How to copy files to an untrusted computer?

I want to copy files securely from one computer to another, the other computer however isn't trusted and I don't have direct access to it other then giving the owner of the computer instructions. In addition to that this is a one-time only situation, so any cumbersome setup should be avoided. What would be the easiest and most portable way to do it?

What I have in mind would be a program with the following workflow:

The host with the files issues a hypothetical command to make the files available, protected with a password:

file-offer -p PASSWORD file1 file2 file3 directory
The other issuse a hypothetical command with the password to receive a file (a GUI to select files would be welcome as well):

file-receive -p PASSWORD file2

The closest thing I have right now is this hack, which works but isn't very comfortable and would give Windows users some trouble:

tar cf - [files]... | gpg -c --passphrase PASSWORD | nc -l -p 6666
nc host1 6666 | gpg --passphrase PASSWORD | tar xf - [files]...

Some more notes:

neither of the users has root access (so no servers accessing ports < 1024)
copying files prior to making them available should be avoided (i.e. no cp files /var/www/)
ssh/scp doesn't work as that would require giving the password of one host to the other
using rsync with rsyncd.conf mostly works, but is cumbersome to setup and doesn't provide a way to share a single file, only directories
a ftp/http server that could be launched and configured with a single command line could work, https support for encryption would be welcome as well as a way to share single files instead of just directories, don't know any server that fits these criteria
USB isn't an option as the other host might only be available over the network
a file upload service isn't an option either (file size limits, upload to untrusted third party, user might be on LAN, not the Internet. etc.)

Grumbel

Posted 2009-09-16T12:50:14.677

Reputation: 3 100

I have problems with your first sentence. You can't do anything securely on or with an untrusted computer. Could you define what you mean by "securely"? – David Thornley – 2009-09-16T14:05:26.017

By "securely" I simply mean that the files should not be interceptable by a third party (i.e. having encrypted transmission and password protected access would enough to accomplish that).

By 'untrusted' I simply mean that I can't trust the other user, the computers themselves are fine (i.e. doing scp wouldn't work since either I would have to give him my password or he would have to give me his). – Grumbel – 2009-09-16T14:15:53.880

So by "untrusted" you mean that you can trust the other user with these files, but not with any other sensitive personal information? – David Z – 2009-09-16T20:59:48.810

Yes, exactly. – Grumbel – 2009-09-17T02:29:17.967

Answers

GnuPG encryption!

$ gpg -e mysecretfile
You did not specify a user ID. (you may use "-r")

Current recipients:

Enter the user ID.  End with an empty line: ben

Current recipients:
2048g/52FFA1E 2009-01-02 "Bob McBlah <bob.mcblah@example.com>"

Enter the user ID.  End with an empty line: 

$ ls *.gpg
mysecretfile.gpg

The file mysecretfile.gpg is now encrypted, in a way such that only the person (Bob McBlah) can decrypt the file (asymmetric or public-key crypto).

The file can safely be sent using any medium capable of sending a file (netcat, email, FTP, dropbox, mediafire.com etc etc), with practically no risk of interception.

If you use the -a "ASCII armour" flag, the encrypted file (which would be named mysecretfile.asc) is plain ASCII text, which can be sent in any medium that can send ASCII text, so answers to any other "how can I send an x MB file" question would applicable..

For a solution to your specific problem, perhaps a simple Python script could be written using the BaseHTTPServer module:

import sys
from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer

thefile = None

class MyHandler(BaseHTTPRequestHandler):

    def do_GET(self):
        global thefile
        try:
            if self.path == "/":
                f = open(thefile)

                self.send_response(200)
                self.send_header('Content-type', 'application/x-gpg')
                self.send_header('Content-disposition', 'filename="%s"' % thefile.replace("\"", ""))
                self.end_headers()

                self.wfile.write(f.read())
                f.close()
            else:
                self.send_error(404, 'File not found: %s' % self.path)

        except IOError:
            self.send_error(404,'File Not Found: %s' % self.path)

def main():
    global thefile
    if len(sys.argv) == 2:
        thefile =  sys.argv[1]
    else:
        print "Usage: %s [path to served file]" % sys.argv[0]
        sys.exit(1)
    try:
        server = HTTPServer(('', 8080), MyHandler())
        print 'Started server on port 8080'
        server.serve_forever()
    except KeyboardInterrupt:
        print 'Keyboard abort, shutting down server'
        server.socket.close()

if __name__ == '__main__':
    main()

Save it as servefile.py and run as python servefile.py /path/to/my/file.gpg

The above code is not exactly great, but should be fine for one-off transfers.

dbr

Posted 2009-09-16T12:50:14.677

Reputation: 4 987

Is handing off a USB drive feasible? It might be too cumbersome, but it would solve the issue of connecting to a non-trusted computer. Also, it wouldn't be too difficult for users of any OS to pull the needed files with minimal instruction.

DHayes

Posted 2009-09-16T12:50:14.677

Reputation: 2 103

There's an old saying: "Never underestimate the bandwidth of a station wagon filled with mag tapes." You can modernize the saying with DVD-Rs or external hard drives or whatever. Latency can be a pain, though. – David Thornley – 2009-09-16T14:06:49.150

If you're in South Africa, pigeons are your best bet: http://www.news.com.au/technology/story/0,25642,26053119-5014239,00.html

– shufler – 2009-09-16T17:17:02.363

If both computers are hooked up to the internet, maybe something like DropBox would be acceptable.

KeithB

Posted 2009-09-16T12:50:14.677

Reputation: 8 506

Create temp user with password but no shell access (e.g. with scponly).
Give that user rights to files.
Copy files with SCP.
Once everything is done, remove that user.

Josip Medved

Posted 2009-09-16T12:50:14.677

Reputation: 8 582

While that way of doing it would work, it is unacceptable on multiple levels, it requires having root rights, modification to the the files that I want to share, gives away far more rights then needed and is extremely cumbersome. I am searching for something that is easy, secure and doesn't require modification to the files that should be shared. – Grumbel – 2009-09-16T13:11:55.617

@Grumbel: Why would this require root rights? And also, you can set (chmod) files to be read-only for that user. SSH works for non-root users also... – Josip Medved – 2009-09-16T21:42:11.097

Creating and removing a temp user would require root rights. – Grumbel – 2009-09-17T02:34:26.973

@Grumbel: I assumed that you had that access to server computer. If that is not so, then this is a problem. – Josip Medved – 2009-09-17T08:00:39.453

If you're looking for a lightweight webserver this page at Wikipedia might help.

Dave Webb

Posted 2009-09-16T12:50:14.677

Reputation: 10 126

SSH can use public / private key authentication. This allows you to give the "untrusted" computer your public key. And then you keep your private key secret and password protected and then you can login to the other machine.

You can then scp the files as long as the user you ssh in has the appropriate permissions. And because you are using SSH all of the files are encrypted in transit.

Olly

Posted 2009-09-16T12:50:14.677

Reputation: 566

It should work the other way, too - get the remote user to generate his key pair, and send you his public key. He can then scp from your machine, no passwords needed. – chris – 2009-09-16T16:21:36.623

Public key would still give full access to the machine instead of just access to the handful of files that should be shared. – Grumbel – 2009-09-16T16:35:18.203

It would give you access to the other machine, and not even full access, just whatever level of access the user you log in as has. This is the way I've seen it done in the past (by some people who knew what they were doing) and what I'd recommend. – David Z – 2009-09-16T21:01:38.370

@grumbel you would be better restricting the files allowed based on file permissions I would have thought. However you could set up SSH in a chroot (http://howtoforge.com/chrooted_ssh_howto_debian) to limit SSH / SCP to a particular directory.

– Olly – 2009-09-17T14:13:56.990

You could also set up a free account on Inbox.com. One of their services (besides email) is file storage up to 5 GB (also free). Just create an account that both of you can share, upload your files, and let the other person download them. Afterwards, forget about the account, change the password and keep it, or do whatever you want with it.

Tom A

Posted 2009-09-16T12:50:14.677

Reputation: 1 536