I wanted to write up some suggestions.
The official CryptPad blog has a great post, “The Most Secure Way To Use CryptPad.” I definitely recommend reading that if you want a more complete picture and some explanation of the technology. I’ll quote some key parts from that and try to explain my suggestions without a lot of tech jargon.
What is End-to-End Encryption?
That blog post describes End-to-End Encryption (E2EE) in part with an analogy:
“...you distribute open locks (the public encryption key) to everyone and keep the (secret decryption) key to yourself. Then, if someone wants to send you a message, they put it in a box and close a lock on it. Thus, only you can open it while anyone can produce a locked box for you.”
— “The Most Secure Way To Use CryptPad”
Managing those encryption keys is usually the hardest part of using an E2EE system. The keys are based on complex math so they’re usually rather long bits of gibberish text that you need to keep safe on your computer. If you lose them, you can no longer unlock those boxes that were locked for you.
Revoking Access Can Be Tricky
If you are using the link-sharing method in CryptPad, it is handling some of that complexity by including the secret key directly in the link. This means that once the link is shared, access to the document cannot be revoked, short of destroying the document. Consider that the link could easily be shared beyond the intended recipients, even accidentally. I don’t recommend this method unless you are alright with the document being (or becoming) publicly available.
Password Protection and Document History
One option to make sharing more secure is to add a password to the document. That password should be shared through a secure method like CryptPad’s own contact system (see more below) or Signal (which is, itself, end-to-end encrypted). Email is not a secure method to share the password.
Document passwords can be changed, so it is possible to revoke access that way. However, when you change the password, CryptPad warns you that it will delete the document history. My recommendation is to make a copy of the document, share the copy with a new password, then destroy the original document.
When you share a document, the full edit history will be available as well:
“Note that CryptPad documents contain the full edit history by design. It is easily accessible to anyone from the user interface. If you made a manipulation error, such at past [sic] some text you didn’t want to share, while producing the document before sharing it, we recommend that you copy-paste the version you want to share for collaboration in a new pad before sending it to sanitize the history (it also helps to track changes afterward).”
— “The Most Secure Way To Use CryptPad”
CryptPad Accounts and Contacts
CryptPad’s own recommendation is to create an account and add contacts you want to collaborate with. Then each document can be shared with specific people/teams, without links ever leaving the encrypted platform. There are a couple important notes about CryptPad accounts:
- Your username is not guaranteed to be unique
- There is no “forgot my password” tool
The first point makes it a bit harder to add contacts. Instead of me telling you “Add gRegorLove on CryptPad,” I would need to link to you to my CryptPad profile page. If I am an internet rando to you, how do you actually know that profile is me and not someone else who happens to have the same username? The way to verify it is actually me is to have me confirm what my public key is, usually through another method of communication. Then you can use the “Copy Public Key” button on the profile and compare to make sure they match. You can see how this gets more complicated than a typical friend request on other apps, especially since the public key is mostly a bunch of gibberish.
Aside: I am experimenting with linking to both my CryptPad profile page and my public key from my Follow page. This means if you trust that gregorlove.com is actually run by me and has not been hacked, the claim that is my CryptPad profile can be verified pretty reliably.
The second point means that it is very important that you store your password securely and have backups. If you can’t remember it, you won’t be able to access any of your documents again. From that blog post:
“All security mechanisms are only as strong as your password is. If your password is easily guessable, attackers can get full access to all your data stored on CryptPad. We recommend you to either generate a random password using a password manager or to choose multiple words in case the password needs to be memorizable. Use this password only for CryptPad to avoid other services leaking it.”
— “The Most Secure Way To Use CryptPad”
More Reading
- CryptPad’s official User Guide
- Electronic Frontier Foundation’s (EFF) Surveillance Self-Defense Guide
- I mentioned Signal above briefly. EFF also has a guide for using Signal if you’d like to learn more.
- If you really want to get into the details of the cryptography, see their whitepaper: CryptPad: End-to-End Encrypted Collaboration Suite
View responses or leave your own response
This section is under construction