Posted by admin on November 26, 2008 under Tech Tips |
When backing up data to a CD or DVD, you may find it useful to encrypt the entire disc just in case the media falls into the wrong hands. Some people may advise compressing your files within tar/gzip archive and use PGP to encrypt the data, burning the resulting data to disc. The challenge, however, is how easy it is to work with the data after the burn process. You are typically required to decrypt and extract the archive to your hard disk if you wish to access the files within.
A much more flexible method for Linux users is to encrypt the entire CD or DVD with an AES symmetric key, and work with the data by simply mounting the disc. This means you don’t have to copy the files, they are simply presented to you as you would expect with an unencrypted disc.
Prerequisites
Prerequisites include loading the Cryptoloop kernel module and the installation of the Loop-AEStoolset. Installing these packages in Ubuntu/Debian and loading the cryptoloop module is a snap.
sudo apt-get install aespipe loop-aes-utils
sudo modprobe cryptoloop
Verify that cryptoloop and AES kernel modules are loaded with lsmod.
lsmod | grep cryptoloop
cryptoloop 10880 0
loop 23180 1 cryptoloop
lsmod | grep aes
aes_i586 15744 2
aes_generic 35880 1 aes_i586
If you had to load these modules by hand, make sure to add them to /etc/modules so that they are loaded on boot up.
Create, burn and mount encrypted images
To create a standard CD image, use genisofs (formally known as mkisofs), pipe the output to aespipe, and redirect the final output to an ISO file. Notice that we have specified that aespipe will use AES256 encryption, and it will has you to enter a password twice. Don’t lose it! ?
genisoimage -quiet -r Documents/ | aespipe -T -e aes256 > documents.iso
Password: (enter password)
Retype password: (enter password)
Mount the image using the encryption option. The mounting process will ask you for the passphrase.
sudo mount -o loop,encryption=aes256 documents.iso /mnt
Password: (enter password)
Burn the disc image, replacing /dev/dvdrw with the appropriate value for your system. wodim was formerly known as cdrecord, so feel free to replace it with any command you are familiar with.
wodim dev=/dev/dvdrw documents.iso
Mount the CD/DVD using the same mount options as previously demonstrated.
sudo mount -o loop,encryption=aes256 /dev/dvdrw /mnt
Password: (enter password)
Work with your files as you would with any normal CD or DVD.
ls -l /mnt/
total 0
-r--r--r-- 1 root root 0 2008-11-26 17:09 secretfile1.txt
-r--r--r-- 1 root root 0 2008-11-26 17:09 secretfile2.txt
-r--r--r-- 1 root root 0 2008-11-26 17:09 secretfile3.txt
-r--r--r-- 1 root root 0 2008-11-26 17:09 secretfile4.txt
Posted by admin on under Tech Tips |
When backing up data to a CD or DVD, you may find it useful to encrypt the entire disc just in case the media falls into the wrong hands. Some people may advise compressing your files within tar/gzip archive and use PGP to encrypt the data, burning the resulting data to disc. The challenge, however, is how easy it is to work with the data after the burn process. You are typically required to decrypt and extract the archive to your hard disk if you wish to access the files within.
A much more flexible method for Linux users is to encrypt the entire CD or DVD with an AES symmetric key, and work with the data by simply mounting the disc. This means you don’t have to copy the files, they are simply presented to you as you would expect with an unencrypted disc.
Prerequisites
Prerequisites include loading the Cryptoloop kernel module and the installation of the Loop-AEStoolset. Installing these packages in Ubuntu/Debian and loading the cryptoloop module is a snap.
sudo apt-get install aespipe loop-aes-utils
sudo modprobe cryptoloop
Verify that cryptoloop and AES kernel modules are loaded with lsmod.
lsmod | grep cryptoloop
cryptoloop 10880 0
loop 23180 1 cryptoloop
lsmod | grep aes
aes_i586 15744 2
aes_generic 35880 1 aes_i586
If you had to load these modules by hand, make sure to add them to /etc/modules so that they are loaded on boot up.
Create, burn and mount encrypted images
To create a standard CD image, use genisofs (formally known as mkisofs), pipe the output to aespipe, and redirect the final output to an ISO file. Notice that we have specified that aespipe will use AES256 encryption, and it will has you to enter a password twice. Don’t lose it! ?
genisoimage -quiet -r Documents/ | aespipe -T -e aes256 > documents.iso
Password: (enter password)
Retype password: (enter password)
Mount the image using the encryption option. The mounting process will ask you for the passphrase.
sudo mount -o loop,encryption=aes256 documents.iso /mnt
Password: (enter password)
Burn the disc image, replacing /dev/dvdrw with the appropriate value for your system. wodim was formerly known as cdrecord, so feel free to replace it with any command you are familiar with.
wodim dev=/dev/dvdrw documents.iso
Mount the CD/DVD using the same mount options as previously demonstrated.
sudo mount -o loop,encryption=aes256 /dev/dvdrw /mnt
Password: (enter password)
Work with your files as you would with any normal CD or DVD.
ls -l /mnt/
total 0
-r--r--r-- 1 root root 0 2008-11-26 17:09 secretfile1.txt
-r--r--r-- 1 root root 0 2008-11-26 17:09 secretfile2.txt
-r--r--r-- 1 root root 0 2008-11-26 17:09 secretfile3.txt
-r--r--r-- 1 root root 0 2008-11-26 17:09 secretfile4.txt
Posted by admin on October 8, 2007 under Tech Tips |
Performing GnuPG functions from Vim is actually pretty helpful if you work heavily with both applications on a regular basis. I was recently looking for a simple way to both word wrap and clearsign various text files within Vim, and found just what I was looking for.
1. (optional) Set the word wrap of text in Vim to a maximum text width of 70 characters. This can be done manually, or by simply adding the following text to your “~/.vimrc” file:
:set textwidth=70
2. As for the ability to clearsign, encrypt, decrypt and verify the text from within Vim, you can create command mode aliases as shortcuts for longer commands in Vim. Simply add the following to your “~/.vimrc” file:
:cmap cs %!gpg --clearsign
:cmap es %!gpg -seat
:cmap ee %!gpg -eat
:cmap de %!gpg -d
Once you save the changes to your .vimrc file, open any text file with vim, enter command mode, and type any of the shortcuts mentioned in step two; “cs” to clearsign, “es” to encrypt and sign, “ee” to encrypt with no signature, and “de” to decrypt or verify. The shortcut will display the command about to be issued, to which you can hit can enter to execute it. You will be prompted for recipients, and/or the private key passphrase depending on the function you choose.
If you are familiar with GnuPG syntax, you can change or add any of the above commands to your liking. For instance, for those of you with multiple PGP keys, you can add the “-u”option to specify which one you would like to use.
To wrap an existing unwrapped text file, simply higlight the entire message by placing the Vim cursor at the top of the file, press <shift>+V, followed by <shift>+G. This highlights all text as you will notice. While everything is highlighted, simply press “gq”. This will wrap everything according to your “textwidth” variable.
Feel free to test it out, and provide as much feedback as you like. Have fun.
Special Note:
When using the “textwidth” variable, you may find that it is useful to toggle the paste function. If you are pasting text that has a larger text width than that of which you have specified in Vim (in this case 70 characters), then your paste will automatically be word wrapped to 70.
You may not want this behavior, so the two opposing options you can set manually are:
:set paste
:set nopaste
Better yet, you can map a quick function key to toggle it on or off by adding the following to your .vimrc file:
:set pastetoggle=<F10>
To test, while in insert mode of Vim, press the F10 key, and you will notice that the mode will be clearly identified with:
"-- INSERT (paste) --"
This will allow you to paste text in it’s unwrapped form.