Encrypting Personal Files

m00dawg · Posted: Sun Sep 21, 2003 4:26 am Post subject: Encrypting Personal Files

I'm trying to figure out if GPG would be a good tool to encrypt personal files (ie files I don't want to send to anyone but wish to keep them from prying eyes just in case my box is compromised or something of that form). If GPG isn't the tool of choice, what would that tool be?

nitro322 · Guru Joined: 24 Jul 2002 Posts: 596 Location: USA

gpg would work fine. Just encrypt the files to yourself, and only you will be able to open them.

Or, if you'd prefer to do without the public key part, you could use asymmetric encryption instead. This lets you just simply enter a password to encrypt/decrypt the file. bcrypt is available through portage, and it seems to handle this well enough.

m00dawg · Posted: Sun Sep 21, 2003 12:19 pm Post subject:

Do you know which might be better? My concern was what if I lost my keychain or something like that; would I still be able to decrypt the file?

(Watch out here comes a dorky CS discussion

)
I was thinking about how to approach something like this (iRSA is going to be our next computer science proggie so I've been thinking about how to actually use my hard work

); I what might be interesting is to generate a public key to encrypt the file and then use a private key, which the user must type in at a prompt, to decrypt it.

The problem of corse is that no one wants to type in "FFAA0485715FB," but rather "IAmGodThisPasswordSucks"

I was thiinkig that if you could then create a public key based off the private key which could then be used to encrypt the file and then use a hash or conversion function to convert the key to a password. The end result is that the user only has to type in their password but the encryption scheme is there and the key to decrypt the file isn't stored within the file itself (since it was encrypted using a public key).
(end Dorky CS discussion

)

Honestly, thouhg, I have no idea if that would work

Especially since the assignment is a good week or so away...

Of course, i bcrypt does something like this then all the better

sschlueter · Posted: Sun Sep 21, 2003 11:28 pm Post subject:

latexer · Retired Dev Joined: 05 Mar 2003 Posts: 239 Location: NYC

if you're looking for a purely symmetric encryption, and a GUI, you can check out gringotts. it's a GTK2 app that encrypts mainly text files, but also can have attached files of any type. you can choose between a wide range of algorithms you can use for encrypting. pretty nice little app.
_________________
overlays - Use at your own risk. File bug reports on this stuff and i'll kick you in the junk. Ask me before asking upstream if these fail. I mean it. No, really.

#gentoo-dotnet on freenode

m00dawg · Posted: Wed Sep 24, 2003 3:38 am Post subject:

Wow no foolin' it is a nice application indeed, though the GUI took a bit to get used to (not the most friendly out therre). Definately worth the install though. Thanks for the tip!

TenPin · Guru Joined: 26 Aug 2002 Posts: 500 Location: Kansas City

As far as I can remember if you just do:

nitro322 · Guru Joined: 24 Jul 2002 Posts: 596 Location: USA

jesterspet · Posted: Sat Sep 27, 2003 2:27 am Post subject:

If you are worried about your box being compromised, and want your data to be stored securely, you do have more choices.

You could use public key encryption on a per file basis. This is strong encryption, but if you loose your private key, you also loose access to your data.

There is also symmetric encryption which only requires a password. The down side to this (I believe) is weaker encryption.

You could also look into encrypting your entire disk. Chadders has a pretty good thread on this here. It current downside is your partitions are limited to 2GB (the 2.6 kernel removes this limitation)

And that pretty much covers the practical encryption portion of this post.

You can also look into Access Control Lists (ACL's). These will limit the access any program or process has to any file on your computer.

I am still learning about using these, but so far, I know you can turn root into the equilivant of a nobody account. I am still trying to get root to a false account (e.g. the equal of /bin/false). ACL's are great for permission security, and if you have to , you can slap the drive into a computer that does not have ACL's enabled and retrieve your data. This is both a good & bad thing, as someone else can do that just as easily as you can. Encryption prevents this from happening, as the file will be encrypted regardless of what computer you try to read the file in.
_________________
(X) Yes! I am a brain damaged lemur on crack, and would like to buy your software package for $499.95

m00dawg · Posted: Sat Sep 27, 2003 1:39 pm Post subject:

TenPin · Guru Joined: 26 Aug 2002 Posts: 500 Location: Kansas City