LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 09-14-2010, 03:50 AM   #1
dedeco
LQ Newbie
 
Registered: Aug 2005
Posts: 6

Rep: Reputation: 0
How to encrypt a single file for... ?


Hello,

I need to temporarily store a file containing sensitive data in a public server, in a secure way.

I think that encrypting the whole file would be much more secure than creating a passworded .zip encrypted file, because they could be subject of brute force attacks. Attacking a whole file of unknow format is harder, I think.

I thought of something like the command:

Code:
$ programidontknow --encrypt mysensitive.file --output-file mumblerumble.file

 (then the program asks interactively for a password)

$ ls
mysensitive.file mumblerumble.file

$
So I get one file that may look like junk.

I tried to search how to do it with GnuPG. But it seems that GnuPG needs much configuration I donīt want to do. I simply want to type the password one time to get the file. It doesnīt need to retain any configuration for what I want to do. In similar scenario, I would want to do this on a machine/account that is not mine.

I hope I was clear with my ideas.

Thank you,

Dedeco
 
Old 09-14-2010, 04:15 AM   #2
crts
Senior Member
 
Registered: Jan 2010
Posts: 1,604

Rep: Reputation: 446Reputation: 446Reputation: 446Reputation: 446Reputation: 446
Quote:
... GnuPG needs much configuration I donīt want to do.
which effectively translates to
I do not want to do much reading.

However, this is not a good practice in combination with
Quote:
... store a file containing sensitive data in a public server, in a secure way.
So instead of doing some reading you just want to trust some advice from some guy on the internet?

Anyway, I do not know what distribution you are using but on my system (Ubuntu 10.04) I do not have to configure gpg.
Code:
gpg -c file
will ask for a passphrase (and confirmation) and then encrypt the file.
 
Old 09-14-2010, 01:50 PM   #3
dv502
Member
 
Registered: Sep 2006
Location: USA - NYC
Distribution: Whatever icon you see!
Posts: 642

Rep: Reputation: 57
Encrypting and Decrypting files with openssl

Encrypt example:

openssl aes-256-cbc -a -salt -in some-file -out some-file.enc

Decrypt example:

openssl aes-256-cbc -d -a -in some-file.enc -out some-file

Replace some-file with your actual file

Last edited by dv502; 09-14-2010 at 01:52 PM.
 
Old 09-14-2010, 07:22 PM   #4
alan99
Member
 
Registered: Mar 2010
Distribution: Debian
Posts: 175

Rep: Reputation: 31
Quote:
Originally Posted by dedeco View Post
Hello,

I need to temporarily store a file containing sensitive data in a public server, in a secure way.

I think that encrypting the whole file would be much more secure than creating a passworded .zip encrypted file, because they could be subject of brute force attacks. Attacking a whole file of unknow format is harder, I think.

I thought of something like the command:

Code:
$ programidontknow --encrypt mysensitive.file --output-file mumblerumble.file

 (then the program asks interactively for a password)

$ ls
mysensitive.file mumblerumble.file

$
So I get one file that may look like junk.

I tried to search how to do it with GnuPG. But it seems that GnuPG needs much configuration I donīt want to do. I simply want to type the password one time to get the file. It doesnīt need to retain any configuration for what I want to do. In similar scenario, I would want to do this on a machine/account that is not mine.

I hope I was clear with my ideas.

Thank you,

Dedeco
It is not really that hard. First you need to generate you private-public key using a passphrase. I assume the private key would not be stored on the public server (for security). Then you encrypt using your public key (no password needed to encrypt). To decrypt you use your private key (passphrase required). your keys are normally stored in a directory something like $HOME/.gnupg
 
Old 09-14-2010, 09:09 PM   #5
jefro
Guru
 
Registered: Mar 2008
Posts: 11,549

Rep: Reputation: 1405Reputation: 1405Reputation: 1405Reputation: 1405Reputation: 1405Reputation: 1405Reputation: 1405Reputation: 1405Reputation: 1405Reputation: 1405
http://www.cyberciti.biz/tips/linux-...-password.html
 
Old 09-14-2010, 11:12 PM   #6
dedeco
LQ Newbie
 
Registered: Aug 2005
Posts: 6

Original Poster
Rep: Reputation: 0
Thank you all. This is exactly what I had in mind.

(who puts "[SOLVED]" on thread's titles?)

@crts: actually I am not that "bad". I did some reading. I read and skimmed most of GnuPG's man page, but I didnīt understand it very well. The "-c" option there was not clear to me. But if your "much reading" would mean many hours of reading, then, yes, I would not want it. And I usually do not blindly follow instructions.

@dv502: my man page for "openssl" (for "OpenSSL comand line tool") doesnīt say anything about the options you used, none of them. Although the program didnīt complain to execute it.

This kind of man page, or those that mention little and says to look the Texinfo manual wich many times isnīt isntalled makes it much harder for newbies to learn the commands they have on their system. ...

@alan99: but I most probably wonīt be on the same machine and account someother time. So it wouldnīt work, or it would troublesome (and carrying a private key around isnīt much of a good idea, I guess).

@jefro: nice example of what I wanted, using GnuPG. I am surprised to have not (and now again) found anything like this on GnuPG's help pages, like http://www.gnupg.org/documentation/faqs.en.html



Good bye, all.

Last edited by dedeco; 09-14-2010 at 11:32 PM.
 
Old 09-15-2010, 05:34 AM   #7
crts
Senior Member
 
Registered: Jan 2010
Posts: 1,604

Rep: Reputation: 446Reputation: 446Reputation: 446Reputation: 446Reputation: 446
Quote:
Originally Posted by dedeco View Post
(who puts "[SOLVED]" on thread's titles?)
You can mark the thread as [SOLVED] by clicking on "thread tools" (menu above your initial post) and then click on "mark as solved".
 
Old 09-16-2010, 01:43 AM   #8
prabhatsoni
Member
 
Registered: Oct 2004
Location: India
Distribution: FC 12
Posts: 233

Rep: Reputation: 30
It is late in the day but, I think it might serve some purpose.

Using LUKS one could create an encrypted container, which could be used to store your sensitive data. For example you could create a container of say 4.3 G, and then burn it on to a DVD.

I think this would be a useful solution. I can post the steps required for this, if needed


Prabhat Soni
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Best way to encrypt (or at least password-protect) a single directory? agi93 Slackware 15 07-20-2010 11:37 PM
crypt() perl function to encrypt Password in shell scripts or How Encrypt passwords ? balakrishnay Linux - General 13 01-14-2010 09:35 AM
encrypt and decrypt using encrypt(char block[64], int edflag) rockwell_001 Linux - Security 3 08-30-2009 09:16 AM
password protect/encrypt a single image bruce1271 Linux - Software 2 10-18-2003 08:29 PM


All times are GMT -5. The time now is 11:29 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration