malfist Posted July 23, 2007 Report Share Posted July 23, 2007 I want to play around with some security tools, one of my friends sparked an interest in me for harddrive encryption/email encryption/25 char long passwords and I haven't had any luck to find a program for linux to encrypt the harddrive/partitions/file containers. I found truecrypt outside of the repos on sourceforge but it needed the kernal source but I've already installed it. Are there any good ones in the repos that I missed? [moved from Software by spinynorman] Quote Link to comment Share on other sites More sharing options...
orts Posted July 23, 2007 Report Share Posted July 23, 2007 I'm not quit sure how to make encryption on a folder, but in my repos I can se "bcrypt" and "mcrypt" Regarding harddrive encryption, then open MCC (ALT + F2 typr mcc) type your root password when promt. Go to Mount Points open Create, Delete and resize harddisk partitions, click on the partition you want to encrypt, and unmount it. Still marked you click on Toogle to expert mode click on Options in the new window mark encrypted click ok, new window again type the wanted password click ok, and mount the partition again, restart and now you'll have to type a password for that partition every time you start your computer. Quote Link to comment Share on other sites More sharing options...
pmpatrick Posted July 23, 2007 Report Share Posted July 23, 2007 I haven't tried mcc in a while, but it used to use cryptoloop for the encryption. Cryptoloop has been deprecated as it had some security problems, was slow and relatively inflexible. The modern approach to encryption in linux is with cryptsetup with LUKS support. Here are two articles that discuss the topic in detail: http://polishlinux.org/howtos/encrypted-ho...ition-in-linux/ http://feraga.com/library/howto_use_crypts..._luks_support_0 It uses the dm-crypt kernel module which has been part of the kernel from 2.6 onward so you have excellent native kernel support and don't need to compile any kernel modules. You can do entire partitions or file containers with cryptsetup as more fully discussed in the above articles. I believe cryptsetup is installed by default in mdv2007.1 but if not the rpm is available if you have setup the usual urpmi repos(main, contrib, plf-free, plf-nonfree). Cryptsetup has been available for every distro I've tried recently except slackware and there I used the static tarball: http://luks.endorphin.org/dm-crypt You just unpack it and put the executable in path as it is entirely self-contained. Quote Link to comment Share on other sites More sharing options...
orts Posted July 23, 2007 Report Share Posted July 23, 2007 Does cryptsetup-luks have the possibilliti to encrypt folders? But there is no reason for installing cryptsetup-luks if it only can make encryption on partitions, as I specified in my first answer diskdrake creates excactly the same. Quote Link to comment Share on other sites More sharing options...
pmpatrick Posted July 23, 2007 Report Share Posted July 23, 2007 Does cryptsetup-luks have the possibilliti to encrypt folders? In effect, yes. You don't have to encrypt an entire partition with cryptsetup. You can create encrypted "containers" inside an existing partition with cryptsetup and move whatever sensitive stuff, including folders, into the encrypted container. You can also grant different users access to the container and give them separate passwords for access and revoke a user's password/access without effecting the other authorized users. Cryptsetup is also faster and less resource intensive than cryptoloop in my experience. Finally, cryptoloop is deprecated, meaning it is no longer being actively maintained as of kernel 2.6.4. As such, sooner or later, cryptoloop support will be dropped from the kernel. You are much better off using dm-crypt/crypsetup/LUKS going forward. mcrypt can't directly do folders either as it will only encrypt a single file. Typically with mcrypt, you tar up a folder or several files making the collection into one large tar file and then encrypt that single tar file with mcrypt. It's more for archiving since to access the data you have decrypt and then untar the resulting tar file to get at the original data. Quote Link to comment Share on other sites More sharing options...
malfist Posted July 24, 2007 Author Report Share Posted July 24, 2007 I'm a programmer so I know the danger of using depreciated stuff, I'll check out cryptsetup. In ubuntu I had XKeyPass too and that doesn't seem to be in the repos and I had the ability to right-click and encrypt a folder (don't know how or why I got that feature) but does cryptsetup do that too? Quote Link to comment Share on other sites More sharing options...
malfist Posted July 24, 2007 Author Report Share Posted July 24, 2007 How can I set the size of the encrypted container? Quote Link to comment Share on other sites More sharing options...
pmpatrick Posted July 24, 2007 Report Share Posted July 24, 2007 (edited) The procedure is given in detail here: http://feraga.com/library/howto_use_crypts..._luks_support_0 But in general, you create the container using the dd command and set the size there, eg: # dd if=/dev/urandom of=containerfile bs=1M count=<number of megabytes> This has been adequate for my purposes but you may need a more dynamic system that can change size on the fly. For that take a look at encfs: http://en.wikipedia.org/wiki/EncFS EncFS is a user space encrypted filesystem that uses the FUSE library. I'm not that familiar with encfs but it may be more what you are looking for. The encfs rpm is available for mdv2007.1. There's also a kde front end for encfs, K-EncFS: http://www.kde-apps.org/content/show.php/K...S?content=54078 Again, I haven't used this tool so I can't be of much help here but it may be worth checking out. Don't see an rpm for it so you would have to compile from source. Edited July 24, 2007 by pmpatrick Quote Link to comment Share on other sites More sharing options...
malfist Posted July 25, 2007 Author Report Share Posted July 25, 2007 (edited) Can't run kencfs2. I can install it but when I try to run it it says: User specific directories for K-EncFS are present User specific encrypted directory for K-EncFS present Traceback (most recent call last): File "/usr/local/lib/kencfs2/kencfs.py", line 18, in ? from kdecore import KApplication, KIcon, KIconLoader, KCmdLineArgs, KAboutData ImportError: No module named kdecore So I do: [root@jerome kencfs2]# urpmi kdecore no package named kdecore The following packages contain kdecore: libkdecore4 libkdecore4-devel and both packages are installed :( can i get this to work? (I use GNOME, I really don't like KDE) Malfist Edited July 25, 2007 by malfist Quote Link to comment Share on other sites More sharing options...
adamw Posted July 25, 2007 Report Share Posted July 25, 2007 You probably need python-kde . Quote Link to comment Share on other sites More sharing options...
malfist Posted July 25, 2007 Author Report Share Posted July 25, 2007 That worked, that was what I needed. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.