ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
You need to create a temporary file for the output (either direction) and then unlink the first and rename the temporary file at the end.
In principle, since (I think!) AES is a block cipher where the size of a decrypted block is the same as an encrypted block, you could read a block, en/decrypt it, "seek" backwards in the file by one block and overwrite the content before moving forward. Check the lseek or fseek man pages. But I wouldn't recommend this - if you fail midway, you will have corrupted the original, and you would also have to fiddle the length of the file somehow in the last block (see the truncate function).
Also be aware if what you're trying to do is eliminate the plaintext from the hard drive completely, it's tough to reliably accomplish that. Using a temporary file and then unlinking the old one leaves the plaintext somewhere on the disk. Journaling filesystems or even swap space can retain the plaintext. Ways around that: encrypt your swap partition, only put plaintext files on encrypted filesystems (either a partition created with cryptsetup or perhaps just a filesystem that lives in a regular file mounted on a cryptoloop) or in a ramdisk (like /dev/shm), or use ext2 and the shred utility.
Also be aware if what you're trying to do is eliminate the plaintext from the hard drive completely, it's tough to reliably accomplish that. Using a temporary file and then unlinking the old one leaves the plaintext somewhere on the disk. Journaling filesystems or even swap space can retain the plaintext. Ways around that: encrypt your swap partition, only put plaintext files on encrypted filesystems (either a partition created with cryptsetup or perhaps just a filesystem that lives in a regular file mounted on a cryptoloop) or in a ramdisk (like /dev/shm), or use ext2 and the shred utility.
I have one more idea. create 'test.txt' with plain text, 'test.txt.enc' with encoded text.. Delete 'test.txt' and rename 'test.txt.enc' back to 'test.txt'. This logic will work for both windows and linux systems.
But I have one question, will this effect the peformance since I first delete and then rename the file. Will my application be slower.
One more doubt will the application be secure if you follow the above logic. Will the hacker have any chance to get the plain text??
Hi puffinman, the solution you have told works for linux what if my application is portable one(windows and linux)???
"encrypt your swap partition, only put plaintext files on encrypted filesystems (either a partition created with cryptsetup or perhaps just a filesystem that lives in a regular file mounted on a cryptoloop) or in a ramdisk (like /dev/shm), or use ext2 and the shred utility."
Please explain this. I'm unclear about this explanation. If possible with some code example.
But I have one question, will this effect the peformance since I first delete and then rename the file. Will my application be slower.
Strictly, yes. But in practice, deleting and renaming a file will happen in the blinking of an eye. It would only be an issue if you were trying to process (say) thousands of files per second in your application.
Quote:
Originally Posted by Jacko123
One more doubt will the application be secure if you follow the above logic. Will the hacker have any chance to get the plain text??
This was puffinman's point. As long as the plaintext is on the disk anywhere, it's hard to guarantee it's been deleted (in the sense of not being on the physical disk surface - obviously the file is deleted). The techniques he refers to are worth considering.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
