LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   reading/writing encrypted NTFS (https://www.linuxquestions.org/questions/linux-security-4/reading-writing-encrypted-ntfs-822088/)

jiml8 07-25-2010 02:11 PM
reading/writing encrypted NTFS
 
My main workstation incorporates a mixture of ext3, ext4, and NTFS partitions scattered across a number of hard drives. Several of the ext4 partitions are encrypted, and I intend to encrypt the rest of the Linux partitions in the near future.

I run VMware workstation, with several Windows OS guests, including Win2K, WinXP and Win7. My Win7 VM is installed on a virtual hard disk, and that virtual hard disk is encrypted using VMware facilities.

So this leaves me with a bunch of NTFS partitions that are not encrypted. These are physical partitions on a couple of different hard drives. The reason I have them is ancient and historical, and as I have upgraded my system over time I have maintained the architecture due to the extreme difficulty of rearranging Windows systems.

I still need to maintain Win2K and WinXP support, and rearranging those virtual machines would represent a hideous nightmare for me; I really want to maintain the same hard drive partition architecture.

But I want to encrypt the NTFS partitions, in a fashion that can be handled by any of the Windows operating systems, AND can be accessed for read and write from Linux.

Is this possible? If not using Windows facilities (I don't think ntfs-3g handles encryption, and there are known backdoors in the Windows facilities anyway), is there any third party solution that would work? Would True Crypt do the job in a fashion that would permit access from all the various operating systems, as required?

I do generally mount the NTFS partitions in whichever Windows VM is appropriate, then share them out via SMB, but there are circumstances (like when a VM is not running) where I will directly hit them from Linux. So, it is possible for me to contemplate a solution that only works from Windows, but this would cost me the ability to repair/modify those filesystems directly from Linux, which under certain circumstances (a malfunction of the VM, for instance) could be a problem.

Any ideas would be appreciated. If necessary I'll start experimenting, but this could prove time consuming and potentially dangerous (if I make a mistake) and I don't really have the time...

zirias 07-25-2010 02:16 PM
I suggest using truecrypt. On linux, truecrypt just "wraps" dm-crypt. You can even mount a truecrypt partition in linux just using "cryptsetup" :) given the correct parameters, e.g. you have to skip the volume's truecrypt header.

I'd suggest you encrypt your partition on windows, using truecrypt, then install truecrypt on linux to access them using ntfs-3g. This works very well. If you are interested, I could also assist you in creating a script mounting your truecrypt volume without actually using truecrypt on linux, but you would still have to install it once in order to find out the "master key" :)

jiml8 07-26-2010 12:32 AM
Truecrypt will do it? OK. This sounds like a worthwhile way to go about it. It isn't going to happen next week, but I'm making my plans for this move.


All times are GMT -5. The time now is 06:10 PM.