Flickr photo protection - encryption and digital signature

Recently Yahoo's Flickr made a bold move and allowed allowed almost infinite space (1 Terabyte) for user’s photos. Such functionalities now allow users to upload photos of highest and original quality, and Flickr won't be post-processing them to save the disk space.

We have decided to run a small experiment using our pkiStorage and pkiImage solutions to demostrate an encrypted image exchange between two users. All images are hosted with public access and you can try to download them and then decrypt yourself - see the end of the blog how to do that.

The experiment was the following: we took an image and two personal certificates – Alice and Charlie. "Alice" and "Charlie" are fictional persons usually used as placeholder names (Alice and Bob in Wikipedia). And we have made it so that Alice wanted to share an encrypted image with Charlie using Flickr. To do that we have used pkiImage for image encryption and decryption; pkiStorage to switch personal certificates (thus, emulating two users), and Flickr account that was created this January, 2014. Moreover, we encrypted and signed those images, and blocked the export capability.

pkiImage screenshot of blocking the export

It means that Charlie can decrypt the image and see the content of the image, but he cannot save the original on his own PC. For the encrypted image, we used a dummy thumbnail to hide the real the image.

pkiImage screenshot of thumbnail that replaces the original image

pkiStorage was used to switch between different personal certificates, and with certificate autoregistration feature it allowed us to switch immediately between certificates, registering and deregistering them in Windows Certificate Store.

Here is the resulting video of the experiment.

Here are the images that were used:

To check it you can also download the images from our Flickr account - Flickr Buypki Photostream. We will also be pasting other experimental photos there.

Also note that you should download only original size.

Screenshot of Flickr UI to download original image

This image is encrypted and signed, so any alteration to it’s original data (generating different from original size of the image leads to repositioning of bits) will make decryption impossible.

Then after downloading the original size install pkiImage (you can download it from our buypki.com website, or from download.com), install to your PC Charlie’s PFX file, and then just open the image in pkiImage and decrypt it - you can watch JPEG decryption instruction in our Youtube channel to see how to decrypt images.