LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-01-2016, 05:51 AM   #1
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 21 MATE
Posts: 8,048
Blog Entries: 5

Rep: Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925
Encrypting the ~/.cache folder


Hi there,

To avoid the possibility of this being an xy problem, my aim is to find a way of encrypting a text file, then being able to click on that file to open and edit it. The edited file will automatically be encrypted back to the original file when it is closed, and no trace of the decrypted temporary file will remain.

I thought that I might be able to achieve this by taking advantage of the functionality of an archive manager, Engrampa in my case, to open a file and automatically save it back to the archive when finished. I would combine this with using an encrypted archive.

The problem here is that Engrampa temporarily saves the decrypted file in ~/.cache, which it then deletes when the file is closed. However I am not sure whether Engrampa shreds or merely deletes the file (but suspect the latter), so I thought I should better effect security by encrypting ~/.cache.

So, my first question is: What is the best way of encrypting ~/.cache?

This leads on to my second question: Will encrypting ~/.cache affect system startup? (as the desktop etc. are in the process of launching, they may well need to open files and folders in ~/.cache)

So, third question: Is the best way of going about this to encrypt my entire /home partition?
 
Old 09-01-2016, 06:40 AM   #2
agillator
Member
 
Registered: Aug 2016
Distribution: Mint 19.1
Posts: 419

Rep: Reputation: Disabled
Look into veracrypt which encrypts/decrypts files/directories/partitions on the fly. That might well be the place to start and then add in a few specifics like making sure memory is cleared, etc. when you are done if that is necessary. I use veracrypt and it may take time to open a volume but once it is open your can't tell it is working.

It may not fit your exact needs, but it is worth a look.
 
1 members found this post helpful.
Old 09-01-2016, 07:53 AM   #3
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 21 MATE
Posts: 8,048

Original Poster
Blog Entries: 5

Rep: Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925
Quote:
Originally Posted by agillator View Post
Look into veracrypt which encrypts/decrypts files/directories/partitions on the fly. That might well be the place to start and then add in a few specifics like making sure memory is cleared, etc. when you are done if that is necessary. I use veracrypt and it may take time to open a volume but once it is open your can't tell it is working.

It may not fit your exact needs, but it is worth a look.
Thanks (and see you later ), agillator. I actually use Veracrypt to encrypt partitions and file containers, and it's great for that purpose. I'm not sure that it lends itself for my single file on-the-fly decryption/re-encryption however, as the program and operating system that open the file may temporarily store the unencrypted file or metadata thereof.

I have to admit that I find it hard to get my head round this. All I do know is that in my Windows days I used the program AxCrypt to do exactly what I am wanting to do, and would like to find some encryption solution in Linux that does similar.
 
Old 09-01-2016, 08:18 AM   #4
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
http://www.linuxandubuntu.com/home/t...older-in-linux
 
Old 09-01-2016, 08:20 AM   #5
agillator
Member
 
Registered: Aug 2016
Distribution: Mint 19.1
Posts: 419

Rep: Reputation: Disabled
As I understand it, and I may well be wrong in this, but the decrypted file is never stored anywhere. That's the 'on the fly' bit. There is no decrypted file. The only thing that may be decrypted is the piece you are actually working on that may be in memory. The drivers insert themselves between the system and the disk to encrypt/decrypt and the system never knows the difference as I understand it. Again, I could be wrong as I haven't looked into it to that detail. You might check on that, though, because if I am right it sounds like that would come very close to what you want.
 
Old 09-01-2016, 09:13 AM   #6
IsaacKuo
Senior Member
 
Registered: Apr 2004
Location: Baton Rouge, Louisiana, USA
Distribution: Debian Stable
Posts: 2,546
Blog Entries: 8

Rep: Reputation: 465Reputation: 465Reputation: 465Reputation: 465Reputation: 465
Quote:
Originally Posted by hydrurga View Post
Hi there,

To avoid the possibility of this being an xy problem, my aim is to find a way of encrypting a text file, then being able to click on that file to open and edit it. The edited file will automatically be encrypted back to the original file when it is closed, and no trace of the decrypted temporary file will remain.

I thought that I might be able to achieve this by taking advantage of the functionality of an archive manager, Engrampa in my case, to open a file and automatically save it back to the archive when finished. I would combine this with using an encrypted archive.

The problem here is that Engrampa temporarily saves the decrypted file in ~/.cache, which it then deletes when the file is closed. However I am not sure whether Engrampa shreds or merely deletes the file (but suspect the latter), so I thought I should better effect security by encrypting ~/.cache.

So, my first question is: What is the best way of encrypting ~/.cache?

This leads on to my second question: Will encrypting ~/.cache affect system startup? (as the desktop etc. are in the process of launching, they may well need to open files and folders in ~/.cache)

So, third question: Is the best way of going about this to encrypt my entire /home partition?
It sounds like what you really want is to make sure ~/.cache never actually gets to the disc in the first place. For that, I'd create an entry in /etc/fstab to mount /home/USERID/.cache to a ramdisk (tmpfs). That way nothing in ~/.cache is ever written to any hard drive. Nothing written, nothing needed to be erased, right?

Here is how such an entry would look in /etc/fstab:

Code:
none /home/isaackuo/.cache tmpfs defaults 0 0
Just add that line into /etc/fstab, replacing "isaackuo" with your userid. If you want to be really clean about it, erase the current contents of .cache before mounting it:

Code:
rm -fvr ~/.cache/*
mount .cache
Before doing this, quit any programs that may be actively using the .cache folder, of course. The easiest way to ensure this is to log out as the regular user and just log in as root on a console (ctrl-f1...f7 to switch between text console and graphical login).

Since this is in "Linux - Newbie", you may not already know what tmpfs is. Basically, it's a ram disk that can dynamically expand or shrink as necessary. By default, it is limited to consume no more than half of your system's RAM - you can optionally change the limit. There is no persistent media backing it up. Every time it is mounted, it starts off empty. Every time it is unmounted, everything in it just goes poof. Even if you don't turn the computer off (which wipes out anything in RAM), when you umount and mount a tmpfs partition it comes back empty.

By placing .cache in a tmpfs folder, you do wipe out the cache every reboot. If you want to get really fancy, you can make some bash scripts copy off stuff you desire to keep across reboots - such as ~/.cache/chromium or ~/.cache/mozilla. Or you could just manually run such commands. For example:

Code:
cp -vax ~/.cache/chromium ~/
...
cp -vax ~/chromium ~/.cache/
The first command copies chromium's cache to your home directory.
The second command copies chromium's cache from your home directory to .cache.

Other than that, you'll find that putting .cache in a tmpfs ramdisk may actually boost performance. It's faster than an SSD.
 
1 members found this post helpful.
Old 09-01-2016, 09:38 AM   #7
agillator
Member
 
Registered: Aug 2016
Distribution: Mint 19.1
Posts: 419

Rep: Reputation: Disabled
One caution/addition to IsaacKuo's comment, if you go that way. I believe that when you release the tempfs it doesn't just 'go away'. All references and pointers to it are invalidated. The data in memory remains until it is overwritten in the normal course of operations. The blocks against overwriting are simply removed. This is the same as 'erasing' a file on disk. The only thing that is immediately affected are the pointers to the file (inodes) until in the normal course of events those areas happen to be overwritten. I believe one of the things you are trying to prevent is having a complete file unencrypted anywhere at any time (including in memory). As an interesting question: when a computer today is shut off does the data in memory actually go away or does the system simply assume it is blank and useless garbage the next time it boots?

This may be getting too deep and going further than you intend or are concerned with, but from your initial questions I can't be sure. Who are you concerned about, the other people in your office? People at home? The NSA?
 
1 members found this post helpful.
Old 09-01-2016, 09:42 AM   #8
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 21 MATE
Posts: 8,048

Original Poster
Blog Entries: 5

Rep: Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925
Thanks for that detailed explanation, Isaac. A quick look at my .cache folder shows folders (presumably persistent across logouts/logins as indicated by their modification dates) created by clementine, dconf, fontconfig, google-chrome, gstreamer, mate, mozilla, and webkit.

Some are obviously more important than others, but do you reckon that these applications would be able to cope with .cache being emptied at each login?
 
Old 09-01-2016, 09:59 AM   #9
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 21 MATE
Posts: 8,048

Original Poster
Blog Entries: 5

Rep: Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925
Ok, going back to this possibly being a X-Y problem, if I ensure that the underlying file format is one that can be read by LibreOffice, could I just encrypt all such files with LibreOffice and do it like that? I'm assuming that LibreOffice doesn't reveal any details of its decrypted file to disk or memory while editing it and before re-encrypting it on save.

@agillator - thanks for the caution. Interesting. Yes, you're right - the aim is to have the chosen files encrypted at all stages except visually while editing. No particular bogeymen in mind.
 
Old 09-01-2016, 03:32 PM   #10
UseTheSourceLuke
LQ Newbie
 
Registered: Aug 2016
Posts: 2

Rep: Reputation: Disabled
deleted

Last edited by UseTheSourceLuke; 09-02-2016 at 07:00 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Encrypting Hme Folder actinide Linux - Newbie 3 06-10-2014 05:40 PM
What are the benefits to encrypting your home folder? What are RAIDS? SSH? theif519 Linux - Newbie 2 05-26-2011 08:53 AM
Encrypting backup folder and rsync? toaster.waffle Linux - Security 3 05-31-2008 03:28 AM
cache folder like /var/cache/apt/packages on Debian Shaddy SUSE / openSUSE 0 08-13-2006 10:02 AM
Cache folder? tanchu Linux - Newbie 1 03-19-2003 10:16 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration