LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-28-2005, 09:58 AM   #1
rblampain
Member
 
Registered: Aug 2004
Location: Western Australia
Distribution: Debian 7
Posts: 835

Rep: Reputation: 35
writing encrypted data to disk


I want to encrypt data coming over the wire and write it to disk encrypted. This is details of members of a NFP organization.
I've searched on the net and found only "loop-AES" as a likely suitable tool.
Questions:
1) Is there other tools? (I do not want to encrypt a file or a partition or a disk)

2) Does anyone know of a suitable howto or similar?

3) The data is encrypted coming through HTTPS, Is there a way I can make use of that encrypted data?
It seems silly to me that the in-coming data has to be decrypted and then encrypted again.

Thank you for your help.
 
Old 07-28-2005, 04:07 PM   #2
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
You *MUST* encrypt one of a file, partition or disk. Unfortunately, due to the nature of HTTPS versus on-disk encryption, you can't use it directly.

And, on a stupid question, what is an NFP organization?
 
Old 07-28-2005, 10:05 PM   #3
rblampain
Member
 
Registered: Aug 2004
Location: Western Australia
Distribution: Debian 7
Posts: 835

Original Poster
Rep: Reputation: 35
It's not a stupid question. Here in .au the tax office calls it a "Not For Profit" organization, other countries will probably have other acronyms.

I probably have the wrong concept of encryption, according to what I've read and according to your answer I visualize the manual encryption of a file that would make this file unsuitable for expansion with non-encrypted data.

Does file encryption mean that when non-encrypted data is appended to the file, it is detected that the file is encrypted and the data is then encrypted before being appended? Does the same apply to a partition or a disk?

I've not found anything on the web explaining this point. All I've found is relating to someone deciding "well.. I'll encrypt the file now" which is not what I need.

I've searched LQ answers but if my perception of encryption is wrong, I've probably entered unsuitable keywords which lead to my finding not much.

Thank you very much for your help.
 
Old 07-28-2005, 10:08 PM   #4
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
Well, let's approach it this way: what are you trying to accomplish? What attack vectors do you imagine? Stolen hard disk? Hackers?
 
Old 07-29-2005, 12:52 AM   #5
rblampain
Member
 
Registered: Aug 2004
Location: Western Australia
Distribution: Debian 7
Posts: 835

Original Poster
Rep: Reputation: 35
Stolen computer. The computer involved will run unattended sometime.
 
Old 07-29-2005, 08:36 AM   #6
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
Encryption and unattended can be hard to achieve. Are you desiring that it be able to reboot automatically and access the encrypted data?
 
Old 07-29-2005, 09:57 AM   #7
rblampain
Member
 
Registered: Aug 2004
Location: Western Australia
Distribution: Debian 7
Posts: 835

Original Poster
Rep: Reputation: 35
Thanks to Matir.
The encryption is only intended to protect the data in case the computer is stolen.
The system is still to be implemented but the idea we have is to synchronize a few computers in different locations as servers and set them up so that if the main server gets offline, another one takes over within minutes.
The automatic reboot is not contemplated at all, on the contrary.
These computers are likely to be set up in different countries.
 
Old 07-29-2005, 10:33 AM   #8
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
Well, if I were you, I would store this data on a dm-crytped partition or file. You'll still need to provide a passphrase once per boot to mount it, though.
 
Old 07-30-2005, 01:06 AM   #9
rblampain
Member
 
Registered: Aug 2004
Location: Western Australia
Distribution: Debian 7
Posts: 835

Original Poster
Rep: Reputation: 35
Thank you Matir.
 
Old 07-31-2005, 12:09 AM   #10
rblampain
Member
 
Registered: Aug 2004
Location: Western Australia
Distribution: Debian 7
Posts: 835

Original Poster
Rep: Reputation: 35
The encrypted file(s) will have to be read at random, for example if a user/client wants to change some details (address or password etc), The files involved are "flat files".

I suppose I can just read one record like any other unencrypted file.
How can I find the length of the record created by md-crypt without having to go through the docs of each encryption methods supported by md-crypt?

Thank you.

Last edited by rblampain; 07-31-2005 at 12:10 AM.
 
Old 07-31-2005, 12:33 PM   #11
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
That would really depend on the crypto algorithm, but to unencrypt a subset of the file would only be possible with a block cipher, not a stream cipher, and only then in whole block increments.
 
Old 07-31-2005, 09:43 PM   #12
rblampain
Member
 
Registered: Aug 2004
Location: Western Australia
Distribution: Debian 7
Posts: 835

Original Poster
Rep: Reputation: 35
This makes it more complicated than I anticipated.
What is the common approach then? For example the encrypted file contains names and addresses and a member wants to change his or her details with a change of address.

Is a file of 4 members making a bock of 512 bytes a possibility?

Thank you Matir.

Last edited by rblampain; 07-31-2005 at 10:06 PM.
 
Old 07-31-2005, 10:20 PM   #13
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
Quite honestly, I'm not aware of any cases of much being stored in an encrypted disk/file for multi-user access. I store a list of my more obscure passwords in a GPG-encrypted file, but that's about all I know of.
 
Old 07-31-2005, 11:12 PM   #14
rblampain
Member
 
Registered: Aug 2004
Location: Western Australia
Distribution: Debian 7
Posts: 835

Original Poster
Rep: Reputation: 35
Thank you Matir. I'll have to make myself more knowledgeable about dm-crypt.
 
Old 07-31-2005, 11:38 PM   #15
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
No problem. Let me know if you have any more questions I can answer.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
writing raw data to a tiff file James_dean Programming 4 10-25-2005 05:03 AM
Error 5 in Kb3 writing Windows Data Chems Linux - Newbie 1 09-11-2004 10:34 AM
CD RW -- Writing Data to CD dnachtwey Linux - Hardware 39 01-25-2004 06:22 PM
Writing encrytped data to a disk tyler_durden Programming 2 04-17-2002 11:18 PM
perl - writing a data structure to a file.. is it possible? paavaka Programming 4 07-14-2001 12:04 AM


All times are GMT -5. The time now is 07:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration