Saturday, March 16, 2013

Pre-Shared Keys and Key Watermarks [English]

From version 0.2, MegaUploader allows to enter a "Pre-Shared Key" when uploading, and from version 0.6, it allows to enter up to 2 "Key Watermarks".

In this article these concepts will be explained, what are they and how you can use them.


MEGA file links has the following estructure: ! + FileID + ! + FileKey (44 characters).
If you miss the FileKey, you can still try to download the file (because you have the FileID), but the file content and name can't be retrieved - they are ciphered with the FileKey!

[Technical information, skip this paragraph if you don't understand]
The FileKey is a (modified) Base64 text string, this is, each character has the possible values of A-Z, a-z, 0-9, and two characters "-" and "_". We say modified because the "formal" Base64 encode uses "+" and "/" instead of "-",  "_", and put "=" at the end of the string if necessary.
Each Base64 character represents 6 bits of information, so the 44 characters represent a key of 256 bits (44 * 6 is a little bit more, 264 but only 256 bits are used), that is, 32 bytes.

The FileKey is generated randomly each time you upload a file. When uploading, a hash (if you don't understand what is a hash, it is something as a "signature") is calculated with the file content, and this hash is append to the FileKey (that hash is called "CBC MAC"). The hash is inserted at the end and in the middle of the FileKey, so if you divide the FileKey in 4 (more or less 11 characters each chunk), the first and third chunk is the original key, and the second and fourth chunk contains the hash.

If you know the original key but doesn't have the hash (CBC MAC), you will be able to download the file, but a Decryption Error will be displayed using MEGA webpage - because the hash can't be verified.

Key Watermarks

We have said that the hash is contained in the second and fourth chunk of the FileKey. This hash is calculated during the upload process, and involves an cryptographic ciphering of the file content. For that reason the hash will depend on the file, each file will have a different hash and we can't predict its value.

However, we can predict the value of the first and third chunk of the FileKey. You can modify its value and put whatever you want!

For that reason, you can insert up to 2 "Key Watermarks" in MegaUploader: one at the beginning of the key, and another one at the third position. You can only use some basics characters in that Watermark: alphabetical letters, numbers, and the "-" and "_". You can't use @, slashed, or other signs.

For example, this file was uploaded using Key Watermarks: the first one is "0123456789" and the second one is "9876543210":!OFEQ0Y4Z!0123456789wVrs6n7Jyx8-9876543210nkI8MA5Gf4g

If you don't specify any Key Watermark, the FileKey will be calculated randomly. But if you specify it, that text will appear in the FileKey!!

So, to sum up, the Watermark allows you to specify the first and third chunk of the FileKey and put your personalised text.


Pre-Shared Keys

A Pre-Shared Key has the opposite concept of the WaterMark.
In the WaterMark you specify the final value of the FileKey, after the hash calculation.
But in a Pre-Shared Key you specify the original value of the FileKey, before calculating the hash.

The target of a Pre-Shared Key is to allow sharing a link without the FileKey, only with the FileID. In that way you can share multiple links, all with a common password: the Pre-Shared Key.

When downloading the file with MegaDownloader, the program will calculate the FileKey with the Pre-Shared Key, and will be able to download and decrypt the file content.

As you can imagine, the hash value is lost - we don't have the FileKey! MegaDownloader will still be able to decrypt the content and download the file.
Of course, you can share the complete link with the FileKey as a normal link :) If you do, note that the FileKeys of all files will have a similar structure: the first and third part of the password will be the same, and only the second and fourth part will be different - because of the hash, which is unique for all files!

For example, consider this link:!yI00XQwY

You don't have the key, so you are unable to download it...  now, open MegaDownloader, go to the Configuration, Pre-Shared Keys, and put "Lorem Ipsum" as a key. Save and try to download it.
You will be able to do it!

Security Concerns

At the beginning we said that the FileKey was generated randomly for each file.
Using the Pre-Shared Keys or the Key Watermarks, we generate a non-random FileKey: all the files using the Pre-Shared Keys will use the same password as the original "seed", and all the files using the Watermark will contain the same text in the FileKey. So the key to decrypt each one of these files is less secure than an unique-randomly-created key!
For that reason it is not recommended to use these features. Use them only if you know really what you are doing, and if the security is not your main concern.


MegaUploader Watermark feature allows you to specify the first and third chunk of the FileKey and put your personalised text.
The Pre-Shared Key feature allows you to share only the link with the FileID, so users with the Pre-Shared Key will be able to download it using MegaDownloader, even if they don't have the FileKey.
These features reduce the FileKey security so they should only be used when security is not a main concern. If not, it is recommended not to use them.