R-Pi OTP/DRYAD True Hardware RNG How-To

This guest post comes to us from a reader exploring all options for one time pad (OTP) generation. There’s a lot of really cool things to be done with the inexpensive Raspberry Pi– and from my angle, there’s no reason not to own one. Most of the more potent weapons on the new battlefield don’t fire bullets. – NCS

 

I had been looking for a way to generate OTPs that would (in theory) be as secure as possible without the encumbrance and time involved by using dice, locked in a windowless basement with a Smith-Corona. I also wanted to be able to make them as small as possible. After a lot of digging that was only mildly fruitful, I decided to make one myself. I also wanted it so that I – and anyone else capable of following a recipe – could make more with a minimum of trouble.

There are only three ways that I know of to generate a truly random One Time Pad – for the “regular guy”: 1) The old-fashioned way with a set of dice (preferably 10-sided) and paper/pencil; 2) purchase one of Partisan Labs ADL-1 units; 3) The following method outlined in this how-to. Maybe there are others. I wanted to come up with a way for anybody to put one together with easily available components. So here it is. You shouldn’t need to procure any unobtainium to build it. (It was valid in May 2018 when I first put this together. It should be fine as Raspbian Stretch is still an available distribution – I think.)
The script will print either numerical or alphabetic OTPs. There is also an option to substitute symbols for numerals.
Special notes regarding the use of symbols instead of numbers:
1) for OTP.sh ONLY – while the OTP(s) that are generated start with arabic numerals which are then converted to symbols, there is no actual need to maintain the specific conversion after the pads are generated. As an example, just because + was for 4, and X was for 9, doesn’t mean they have to represent those numbers for ever. Both the sender and receiver could choose (beforehand) to alter the conversion scheme AFTER the pads are generated. All that is required is that they agree on the scheme before any encryption and decryption are performed. This, in a way, is actually a double encryption. The parties not just require the OTP key, but also the translation scheme.
2) This DOES NOT apply to SplitOTP.sh however. This is because the Gamma and Delta keys are derived mathematically from the Alpha and Beta keys. In order to change the translation scheme of the symbols, the SplitOTP.sh script must be edited BEFORE generation of the OTPs.
Besides the standard OTP generating scripts, also included is a script for generating a DRYAD-type table (it does not have the formatting options of the OTP script) and a special, limited-use/audience OTP script for split keys and variants at the end of this how-to. This can also be utilized to facilitate transmission of keys when meatspace isn’t an option. Details are below.
This how-to also includes a procedure for building an SD card from scratch purely for the production of secure OTPs. Prior to that is some helpful info for those who are interested. If you wanted to build a good OTP generator, then this is for you.
Keep in mind that this system is not “ultra-portable.” It is no more portable (at best) than hauling a laptop and printer around. (And that’s when using the Pi TFT.) It is not rugged. It is not turnkey or for people that need it right now without knowing what they’re doing. If you want that, get Number 2 (above.) This Pi system costs roughly: $35 for the Pi2b, $15 for the SD card, $65 for the TFT, $10 for keyboard, $5 for mouse, $30 for printer – see below, $5 for the USB cable that you may not have and the printer doesn’t come with, PLUS whatever power supply equipment you will need. Wall P/S if outlet is available, battery, inverter and proper wiring cables if going to the field, and what you’re going to carry this junk in.
It is slow, but not nearly as slow as Number 1. If you haven’t caught on yet, it is for the Raspberry Pi. The Raspberry Pi has a built-in True Random Number Generator (TRNG). The Pi 2b is recommended because it does not have Bluetooth or WiFi built in, therefore it can be truly air-gapped. While faster, newer models have both Bluetooth and WiFi built on-board, therefore they are less secure. the TRNG is not enabled by default, but is easily enabled by executing the following at the command line (in a terminal window – and restart rng services if not rebooting after installation) to have the hwrng start dumping its output to the “entropy bag”:
“sudo apt-get update”
“sudo apt-get install rng-tools”
“sudo service rng-tools restart”
You don’t have to use the HWRNG if you don’t actually want to.
You  choose what you want to use for the random number generator: /dev/random ,  /dev/urandom ,  or /dev/hwrng .
For the differences between these methods I found these two webpages to have practical and useful information.
Basically: hwrng takes the numbers straight from the Pi’s Hardware RNG; random generates the numbers from a seed generated from the Pi’s store of entropy which is generated from the hwrng and other system entropy gathering processes and will stop and wait if the entropy store gets too low; urandom is generated the same as random but does not stop when system entropy gets low. (It’s really fast, but less secure and not truly random.)
When finished, the script will let you know how long it took to generate the tables. When first starting, test your system out by generating only one table so you have an idea just how long a full page of micro-printed tables will take.
For the scripts below to work, you will also need to install the xclip package in order to have the table sent directly to the clipboard.
”sudo apt-get xclip”
The OTP script is written in Bash as it is the easiest method for the average user to examine and make sure that there are no shenanigans going on behind the scenes. (I’m not a programmer as it is, so it was also the easiest for me to put together.) It is documented and easily editable if you want to change any parameters. It sets up a ramdisk to keep the table in memory instead of writing it to the card/drive. (It does not automatically unmount the ramdisk and wipe the filesystem in /dev/ram1 – I couldn’t get it to work. Shutting down the Pi does the trick though.)
When generation of the tables is complete, it copies it to the clipboard so that it can be pasted into whatever program you will print from. Leafpad works, but I prefer Libre Writer as you can change the color. I print one copy in red, and one in blue, for easier control of incoming and outgoing pads. When printing the OTPs use a monospace font, otherwise the pads will not print lined up properly. Some fonts work better than others when printing very small. Do your own testing.
The OTP script needs to be run as sudo so as to set up the ramdisk and to directly access the hwrng. The script also needs to be marked as executable once copied to your system.
”sudo chmod +x OTP.sh” (Same for DRYAD.sh and SplitOTP.sh.)
For printing the OTP tables, You can select what size table you want. It asks you how many columns of OTPs across the page, and how many rows of them you want.
5×10 is suitable for one page of 5-point font.
6×12 is suitable for 4-point font.
8×16 is suitable for 3-point font. (I need my reading glasses AND magnifying glass to not confuse some numbers on this one!)
I have experimented with ways to enable printing of the OTPs smaller while still being legible, particularly on the tracing paper (which doesn’t lend itself well to small printing.) My solution was to use symbols instead of arabic numerals that would be more easily distinguishable. I settled on these: O\|/+A>V<X. They are not bad at 2-point Noto Mono Bold, and allows the printing of about 14×26 OTPs on a single sheet of paper. You DO need to use the 10x jeweler’s loupe. It is possible that a change in printing colors might help, depending on the printer construction and how it handles the ink. (E.g., single nozzle per color(CYMK), or one nozzle for all.
Please don’t use your phone’s camera in magnification mode to read the tables! What’s the point of using an air-gapped system if you’re just going to put the friggin’ thing in front of a camera attached to a phone company, the internet, the NSA, fill-in-the-blank-with-any-body-not-you!?! Order the 5-piece loupe set from Harbor Freight. It’s $3.75 and includes a 10x loupe.
I have researched and experimented with different materials to print the tables on. While I have seen some people recommend cigarette paper, it fails for several reasons. In fact, it has only ONE redeeming quality – it burns with almost no residue. The same additive it is treated with to enable it to burn so clean also makes it burn slower – not what we want. Try to run it through a printer too. Let me know how that works for you.
Much better is tissue or tracing paper. A procedure for successfully printing on this medium was given to me by an acquaintance and is available here:
Children’s tracing paper is much cheaper, and works a little better than professional or artist’s tracing paper. Sometimes it can even run through some printers without having to use the above procedure.
The best printer that I’ve found so far is the HP Deskjet 1112. It is USB only – NO WiFi or BT! Ideal for use with the Pi 2b which doesn’t have either of those, (and shouldn’t for this application!) It weighs under 4-1/2 pounds. It draws 10W max when printing. It costs under $30 delivered. It comes with two starter ink cartridges (Black, Color). Replacement cartridges will cost you more than the printer. It will feed the cheap children’s tracing paper, however, due to the difference in ink, black will smear if you haven’t tacked the tracing paper to a regular sheet first – then it’s ok. I haven’t had that issue with Color. (Maybe it was the other way. I don’t remember. I use the glue stick method always.)
The HP 1110 series printer uses a 110V AC to 22V DC transformer/rectifier that is easily removed. I clipped the wires and installed spade terminals to the printer’s power input wires and another set of wires that I soldered to a DC to DC Converter Board. They are cheap, small, and easy to install and use. One example is:
I soldered on Anderson Power Pole connecters to connect it to my LiFePO4 battery that I also use to power the R-Pi and screen. Now, no AC power is required and truly field portable. Works great.
For those that are concerned about the issue with many color inkjets secretly printing the tracking codes in yellow dots (do a google lookup) I offer the following suggestions:
1) Print out several sheets of yellow until you’re out of yellow. This won’t help if whatever printer you are using does not allow you to print when you’re out of a color. (Canons come to mind.)
2) Don’t worry about it. these are OTPs and DRYAD tables. Keep them secure. Burn when used. If they’ve been captured, you screwed up big-time and it doesn’t matter at that point anyway.
Some people like using thermal printers. I don’t because I want to print miniature tables, in color. I also hate thermal printer paper. It doesn’t last well, even when stored well. It’s up to you though. The advantages are that they are portable, you don’t need ink or toner, and there isn’t memory that might hold the OTP.
So here is the Raspberry Pi OTP Generating Card procedure:
While it can do more things, best practice (and I would argue the only proper one) would be to use the card for ONLY creation and printing of the tables. Requirements should be:
1. Only use a Pi2  or 2b. NEVER use a Pi3 or higher as they have integrated Wifi and BT which can only be “disabled” is software. The Pi2/b does not have that integrated. Therefore, you can be sure there is no connection to anyone as long as you have not plugged a Wifi or BT adapter in, or plugged in an ethernet cable. (Guaranteed air-gapping.) I would suggest to not even use such ever, even for the installation so as to minimize possible collection of hardware or network identifying information. I performed my installation by plugging into an ethernet router downstream of another router. Not perfect, but I think satisfactory.
2. If using a keyboard and/or mouse, use only USB ones.
3. Only use a printer that is USB-only.
4. Do not use a “smart tv” for a monitor.
5. When finished creating and printing, shut down the Pi, remove the SD card, and physically secure it.
It can be setup from either the Full Raspbian image, or the Lite version.
The full version will be 4.3 Gig total, the Lite based version will be 2.3 Gig (zips down to about 1.3 Gig for a backup.)
For creating the card, I recommend building it from the Raspbian Lite version. This will not just minimize the overall size, but also keep a lot of superfluous software off the card and so minimizes potential attack surface.
The Secure OTP and DRYAD Table Generator Pi Card Creation Procedure:
Items in quotes are to be typed in at the command line (terminal window).
For either method, start with:
“ sudo apt-get update “
“ sudo apt-get upgrade “
“ sudo apt-get dist-upgrade “
“ sudo apt clean “
“ sudo apt autoremove “
“ sudo reboot “
If installing from Lite, do this first: (If Full Raspbian, jump to * below)
“ sudo apt install raspberrypi-ui-mods “
“ sudo reboot “
“ sudo apt-get install synaptic “
“ sudo apt-get install leafpad “ (Optional – you can use another editor.)
“ sudo apt-get install libgtk-3-dev “
“ sudo synaptic “
Search for “ firefox “
Select firefox-esr, mark for installation, then Apply to install
Search for “ python-pip “
Select, Mark, Apply
Search for “ libreoffice-writer “
Select, Mark, Apply
Search for “ python-gi-dev “
Select, Mark, Apply
*If installing from Full Pi Desktop, pick up the procedure here:
Note : You may (likely) have to go to “Preferences”->”Mouse and Keyboard Settings” and fix the keyboard layout.
Open file manager and delete the ~/oldconffiles folder if it exists.
(Optional)
“ sudo raspi-config “
– Go to advanced and set Memory Split to 256
– Go to Overclock and set to High
– Select Finish and then Reboot
(Optional – may improve speed) – Install zram boot-up script:
⁃ “ sudo wget -O /usr/bin/zram.sh raw.githubusercontent.com/novaspirit/rpi_zram/master/\zram.sh “
⁃ “ sudo chmod +x /usr/bin/zram.sh “
⁃ “ sudo leafpad “
⁃ edit /etc/rc.local – add “ /usr/bin/zram.sh & “ at end but before “exit 0”
Save and reboot.
(Optional – and for the RPi TFT) – install rpi_backlight
⁃ “ sudo pip install rpi_backlight “
⁃ “ sudo leafpad “
⁃ Open and edit /home/pi/.config/lxsession/LXDE-pi/autostart
⁃ at beginning use command line twice with different values
⁃ “ sudo rpi-backlight -b 50 “
⁃ “ sudo rpi-backlight -b 49 “
⁃ edit Autostart to place GUI version at end
⁃ “ sudo rpi-backlight-gui “
(Optional – adjust screen resolution for RPi TFT – necessary if using onscreen keyboard and no mouse)
⁃ “ sudo leafpad “
⁃ Open and edit /boot/config.txt
⁃ set resolution to 1280 x 760
Install Printer software (this is for the HP mentioned above.)
⁃ Install cups (and hp printer software for hp printers) – “ sudo apt-get install cups hplip “
⁃ “ sudo usermod -a -G lpadmin pi “
⁃ “ sudo /etc/init.d/cups restart “
⁃ (You can now access cups from web browser at localhost:631)
⁃ “ sudo hp-setup -i “ (with printer connected through USB)
⁃ Answer questions, make up names if you want, just don’t quit.
⁃ Note: the printer’s serial# is saved when added. Stored in /etc/cups/printers.conf.O and printers.conf . If you want to remove this identifying information you first have to delete the printer from the cups interface via a web browser, then stop cups (“ sudo /etc/init.d/cups stop “), then check both files. At least one of them ( the .O file ) will still have the SN#. Edit the # out, save and exit. Restart cups (“ sudo /etc/init.d/cups start “). You will not have to be connected to the Net to re-install the printer later through the web browser.
Install HWRNG software package
⁃ “ sudo apt-get install rng-tools “
Install command line X clipboard access
⁃ “ sudo apt-get install xclip “
Install xscreensaver (not needed if you started with Raspbian Lite as the installation of X above puts this in.)
⁃ goto “Preferences” -> “Add/Remove Software”
⁃ search xscreensaver
⁃ select xscreensaver-x.xx-x
⁃ select screensaver-data-x.xx-x
⁃ click “apply” and install (default password is “raspberry”)
⁃ remember to configure the screensaver in “Preferences” -> “Screensaver”
⁃ Note: EXTREMELY important if using only TFT and onscreen keyboard as you won’t be able to get the screen back if it blanks.
Disconnect from the Net. Never connect again.
If you used a Wifi card to do updates/installs, edit /etc/wpa_supplicant/wpa_supplicant.conf to remove network name and password.
Copy over OTP.sh and DRYAD.sh (and SplitOTP.sh and sort-tri.awk and trigrams and if want this extra option) to the desktop from a USB stick.
“ sudo chmod +x (each file) “
These scripts must be run with sudo to access the hwrng.
“ sudo ~/Desktop/OTP.sh “
“ sudo ~/Desktop/DRYAD.sh “
“ sudo ~/Desktop/SplitOTP.sh “
There – that’s all there is to it.
And now the OTP.sh scrip and DRYAD.sh script.
This is the text of the script. Copy and paste it into a text editor like Leafpad and save it with the correct filename. Do this for each file.
The first line of the script is the first one starting with #!/bin/bash
OTP.sh:
———————————————————————————————
#!/bin/bash
#
# One Time Pad Table Generator Programs
#
# This determines how many characters per group in the OTPs
blocksize=5
# This determines how many groups per line of the OTPs
blockrow=5
# This determines how many OTPs across the page to print
read -p “How many pads across the paper? ” tablerow
# This determines how many lines of characters in each OTP
rowcount=10
# This determines how many rows of OTPs to print down the page
read -p “How many rows of pads? ” pagecount
#numbers or letters in the OTP?
read -p “OTP of numbers 0-9 (n) or letters A-Z (l)? default = n ” NorL
if [ $NorL == l ]
then
  TYPE=’A-Z’
else
  TYPE=’0-9′
read -p “Arabic numerals (a) or symbols [O\|/+A>V<X] (s)?” AorS
fi
# Have user pick algorithm to use for picking numbers or letters
read -p “Which RNG Device? random-(1), urandom-(2) or hwrng-(3). Default is 1 ” DEVICE
case $DEVICE in
   3)
      RNGAlg=hwrng
      ;;
   2)
      RNGAlg=urandom
      ;;
   *)
      RNGAlg=random
      ;;
esac
# where to generate the page of OTPs – putting it in a ramdisk
otpath=’/ramdisk/otp.txt’
# Create a ramdisk to put the tables in to keep them in memory and not write to SD card
mkfs -q /dev/ram1 1024
mkdir -p /ramdisk
mount /dev/ram1 /ramdisk
echo
echo “$RNGAlg it is…”
echo
echo “Generating a Table of $tablerow by $pagecount of ($TYPE – type) OTPs.”
echo
echo ”                 grinding away…”
echo
# Reset BASH time counter
SECONDS=0
# Generate a row of OTPs
for ((x=1; x<=$pagecount; x++))
do
# Generate a full line of characters for eact OTP in the current row of OTPs
#  echo “” >> $otpath;
   for ((i=1; i<=$rowcount; i++))
   do
# Generate a row of groups for the current OTP in the current row of OTPs
      for ((k=1; k<=$tablerow; k++))
      do
# Generate the groups for the current line of groups in the current OTP
         for ((j=1; j<=$blockrow; j++))
         do
# Generate the current group of characters using the selected atributes
#    NOTE: using this if-then-else here instead of earlier in the script with two
#    longer generating branches results in an extra 2-seconds per OTP to generate with
#    hwrng, while reducing script length
            if [ $NorL == l ]
            then
               randnum=$(base32 /dev/$RNGAlg | tr -dc $TYPE | head -c $blocksize)
            else
               randnum=$(xxd -p /dev/$RNGAlg | tr -dc [:digit:] | head -c $blocksize)
                           if [ $AorS == s ]
               then
                 randnum=”$(echo $randnum | tr ‘0123456789’ ‘O\\|/+A>V<X’)”
# the first \ is required to make the second \ display – it is otherwise a special meaning character
fi
            echo -n $randnum >> $otpath;
            echo -n ” ” >> $otpath;
    done
         echo -n ”   ” >> $otpath;
      done
      echo “” >> $otpath;
   done
   echo “” >> $otpath
   echo “” >> $otpath
done
# Send the table to X’s clipboard
xclip -i /ramdisk/otp.txt -sel clip
echo
echo “The OTP table is now in X’s clipboard.”
echo
ELAPSED=”$(($SECONDS / 3600))hrs $((($SECONDS / 60) % 60))min $(($SECONDS % 60))sec”
echo “Time taken to generate the OTP Table was $ELAPSED”
echo
# Prepare to erase the table from the ramdisk
read -p “Press (return) to delete the OTP table from the ramdisk…” dumpit
rm $otpath
echo
echo “Don’t forget to clear X’s clipboard when you are done!!!”
———————————————————————————————
And now DRYAD.sh:
———————————————————————————————
#!/bin/bash
#
# DRYAD Authentication Table Generator
#
# where to generate the DRYAD Tables – putting it in a ramdisk
dryadpath=’/ramdisk/dryad.txt’
# Create a ramdisk to put the table in to keep it in memory and not write to SD card
mkfs -q /dev/ram1 1024
mkdir -p /ramdisk
mount /dev/ram1 /ramdisk
# This determines how many Tables to print
read -p “How many DRYAD Tables to generate? ” tables
# Generate the Tables
      for ((k=1; k<=$tables; k++))
      do
rows=’A B C D E F G H I J K L M N O P Q R S T U V W X Y Z’
echo “FOR OFFICIAL USE ONLY     UID:” >> $dryadpath
echo “” >> $dryadpath
echo “Start DTG:                End DTG:” >> $dryadpath
echo “Distribution:” >> $dryadpath
echo “” >> $dryadpath
for row in $rows
do
   if [ $row == ‘A’ ] || [ $row == ‘F’ ] || [ $row == ‘K’ ] || [ $row == ‘P’ ] || [ $row == ‘U’ ]
   then
   echo “” >> $dryadpath
   echo ”   ABCD   EFG   HIJ   KL   MN   OPQ   RS   TUV   WX   YZ” >> $dryadpath
      echo ”     0     1     2    3    4     5    6     7    8    9″ >> $dryadpath
   fi
   echo -n $row >> $dryadpath
   dryad=$( echo ‘ABCDEFGHIJKLMNOPQRSTUVWXYZ’ | sed ‘s/./&\n/g’ | shuf –random-source=/dev/hwrng  | tr -d “\n” )
   A=”${dryad:0:4}’   ‘${dryad:4:3}’   ‘${dryad:7:3}’   ‘${dryad:10:2}’   ‘${dryad:12:2}’   ‘${dryad:14:3}’   ‘${dryad:17:2}’   ‘${dryad:19:3}’   ‘${dryad:22:2}’   ‘${dryad:24:2}”
   echo ” ‘”$A”‘” >> $dryadpath
done
echo “” >> $dryadpath
echo “” >> $dryadpath
done
# Send the Tables to X’s clipboard
xclip -i /ramdisk/dryad.txt -sel clip
echo
echo “The DRYAD Tables are now in X’s clipboard.”
echo
# Prepare to erase the Tables from the ramdisk
read -p “Press (return) to delete the Tables from the ramdisk…” dumpit
rm $dryadpath
echo
echo “Don’t forget to clear X’s clipboard when you are done!!!”
———————————————————————————————
For those interested, here follows a split-OTP procedure and script. It provides for more complicated options for the handler or other leader-type.
Following a reading of Dirk Rijmenants’ webpage at http://users.telenet.be/d.rijmenants/en/onetimepad.htm, specifically the section near the bottom on Secret Splitting, along with his paper “Secret Splitting: A Practical and Secure Way to Delegate Keys”, (c)2009 linked from the same page, it occurred to me that more can be done with this concept. In addition, as creation of a split key is very much more tedious than the creation of the “parent” key, I also decided to write a script for the Raspberry Pi (with it’s built-in hardware random number generator) to handle the problem. (I’ve mentioned elsewhere for a few reasons that you should use the model 2B and not a 3 or higher so as to ensure air-gappage.)
First, I’ll suggest a couple uses for the split keys. Admittedly, there will be a very small “market” for the utilization of split OTPs, but if you ever do need it, maybe this will make it more reasonably accessible (well, more than before.) These are just examples:
1) A Will (or other sensitive document with instructions in it) can be encrypted, then the key split and divided between siblings so that it requires cooperation between them. Or siblings and the lawyer, or trustee, and that new trophy wife grandpa married that nobody is getting along with.
2)A “team,” where the team leader might have the primary decryption key, but also a couple team members may have split-keys just in case something happens to TL. (This would increase resiliency while maintaining security.)
3)Keys can also be used for authentication: two people with their keys can authenticate a third person. For example, three people are to meet up, at least one is unknown to the others. The keys are combined to check the validity of each other, and also used to decrypt the original message which would list the “handles” of each participant along with a codeword unique to each participant. This way, even if a key should fall into the wrong hands, the imposter would still need to know (and provide) the handle or whatever information that will be disclosed from decryption of the original cleartext message.
4) Lastly, I would like to add what is perhaps one of the most important uses for SplitOTP.sh. This hadn’t occurred to me until I was looking at a communications security company’s products that have adapted the OTP concept in a way to make current encryption not just quantum-resistant, but quantum-proof.  Introspective Networks has designed and patented what they call STOP Technology (Streaming Transmission One-time-pad Protocol) which utilizes the Moving Target Defense MTD) concept along with Streaming Key Encryption (SKE) to send a TRNG constant stream encryption key over multiple channels with time and bit displacement and fragments. The encrypted stream is sent over another separate channel. It is done in a way that defeats any possible re-assembling of the key. (See introspectivenetworks.com for more info.) This is used for VPN and IP tunnels. This is similar in many ways to FHSS radio with encryption communications.
This can solve the problem of how to share a OTP key with another trusted person which you cannot meet in the meatspace. Bob could generate a SplitOTP table. He keeps the Alpha key (for lack of a better term, the REAL key.) He then transmits the Beta and Gamma keys to Sue in two distinctly different ways. For instance, he transmits Beta over a P-to-P encrypted communications network like Signal. He then embeds Gamma into a picture using a steganography program that is password protected with a predetermined password, and the picture posted on a website (like Facebook, cough-cough.) Sue can then retrieve Beta and Gamma, and then reconstruct the Alpha key for use later.
To minimize any risk of compromising the reconstruction of the Alpha key, the following protocol is suggested:
1) Two transmission methods different from each other must be used for the Beta and Gamma keys.
2) The same combination of transmission methods should not be repeated.
3) The receiver should not “pick up” the two key parts with the same connected device. For example, Sue may receive the Beta key over Signal on her laptop. She should NOT retrieve (and especially not decrypt) the picture containing the Gamma key with that same laptop.) Reconstruction of the Alpha key should be done on paper, manually.
4) The OTP ID (the first 5-character group) should be discarded prior to transmission. This is to obfuscate what Beta and Gamma keys are matched pairs in the event of a breach where an enemy actor has somehow intercepted both transmission methods and somehow retrieved both key-parts. Bob needs to use another method to transmit an ID code to Sue such that she will know which two key-parts to assemble. This could be another “pad” but is instead comprised of successive Key ID pairs. For example, since we throw out the first 5-character group – the traditional Pad ID, the second 5-letter group becomes the new ID for the Pad’s key-parts. Bravo’s will be different than Gamma’s. Bob sends Sue a “Pad” that would be “Bravo-1 pad ID, Gamma-1 pad ID, Bravo-2 pad ID, Gamma-2 pad ID,” and so on.
5) Pads should be sent out of order. If four (complete) pads are being sent, then there will be 9 (single) pads transmitted in at least three transmission. No Beta-Gamma matching pairs should be in the same transmission. The ID “pad” should not accompany any pad that it references.
As Rijmenants wrote, splitting the key (and destruction of the original) increases security, but that method also increase the risk of loss – one person loses their half, and it’s ALL lost. By applying a principle similar to the old Raid5 backup systems for computers years ago, more options open up. With Raid5, data would be split into two equal parts, then XOR’d together to create a third part. Each of the three parts would reside on a different hard drive which results in the ability to recreate the original data even upon the failure of one drive. This then required less total hard drive space than the typical mirror backup drive where both drives contain all the data.
Rijmenants described creation of split OTPs from both number based, and standard alphabet based (modulo-26 type Vigenere) OTPs. (Splitting reciprocal alphabet OTPs is just reversing the process you would use to decrypt a message.) You MUST understand the difference between the reciprocal and modulo-26 alphabetic systems! They are NOT interchangeable.
However, due to the way the reciprocal type is created, there is no way to create another split key for reconstruction (like was used in the Raid5 systems) that would be different from the primary key! That would defeat the purpose in that the Delta and Alpha keys would be identical.
Creation of the “alternative” split key is accomplished in the same way you would encrypt a message, except that instead of subtracting the “main” key from the unencrypted/plaintext message, you subtract one split key from the other. For the example, I will refer to the keys as follows:
Alpha: Original key used to encrypt the plaintext message.
Beta: First split key – randomly generated.
Gamma: Second split key – produced by subtracting Beta from Alpha.
Delta: Reconstruction key – produced by subtracting Gamma from Beta.
With three people in possession of keys Beta, Gamma and Delta, reconstruction of Alpha can be accomplished by any two of the three. If one person is compromised, the other two can still get at the message. This option provides enhanced security over the use of just a single OTP as two people are still required to decrypt the message, but reduces the risk of using two split OTPs (or more, if created the “normal” way) because loss of one of the three keys does not result in permanent loss of the message.
All three parts, Beta, Gamma, Delta are distributed – each recipient must know identity of his part, whether Beta, Gamma or Delta.
Any two can reconstruct the Alpha key:
Use OTP procedures to combine Beta and Gamma to get Alpha.
Combine Delta with (Gamma or Beta) to get (Beta or Gamma) in accordance with the formulas below to get Alpha. (Actually, any two keys of the four can reconstruct the other two.)
Example using numeric OTP:
Cleartext Message     16438
Alpha                 62477
Encrypted msg.       54061
Beta                  83258
Gamma                 89229
Delta                 04039
Alpha and Beta are each randomly generated
Alpha – Beta = Gamma
Beta – Gamma = Delta
Any 2 of Beta, Gamma, Delta can be used to determine Alpha
Beta – Delta = Gamma
Alpha = Gamma + Beta
Alpha = 2xGamma + Delta
Alpha = 2xBeta – Delta
Reconstruction of a Vigenere split key is obviously tedious, but need not be done by converting to numbers and then a modulo-26 arithmetic operation. It can be done with the Vigenere table, but requires a lot of care. Ensure you are using the correct column and row, in the right order.
Use of the SplitOTP.sh script is the same as regular OTP.sh script. It will print out the four keys (3 if reciprocal is chosen) labeled as above.
The files “sort-tri.awk” and “trigrams” are required only if you wish to create reciprocal split keys. The SplitOTP.sh script will access them as needed. They should be in the same directory as SplitOTP.sh. SplitOTP uses the mawk version of awk which comes with Raspbian. The trigrams file lists the combinations of letters produced by the reciprocal OTP chart.
Note that the SplitOTP script also makes the first group of each key identical. This is for identification purposes, so that the proper split keys can be matched appropriately. This is not needed in the regular OTP generation script as each table is independent of the others. Also, while the original OTP generation script gets numbers/letters 5 at a time, the SplitOTP script only grabs them 1 at a time, to make it easier to facilitate the derivation of the Gamma and Delta tables. This will contribute to a little bit more time to generate a table in addition to the additional computations, but should not be very noticeable.
The files:
SplitOTP.sh:
———————————————————————————————
#!/bin/bash
# One Time Pad Split Key Generator
# This determines how many characters per group in the OTPs
# held-over from OTP.sh – runs quicker there with the ‘head’ command ‘5’
blocksize=1
# This is the characters in a block
position=5
# This determines how many groups per line of the OTPs
blockrow=5
# This determines how many OTPs across the page to print
read -p “How many pads across the paper? ” tablerow
# This determines how many lines of characters in each OTP
rowcount=10
# This determines how many rows of OTPs to print down the page
read -p “How many rows of pads? ” pagecount
#numbers or letters in the OTP? Keeping in case of updating later.
read -p “OTP of numbers 0-9 (n), Vigenere A-Z (v) or Reciprocal A-Z (r)? default = n ” NorL
if [ $NorL == v ] || [ $NorL == r ]
then
TYPE=’A-Z’
NUM2LTR=( A B C D E F G H I J K L M N O P Q R S T U V W X Y Z )
declare -A LTR2NUM
LTR2NUM=([A]=0 [B]=1 [C]=2 [D]=3 [E]=4 [F]=5 [G]=6 [H]=7 [I]=8 [J]=9 [K]=10 [L]=11 [M]=12 [N]=13 [O]=14 [P]=15 [Q]=16 [R]=17 [S]=18 [T]=19 [U]=20 [V]=21 [W]=22 [X]=23 [Y]=24 [Z]=25)
# declare -A RVRSLTTR
# RVRSLTTR=([Z]=0 [Y]=1 [X]=2 [W]=3 [V]=4 [U]=5 [T]=6 [S]=7 [R]=8 [Q]=9 [P]=10 [O]=11 [N]=12 [M]=13 [L]=14 [K]=15 [J]=16 [I]=17 [H]=18 [G]=19 [F]=20 [E]=21 [D]=22 [C]=23 [B]=24 [A]=25)
RVRSLTTR=( Z Y X W V U T S R Q P O N M L K J I H G F E D C B A )
else
TYPE=’0-9′
read -p “Arabic numerals (a) or symbols [O\|/+A>V<X] (s)?” AorS
fi
# Have user pick algorithm to use for picking numbers or letters
read -p “Which RNG Device? hwrng-(1), urandom-(2) or random-(3). Default is 1 ” DEVICE
case $DEVICE in
3)
RNGAlg=random
;;
2)
RNGAlg=urandom
;;
*)
RNGAlg=hwrng
;;
esac
# where to generate the page of OTPs – putting them in a ramdisk
K1path=’/ramdisk/K1.txt’
K2path=’/ramdisk/K2.txt’
K3path=’/ramdisk/K3.txt’
K4path=’/ramdisk/K4.txt’
OTPath=’/ramdisk/OTP.txt’
# Create a ramdisk to put the tables in to keep them in memory and not write to SD card
mkfs -q /dev/ram1 1024
mkdir -p /ramdisk
mount /dev/ram1 /ramdisk
echo
echo “$RNGAlg it is…”
echo
echo “Generating a Table of $tablerow by $pagecount of ($TYPE – type) OTPs.”
echo
echo ”                 grinding away…”
echo
# Reset BASH time counter
SECONDS=0
#K1 and K2 generated randomly, K3 and K4 derived from K1 & K2.
# Generate a row of OTPs
for ((x=1; x<=$pagecount; x++))
do
# Generate a full line of characters for each OTP in the current row of OTPs.
echo -n “” >> $K1path;
echo -n “” >> $K2path;
echo -n “” >> $K3path;
echo -n “” >> $K4path;
for ((i=1; i<=$rowcount; i++))
do
# Generate a row of groups for the current OTP in the current row of OTPs
for ((k=1; k<=$tablerow; k++))
do
# Generate the groups for the current line of groups in the current OTP
for ((j=1; j<=$blockrow; j++))
do
# Generate the groups for the current line of groups in the current OTP
for ((z=1; z<=$position; z++))
do
# Generate a single character
case $NorL in
r)
randK1=$(base32 /dev/$RNGAlg | tr -dc $TYPE | head -c $blocksize)
randK2=$(base32 /dev/$RNGAlg | tr -dc $TYPE | head -c $blocksize)
drvdK3=”$(mawk -v f1=”$randK1″ -v s2=”$randK2″ -f sort-tri.awk trigrams)”
drvdK4=””
# There is no “Delta” for reverse-letter OTP – it would be identical to “Alpha”
;;
v)
randK1=$(base32 /dev/$RNGAlg | tr -dc $TYPE | head -c $blocksize)
VigNum1=${LTR2NUM[$randK1]}
randK2=$(base32 /dev/$RNGAlg | tr -dc $TYPE | head -c $blocksize)
VigNum2=${LTR2NUM[$randK2]}
VigNum3=$( expr $VigNum1 – $VigNum2 )
if [ $VigNum3 -lt 0 ]
then
(( VigNum3 += 26 ))
fi
drvdK3=${NUM2LTR[$VigNum3]}
VigNum4=$( expr $VigNum2 – $VigNum3 )
if [ $VigNum4 -lt 0 ]
then
(( VigNum4 += 26 ))
fi
drvdK4=${NUM2LTR[$VigNum4]}
;;
*)
randK1=$(xxd -p /dev/$RNGAlg | tr -dc [:digit:] | head -c $blocksize)
randK2=$(xxd -p /dev/$RNGAlg | tr -dc [:digit:] | head -c $blocksize)
drvdK3=$( expr $randK1 – $randK2 )
if [ $drvdK3 -lt 0 ]
then
(( drvdK3 += 10 ))
fi
drvdK4=$( expr $randK2 – $drvdK3 )
if [ $drvdK4 -lt 0 ]
then
(( drvdK4 += 10 ))
fi
if [ $AorS == s ]
then
randK1=”$(echo $randK1 | tr ‘0123456789’ ‘O\\|/+A>V<X’)”
randK2=”$(echo $randK2 | tr ‘0123456789’ ‘O\\|/+A>V<X’)”
drvdK3=”$(echo $drvdK3 | tr ‘0123456789’ ‘O\\|/+A>V<X’)”
drvdK4=”$(echo $drvdK4 | tr ‘0123456789’ ‘O\\|/+A>V<X’)”
# the first \ is required to make the second \ display – it is a special meaning character
 fi
;;
esac
# Set first 5-character block of all 4 associated pads equal for use as a serial number
if [ $i = 1 ] && [ $j = 1 ]
then
randK2=$randK1
drvdK3=$randK1
drvdK4=$randK1
fi
echo -n $randK1 >> $K1path;
echo -n $randK2 >> $K2path;
echo -n $drvdK3 >> $K3path;
echo -n $drvdK4 >> $K4path;
done
echo -n ” ” >> $K1path;
echo -n ” ” >> $K2path;
echo -n ” ” >> $K3path;
echo -n ” ” >> $K4path;
done
echo -n ”   ” >> $K1path;
echo -n ”   ” >> $K2path;
echo -n ”   ” >> $K3path;
echo -n ”   ” >> $K4path;
done
echo “” >> $K1path;
echo “” >> $K2path;
echo “” >> $K3path;
echo “” >> $K4path;
done
echo “” >> $K1path;
echo “” >> $K2path;
echo “” >> $K3path;
echo “” >> $K4path;
echo “” >> $K1path;
echo “” >> $K2path;
echo “” >> $K3path;
echo “” >> $K4path;
done
# Send OTPs to X’s clipboard
echo “Alpha” >> $OTPath
cat $K1path >> $OTPath
echo “Beta” >> $OTPath
cat $K2path >> $OTPath
echo “Gamma” >> $OTPath
cat $K3path >> $OTPath
if [ $NorL == r ]
then
echo “no Delta table for Reciprocal OTPs”
else
echo “Delta” >> $OTPath
cat $K4path >> $OTPath
fi
xclip -i /ramdisk/OTP.txt -sel clip
echo
#echo “The OTP table is now in X’s clipboard.”
echo
ELAPSED=”$(($SECONDS / 3600))hrs $((($SECONDS / 60) % 60))min $(($SECONDS % 60))sec”
echo “Time taken to generate the OTP Table was $ELAPSED”
echo
# Prepare to erase the table from the ramdisk
read -p “Press (return) to delete the OTP table from the ramdisk…” dumpit
rm $K1path
rm $K2path
rm $K3path
rm $K4path
rm $OTPath
echo
echo “Don’t forget to clear X’s clipboard when you are done!!!”
———————————————————————————————-
sort-tri.awk:
First line starts with #! /usr/bin/mawk -f
———————————————————————————————-
#! /usr/bin/mawk -f
# call with VARIABLE=”$(mawk -v f1=”$randK1″ -v s2=”$randK2″ -f sort-tri.awk trigrams)”
BEGIN {
FS = “”
t3 = “”
}
{ if ( t3 == “” ); {
if ( $1 == f1 && $2 == s2 )  t3 = $3
if ( $1 == s2 && $2 == f1 )  t3 = $3
if ( $2 == f1 && $3 == s2 )  t3 = $1
if ( $2 == s2 && $3 == f1 )  t3 = $1
if ( $1 == f1 && $3 == s2 )  t3 = $2
if ( $1 == s2 && $3 == f1 )  t3 = $2
}
}
END {
print t3
}
——————————————————————————————-
trigrams:
First line starts with AAZ
——————————————————————————————-
AAZ
ABY
ACX
ADW
AEV
AFU
AGT
AHS
AIR
AJQ
AKP
ALO
AMN
BBX
BCW
BDV
BEU
BFT
BGS
BHR
BIQ
BJP
BKO
BLN
BMM
BZZ
CCV
CDU
CET
CFS
CGR
CHQ
CIP
CJO
CKN
CLM
CYZ
DDT
DES
DFR
DGQ
DHP
DIO
DJN
DKM
DLL
DXZ
DYY
EER
EFQ
EGP
EHO
EIN
EJM
EKL
EWZ
EXY
FFP
FGO
FHN
FIM
FJL
FKK
FVZ
FWY
FXX
GGN
GHM
GIL
GJK
GUZ
GVY
GWX
HHL
HIK
HJJ
HTZ
HUY
HVX
HWW
IIJ
ISZ
ITY
IUX
IVW
JRZ
JSY
JTX
JUW
JVV
KQZ
KRY
KSX
KTW
KUV
LPZ
LQY
LRX
LSW
LTV
LUU
MOZ
MPY
MQX
MRW
MSV
MTU
NNZ
NOY
NPX
NQW
NRV
NSU
NTT
OOX
OPW
OQV
ORU
OST
PPV
PQU
PRT
PSS
QQT
QRS
RRR

Share This Story, Choose Your Platform!

About the Author: NC Scout

NC Scout is the nom de guerre of a former Infantry Scout and Sergeant in one of the Army’s best Reconnaissance Units. He has combat tours in both Iraq and Afghanistan. He teaches a series of courses focusing on small unit skills rarely if ever taught anywhere else in the prepping and survival field, including his RTO Course which focuses on small unit communications. In his free time he is an avid hunter, bushcrafter, writer, long range shooter, prepper, amateur radio operator and Libertarian activist. He can be contacted at brushbeater@tutanota.com or via his blog at brushbeater.wordpress.com .

6 Comments

  1. Greg January 3, 2020 at 10:03

    Damned Impressive piece of work Scout! Damned Impressive!

    • NC Scout January 3, 2020 at 11:48

      Thanks for the compliments but I didn’t write it Brother. A reader did and sent it to me for publishing. It’s a testament to the quality we’ve got on our side.

  2. Mitch January 3, 2020 at 10:52

    Great thorough write up! I don’t have any connection to Partisan Labs but after reading the steps and equipment involved, it seems like my go to choice would be #2 above. That thing is rugged, portable, and turnkey. I have a Pi and honestly it’s a bit of a pain. I love Linux, but the Pi seems to get wonky every once in a while and requires a fresh install of the OS. One thing I’d recommend to anyone going with the RPi route for OTP generation is to get at least one extra MicroSD card and create a complete copy of your programming and OS, with instructions for the scripts for OTP generation. You can do that with a Pi straight from the USB port with a USB dongle with a MicroSD reader on it. Keep that extra card in a secure location, because the Pi will go down at some point. Also, practice encoding and decoding the OTPs. They’re not hard to mess up.

    • NC Scout January 3, 2020 at 11:47

      Yeah man. They’re awesome and Sproket is a standup guy.

  3. J. Thomas January 3, 2020 at 16:21

    Some people seem to have good success with a Pi in the field (like Julian – OH8STN) but I’m not one of them. I have trouble keeping them going in the house. Definitely do a system image of this after you build it. It will compress down to about 1.4Gig. PL’s system is great for hauling into the field. The Pi system is for other applications that PL’s doesn’t cover.

  4. Greg January 4, 2020 at 10:58

    Scout, please pass along the compliment…Am a junior Linux experimenter myself and I see some professionalism in that code. Thing is, this coder tapped out the whole thing, whereas we usually, just cut and paste much from other source code. This is why their code is clean. It’s due to their personal investment in it.

Comments are closed.

GUNS N GEAR

Categories

Archives