LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-05-2008, 12:53 PM   #1
Amdx2_x64
Member
 
Registered: Jun 2008
Distribution: Left LQ. Mods are too Rude!
Posts: 598

Rep: Reputation: 50
Encrypting Folders, Files and Partitions (What are the best Linux programs to use?)


My main question has to do with folders and files. What are the best program(s) to use to encrypt folders and files. Something that needs a password each time I want to access them?

Is there anything good that encrypts whole partitions. Something that needs a password each time I access it?

I am looking for something that if someone tries to somehow remotely access those folders as well as using a live cd or even another os on the same computer or network, etc, they can't do so without the password.

Last edited by Amdx2_x64; 08-05-2008 at 12:55 PM.
 
Old 08-05-2008, 01:07 PM   #2
jailbait
Guru
 
Registered: Feb 2003
Location: Blue Ridge Mountain
Distribution: Debian Wheezy, Debian Jessie
Posts: 7,509

Rep: Reputation: 176Reputation: 176
I use ccrypt to encrypt the files where I keep my passwords. When you want to use a ccrypt file you decrypt the file and access it as normal text. When you are finished you encrypt the file again. The passwords can be extremely strong using ccrypt.

http://ccrypt.sourceforge.net/

---------------------------
Steve Stites
 
Old 08-05-2008, 03:59 PM   #3
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Rep: Reputation: 63
I like "fuse-encfs" which is nice to encrypt a entire folder "on-the-fly". When I done, I umount that encrypted folder and it is "safe" (I hope )
 
Old 08-05-2008, 04:50 PM   #4
Amdx2_x64
Member
 
Registered: Jun 2008
Distribution: Left LQ. Mods are too Rude!
Posts: 598

Original Poster
Rep: Reputation: 50
Thank you both.

I installed encfs and fuse-utils where already installed on Xubuntu 8.04.1. When I try to mount /home/<my folder is here>/.encrypted /home/<my folder is here>/encrypted I get this message.

fuse failed. Common problems:
- fuse kernel module not installed (modprobe fuse)
- invalid options -- see usage message

Now I did run modprobe fuse. I received no error message or any message for that matter, it just return me to $, so am I missing something here? Is there something more I need to install? I am guessing it has something to do with the invalid options?

(The /.encrypted and /encrypted are just tests nothing real is in them.)

Now from what I understand, the /.encrypted is where the encrypted files will be stored. The /encrypted folder is where I will be mounting it at. But I am lost a little on the rest I guess.


edit:
I followed these instructions,

How To: use encrypted directories with ENCFS and FUSE

There is many options out there to encrypt datas on a hard drive. You could either encrypt a whole partition using kernel filesystem or simply encrypt specifics directories on your hard disk.

encfs along with fuse can accomplish this.

This how-to will show how you can easily encrypt a directory on your filesystem.

the tools we are going to use here are:

* fuse

* encfs

encfs allow encrypting virtual filesystem, virtual because you are not going to encrypt a whole partition but simply use a native filesystem such as ext3, reiserfs... A good point is that you do not have to create a new filesystem and define a specific size, but will be able to use as much room left in the existing filesystem you are going to encrypt the directory on.

Now, let install the required packages:

$sudo apt-get install fuse-utils encfs

You need to make sure that your user belong to the fuse group:

$groups

if you see fuse in the response, it is all ok, otherwise, add your normal user to fuse group:

$sudo adduser myuser fuse

Also, the fuse kernel module need to be loaded:

$sudo modprobe fuse

If you want this module to be automatically loaded at boot time, you need to had it to /etc/modules .
Now assume that you want an encrypted directory named /home/myuser/encrypted, the first thing we need to do is to create a virtual mount point: /home/myuser/.encrypted, and the directory it is going to mount on:

$mkdir /home/myuser/.encrypted
$mkdir /home/myuser/encrypted

now, simply mount the filesystem using encfs. If the filesystem is already created, it is only going to prompt for the passphrase decrypting the filesystem, otherwise it will ask you question for creating the filesystem, simply typing ENTER will do a standard configuration which should suit most people.

Well, now mount your filesystem and start editing files.

$encfs /home/myuser/.encrypted /home/myuser/encrypted
$echo "test" > /home/myuser/encrypted/test.txt
$echo "test2" > /home/myuser/encrypted/test2.txt

as you can see, test.txt and test2.txt are created and readable in /home/myuser/encrypted. Now, unmount your encrypted filesystem:

$fusermount -u /home/myuser/encrypted

check the content of /home/myuser/encrypted:

$ls /home/myuser/encrypted

Empty! All the files are in /home/myuser/.encrypted:

$ls /home/myuser/.encrypted

Filenames are encrypted and if their content is not human readable . Now, mount the encrypted directory back:

$encfs /home/myuser/.encrypted /home/myuser/encrypted

Supply the password you defined when creating the filesystem and check the content of /home/myuser/encrypted:

$ls /home/myuser/encrypted
test.txt test2.txt

Your files are back .

Conclusion: This is a pretty simple file encryption, it has the advantage of not being applied to a whole partition so you do not have to create and initialize an encrypted partition, but instead, you are only going to create a directory where you will write your sensitive datas.

Last edited by Amdx2_x64; 08-05-2008 at 05:17 PM.
 
Old 08-14-2008, 07:36 PM   #5
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Rep: Reputation: 63
If you are not member of fuse group, you need to logout and login again to this change has effect.
The module fuse needs to be load by root, and the command "modprobe fuse" needs to be issued by root.
And the general command to mount a encrypted folder is encfs. arguments for encfs MUST BE an absolute paths, not relative ones. (I mean, they must start with "/")

take a look:

Code:
[miguel@oldbit ~]$ mkdir folder folder.enc
[miguel@oldbit ~]$ encfs /home/miguel/folder.enc/ /home/miguel/folder
Creating new encrypted volume.
Please choose from one of the following options:
 enter "x" for expert configuration mode,
 enter "p" for pre-configured paranoia mode,
 anything else, or an empty line will select standard mode.
?> 

Standard configuration selected.

Configuration finished.  The filesystem to be created has
the following properties:
Filesystem cipher: "ssl/aes", version 2:1:1
Filename encoding: "nameio/block", version 3:0:1
Key Size: 192 bits
Block Size: 1024 bytes
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.

Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism.  However, the password can be changed
later using encfsctl.

New Encfs Password: 
Verify Encfs Password: 
[miguel@oldbit ~]$ touch folder/test
[miguel@oldbit ~]$ fusermount -u folder
[miguel@oldbit ~]$ ls folder.enc/
OY7q3,85,g1UXe2ZfIVMsc80
[miguel@oldbit ~]$

Last edited by marozsas; 08-14-2008 at 07:39 PM.
 
Old 08-19-2008, 07:22 PM   #6
NathanFlowers
LQ Newbie
 
Registered: Jul 2008
Distribution: Debian based Kubuntu
Posts: 4

Rep: Reputation: 0
Can Some one Post a thorough how to on whole hard drive encryption; if not then individual partitions, and or files(what files should i encrypt? I'd prefer to use PGP as I believe it to be the best (NSA uses it so it has to be secure?) A complete walk thou would be best for me, I'm not new to Linux just not an expert ether.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
encrypting partitions shouup Suse/Novell 3 12-28-2006 01:49 PM
Samba can create new files and folders but access denied in any new folders k.king Linux - Networking 2 01-15-2006 06:14 AM
encrypting files in linux darkangel29 Linux - Software 1 11-27-2005 02:17 PM
Encrypting partitions on an external HD. Napalm Llama Linux - Security 2 11-09-2005 08:02 AM
software for encrypting files? mifan Linux - Security 8 08-13-2005 09:13 AM


All times are GMT -5. The time now is 03:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration