Can you keep a secret?

Explore

Can you keep a secret?

This doc introduces a few techniques to implement encryption in Coda.

What is Encryption?

That’s a good question to answer up front so we’re all on the same page. An accurate definition would include a few technical terms you should know as they are referenced throughout the doc. These terms are defined alongside 👉

A layman

⁠

technical definition:

⁠

“Encryption is the process of securing information in such a way that it is difficult or impossible for other people to read without your permission.”

⁠

Encryption is a really fascinating field, and building this doc was challenging but also a ton of fun. In other industries, so much of the implementation of encryption is abstracted away from you as a developer, so actually learning and coding the “ground level” stuff was a blast!

With that said, let’s dive in...

ᴡʜᴀᴛ’s

⁠

Plaintext

⁠

ᴍᴇᴀɴ?

ᴅᴇғɪɴᴇ

⁠

Cipher

⁠

ғᴏʀ ᴍᴇ?

ɪs

⁠

Ciphertext

⁠

ɢɪʙʙᴇʀɪsʜ?

ᴡʜᴀᴛs ᴀ ᴜɴɪǫᴜᴇ

⁠

Key

⁠

💡 Click the grey buttons for definitions.

⁠

“The first rule of keeping secrets is nothing on paper.”

- Thomas Powers

⁠

Let’s start with a little game...

Julius Caesar was so fond of a particular encryption technique that the technique was subsequently named after him. A Caesar Cipher is a type of substitution cipher, where the plaintext is encrypted by shifting each letter by a given number of places.

Examples of A Right shift of 3:

- A → D

- JULIUS → MXOKXV

“The Lives of the Caesars”

According to

Suetonius⁠

, Caesar used it with a “shift of three” to protect messages of military significance.

Cite

⁠

Brute force decrypting a Caesar Cipher with modern technology is trivially easy. We call it Brutus forcing a Caesar Cipher 🔪😉

Here’s an example, why don’t you give it a go?

⁠

💡 Use the slider to adjust the shift value of the cipher until you break the encryption. You can click Help! if you get stuck, or are just feeling lazy ;) ⁠ 👇 A positive value shift characters forward, alphabetically; negative shifts backwards. ⁠ ⁠

⁠

Shift Value:

000

Help!

Show 5 more

There are no rows in this table

⁠

Alex Motoc⁠

Unsplash⁠

⁠

What does this teach us?

I think the biggest takeaway is that the encryption method (the Cipher) that we use is really important. Just because the encoded text looked like random gibberish to the untrained eye, it doesn’t mean that our information is necessarily secure against attack.

That’s an important thing to keep in mind as we progress through the techniques I want to show you in this doc.

⁠

Where this idea came from...

I am working on a Wiki for my team at

Supersynchronous⁠

. It’s designed such that multiple users can contribute to a communal knowledgebase in the spirit of sharing information and techniques that could be helpful for our diverse client needs. There’s some info that I wanted to keep handy that I wouldn't be happy sharing publicly, and it felt like a shame that my sparkling new doc couldn’t be used for private information alongside the shared knowledge contributed to the team. I would have to keep that info in a separate doc.

It was at that point that I wondered whether it’d be possible to encrypt my information within a Coda doc in such a way that only I could decrypt it. Coming from a Web Development background, this is something I happen to have some experience in, but building a solution in Coda brought along... Some unique challenges... It turns out that implementing encryption in a Coda Doc is a different beast.

⁠

Storing secrets in plain sight

This is really the crux how this doc works, and what (I think) makes it special.

When you’re encrypting content on a web server, you have the delightful benefit of your users not being able to see your code. Here in Coda-land, there’s nowhere to store content that’s not visible to alllllll other users with access to the doc.

If you want to password-protect something in Coda, where on earth do you store the password?!?

What about features like Doc Locking and Hidden Pages?

Coda has been pretty clear in their documentation that these are convenience and User Interface features and should not be used for security.

⁠

“The best solution is to NOT store the password”

- Me

⁠

That’s how this doc works. You won’t find any passwords stored in any of the tables in this doc. Instead, the password the user chooses is used as the key which with to encrypt the text, and again used to decrypt the text later on.

⁠

Where to from here?

Right, I think that’s probably enough chit chat, let’s get into the demos. First up, the Simple Security page demoes exactly what we’ve discussed. Instead of storing the user’s password, it’s used as the Encryption Key which encodes each character of the user’s text.

⁠

Simple Security This solution has relatively low security.⁠

Gallery

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.