DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 19th September 2008
JMJ_coder JMJ_coder is offline
VPN Cryptographer
 
Join Date: May 2008
Posts: 464
Default Encrypting Files

What's the best way to encrypt or protect files on your computer? Say a plain ascii file that holds sensitive personal or company data that you don't want left as plain ascii text.
__________________
And the WORD was made flesh, and dwelt among us. (John 1:14)
Reply With Quote
  #2   (View Single Post)  
Old 19th September 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

I would use OpenSSL, but that's just me...

$ openssl enc -aes-256-cbc -salt -in naughty-doc.txt -out naughty-doc.encrypt

This will prompt you for a passphrase, now.. that can be a password, but it can also be a phrase.. you'll definitely need to remember the grammar & capitalization though.

If you decide to use a password, make it a long and complex one...

To decrypt the file:
$ openssl enc -d -aes-256-cbc -in naughty-doc.encrypt -out naughty-doc.txt

You can obtain a list of ciphers via:
$ openssl enc -h

Good luck..

Last edited by BSDfan666; 19th September 2008 at 03:04 AM.
Reply With Quote
  #3   (View Single Post)  
Old 19th September 2008
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Default

I usually apply a Caesar cipher (not rot13), archive the data with a password, and encrypt it again in a stronger manor.


Whether or not it's a good idea, I dunno, but works for me.
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #4   (View Single Post)  
Old 19th September 2008
BSDKaffee's Avatar
BSDKaffee BSDKaffee is offline
Real Name: Jason Hale
Coffee Addict
 
Join Date: May 2008
Location: Wintersville, Ohio
Posts: 212
Default

For individual files, you could use GPG.

For many files, I use geli. That is only available on FreeBSD, however.
Reply With Quote
  #5   (View Single Post)  
Old 19th September 2008
Nightweaver's Avatar
Nightweaver Nightweaver is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Belgrade, Serbia
Posts: 47
Default

Each BSD has it's own way of encrypting the whole hard drive. On FreeBSD you may go for geli or gdbe http://www.freebsd.org/doc/en_US.ISO...ncrypting.html. On NetBSD you'll go for CGD http://www.netbsd.org/docs/guide/en/chap-cgd.html and on OpenBSD(which I use) you'll go for http://geektechnique.org/projectlab/...leserver-howto

For individual files and emails I use GnuPG.
__________________
If it moves, crypt it. Unless it's static - than you should double-crypt it.
Reply With Quote
  #6   (View Single Post)  
Old 19th September 2008
hydra's Avatar
hydra hydra is offline
Port Guard
 
Join Date: May 2008
Location: Slovakia (Europe)
Posts: 41
Default

+1 for openssl as suggested by BSDfan666.
Reply With Quote
  #7   (View Single Post)  
Old 21st September 2008
JMJ_coder JMJ_coder is offline
VPN Cryptographer
 
Join Date: May 2008
Posts: 464
Default

Does anyone know where (/etc/passwd ?) and how login passwords are stored and encrypted (if at all)?
__________________
And the WORD was made flesh, and dwelt among us. (John 1:14)
Reply With Quote
  #8   (View Single Post)  
Old 21st September 2008
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Default

As far as I know, it depends on the system and it's settings JMJ; it should obey /etc/login.conf.
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #9   (View Single Post)  
Old 9th October 2008
mfaridi's Avatar
mfaridi mfaridi is offline
Spam Deminer
 
Join Date: May 2008
Location: Afghanistan
Posts: 320
Default

Quote:
Originally Posted by BSDfan666 View Post
I would use OpenSSL, but that's just me...

$ openssl enc -aes-256-cbc -salt -in naughty-doc.txt -out naughty-doc.encrypt

This will prompt you for a passphrase, now.. that can be a password, but it can also be a phrase.. you'll definitely need to remember the grammar & capitalization though.

If you decide to use a password, make it a long and complex one...

To decrypt the file:
$ openssl enc -d -aes-256-cbc -in naughty-doc.encrypt -out naughty-doc.txt

You can obtain a list of ciphers via:
$ openssl enc -h

Good luck..
thanks this is good and nice method , but if I can use it for encrypt folder or directory it is great
Can I use it for encrypt folder ???
Reply With Quote
Old 9th October 2008
vermaden's Avatar
vermaden vermaden is offline
Administrator
 
Join Date: Apr 2008
Location: pl_PL.lodz
Posts: 1,056
Default

Quote:
Originally Posted by mfaridi View Post
thanks this is good and nice method , but if I can use it for encrypt folder or directory it is great
Can I use it for encrypt folder ???
Use the tar(1) luke.
__________________
religions, worst damnation of mankind
"If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds

Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”.
vermaden's: links resources deviantart spreadbsd
Reply With Quote
Old 9th October 2008
mfaridi's Avatar
mfaridi mfaridi is offline
Spam Deminer
 
Join Date: May 2008
Location: Afghanistan
Posts: 320
Default

Quote:
Originally Posted by vermaden View Post
Use the tar(1) luke.
I do not want first tar that folder and then encrypt it , it is take time for extract it .
Reply With Quote
Old 9th October 2008
vermaden's Avatar
vermaden vermaden is offline
Administrator
 
Join Date: Apr 2008
Location: pl_PL.lodz
Posts: 1,056
Default

Do not use compresion then, tar alone does not compress files.
__________________
religions, worst damnation of mankind
"If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds

Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”.
vermaden's: links resources deviantart spreadbsd
Reply With Quote
Old 9th October 2008
ephemera's Avatar
ephemera ephemera is offline
Knuth's homeboy
 
Join Date: Apr 2008
Posts: 537
Default

Quote:
Originally Posted by mfaridi View Post
I do not want first tar that folder and then encrypt it , it is take time for extract it .
Well, if its say a 1GB folder then the i/o involved will take time.

Why don't you simply create another user account called userX.
# chmod 700 ~userX

Then, put all ya top-secret stuff in there.

Anytime you want to access the top-secret stuff just do the following from your regular account:
$ su - userX

Ofcourse, for max. safety use tar + openssl.
Reply With Quote
Old 9th October 2008
sverreh's Avatar
sverreh sverreh is offline
Real Name: Sverre Hval
Port Guard
 
Join Date: Apr 2008
Location: Norway
Posts: 36
Default

Quote:
Originally Posted by JMJ_coder View Post
What's the best way to encrypt or protect files on your computer? Say a plain ascii file that holds sensitive personal or company data that you don't want left as plain ascii text.
Using a tool like steghide you can hide the file in a picture or sound file, so people won't even notice that there are secret data available. To add extra security, first encrypt your file as proposed by several others, and then use steghide to hide the encrypted file.

Example:

Code:
steghide embed -cf picture.jpg -ef encrypted_file -sf new_picture.jpg
The file new_picture.jpg will look identical to the file picture.jpg, but the secret information is hidden in it. To retrieve your original secret data:

Code:
steghide extract -sf new_picture.jpg
steghide is in ports:

/usr/ports/security/steghide
Reply With Quote
Old 9th October 2008
vermaden's Avatar
vermaden vermaden is offline
Administrator
 
Join Date: Apr 2008
Location: pl_PL.lodz
Posts: 1,056
Default

It may be little suspicious if someone would find a JPG image with 3.0GB size
__________________
religions, worst damnation of mankind
"If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds

Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”.
vermaden's: links resources deviantart spreadbsd
Reply With Quote
Old 9th October 2008
mfaridi's Avatar
mfaridi mfaridi is offline
Spam Deminer
 
Join Date: May 2008
Location: Afghanistan
Posts: 320
Default

I think this topic is best and nice topic in all of this forums. I like and love this topic
after I test openssl and encrypt file , I can understand I can delete encrypt file and it is so bad I want way to hide file and nobody can delete that file ,
I will test steghide I thinks this is good thing.

but I need something like truecrypt.
Reply With Quote
Old 9th October 2008
ephemera's Avatar
ephemera ephemera is offline
Knuth's homeboy
 
Join Date: Apr 2008
Posts: 537
Default

steghide s a cool thing for hiding small files (secret emails?), passwords etc.
i wonder how many of us check downloaded images for hidden content?
Reply With Quote
Old 9th October 2008
sverreh's Avatar
sverreh sverreh is offline
Real Name: Sverre Hval
Port Guard
 
Join Date: Apr 2008
Location: Norway
Posts: 36
Default

Quote:
Originally Posted by vermaden View Post
It may be little suspicious if someone would find a JPG image with 3.0GB size
Yes, I would be suspicious, too. But you could hide an awful amount of secrets in a 3 GB picture, I think. From what I have experienced, it seems like I can hide about 5 - 6 % of the files size. For instance, I have successfully hidden a PDF-file of 140 kB (6 pages filled with equations and diagrams) in a picture of 2.4 MB. My only problem is that I don't need to hide data, but it is quite fun!
Reply With Quote
Old 9th October 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

Quote:
Originally Posted by mfaridi View Post
...I want way to hide file and nobody can delete that file...
This is where file permissions and routine backups come in..
Reply With Quote
Old 9th October 2008
ddekok ddekok is offline
Port Guard
 
Join Date: May 2008
Posts: 38
Default

Has anybody tried FUSE EncFS? It appears to be a file-backed file system with no pre-determined size. Also, given that it is FUSE based, it should be fairly portable.

Last edited by ddekok; 9th October 2008 at 05:14 PM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cleaning Portsnap files in /var/db/portsnap/files bram85 FreeBSD Ports and Packages 2 5th October 2009 09:54 AM
Encrypting gvinum raid5 oxy FreeBSD General 1 13th December 2008 05:59 PM
How to sync files over ftp graudeejs FreeBSD General 4 4th August 2008 10:18 PM
Moving files Weaseal Programming 2 14th July 2008 07:30 AM
Encrypting hard drive? ViperChief FreeBSD Installation and Upgrading 5 31st May 2008 03:42 PM


All times are GMT. The time now is 09:22 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick