Tiny Core Linux

Tiny Core Extensions => TCE Talk => Topic started by: malikawan on June 09, 2014, 03:18:05 AM

Title: How to create an encrypted folder for my private files?
Post by: malikawan on June 09, 2014, 03:18:05 AM
Is there any extension or way to create an encrypted folder for my private files?

Malik Awan
Title: Re: How to create an encrypted folder for my private files?
Post by: tinypoodle on June 09, 2014, 03:55:16 AM
An easy approach would be to use the natively supported boot code "protect", in which case backup is encrypted and gets decrypted at boot.
Title: Re: How to create an encrypted folder for my private files?
Post by: malikawan on June 09, 2014, 04:17:36 AM
 Thanx for reply tinypoodle
Sir I am using persistent home and opt folder. that why i do not create back. Basically i need one folder in which i place my private files and then i encrypted that folder.
Title: Re: How to create an encrypted folder for my private files?
Post by: Rich on June 09, 2014, 10:02:56 AM
Hi malikawan
Depending on your exact needs, bcrypt might be usable. It encrypts/decrypts files, not folders, but a little scripting might make it workable.
Title: Re: How to create an encrypted folder for my private files?
Post by: netnomad on June 09, 2014, 03:20:25 PM
hi malikawan,

in the 4.x-branch encfs was an alternative tool for protecting folders.
in my opinion bcrypt has some security issues, cryptsetup has probably more auditing.
for dCore i recommend an encrypted container-file that is mounted over a mapper-device.

keep on securing even your basic daily environment.
Title: Re: How to create an encrypted folder for my private files?
Post by: tinypoodle on June 09, 2014, 07:37:30 PM
in my opinion bcrypt has some security issues

Could you elaborate please?
Title: Re: How to create an encrypted folder for my private files?
Post by: Juanito on June 10, 2014, 12:58:43 AM
encfs looks like it might work in tc-5.x, please let us know if you decide to try it and it works.
Title: Re: How to create an encrypted folder for my private files?
Post by: netnomad on June 10, 2014, 01:21:59 AM
in my opinion bcrypt has some security issues

Could you elaborate please?

one aspect of many others:
the debian packagers did not include the package in the actual stable branch yet, so i had to look for alternatives :(
Title: Re: How to create an encrypted folder for my private files?
Post by: malikawan on June 10, 2014, 03:57:11 AM
bcrypt is not present in tinycore 4.7.7. I am using tinycore 4.7.7
Title: Re: How to create an encrypted folder for my private files?
Post by: malikawan on June 10, 2014, 04:07:34 AM
tc@box:~$ encfs ~/.atserial /home/tc/AT-SERIAL
The directory "/home/tc/.atserial/" does not exist. Should it be created? (y,n) y
Creating new encrypted volume.
Please choose from one of the following options:
 enter "x" for expert configuration mode,
 enter "p" for pre-configured paranoia mode,
 anything else, or an empty line will select standard mode.
?> x

Manual configuration mode selected.
The following cipher algorithms are available:
1. AES : 16 byte block cipher
 -- Supports key lengths of 128 to 256 bits
 -- Supports block sizes of 64 to 4096 bytes
2. Blowfish : 8 byte block cipher
 -- Supports key lengths of 128 to 256 bits
 -- Supports block sizes of 64 to 4096 bytes

Enter the number corresponding to your choice: 1

Selected algorithm "AES"

Please select a key size in bits.  The cipher you have chosen
supports sizes from 128 to 256 bits in increments of 64 bits.
For example:
128, 192, 256
Selected key size: 128

Using key size of 128 bits

Select a block size in bytes.  The cipher you have chosen
supports sizes from 64 to 4096 bytes in increments of 16.
Or just hit enter for the default (1024 bytes)

filesystem block size:

Using filesystem block size of 1024 bytes

The following filename encoding algorithms are available:
1. Block : Block encoding, hides file name size somewhat
2. Null : No encryption of filenames
3. Stream : Stream encoding, keeps filenames as short as possible

Enter the number corresponding to your choice: 1

Selected algorithm "Block""

Enable filename initialization vector chaining?
This makes filename encoding dependent on the complete path,
rather then encoding each path element individually.
The default here is Yes.
Any response that does not begin with 'n' will mean Yes:

Enable per-file initialization vectors?
This adds about 8 bytes per file to the storage requirements.
It should not affect performance except possibly with applications
which rely on block-aligned file io for performance.
The default here is Yes.
Any response that does not begin with 'n' will mean Yes: yes

Enable filename to IV header chaining?
This makes file data encoding dependent on the complete file path.
If a file is renamed, it will not decode sucessfully unless it
was renamed by encfs with the proper key.
If this option is enabled, then hard links will not be supported
in the filesystem.
The default here is No.
Any response that does not begin with 'y' will mean No: y

Enable block authentication code headers
on every block in a file?  This adds about 12 bytes per block
to the storage requirements for a file, and significantly affects
performance but it also means [almost] any modifications or errors
within a block will be caught and will cause a read error.
The default here is No.
Any response that does not begin with 'y' will mean No: n

Add random bytes to each block header?
This adds a performance penalty, but ensures that blocks
have different authentication codes.  Note that you can
have the same benefits by enabling per-file initialization
vectors, which does not come with as great of performance
penalty.
Select a number of bytes, from 0 (no random bytes) to 8:

Enable file-hole pass-through?
This avoids writing encrypted blocks when file holes are created.
The default here is Yes.
Any response that does not begin with 'n' will mean Yes:


Configuration finished.  The filesystem to be created has
the following properties:
Filesystem cipher: "ssl/aes", version 3:0:2
Filename encoding: "nameio/block", version 3:0:1
Key Size: 128 bits
Block Size: 1024 bytes
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File data IV is chained to filename IV.
File holes passed through to ciphertext.

-------------------------- WARNING --------------------------
The external initialization-vector chaining option has been
enabled.  This option disables the use of hard links on the
filesystem. Without hard links, some programs may not work.
The programs 'mutt' and 'procmail' are known to fail.  For
more information, please see the encfs mailing list.
If you would like to choose another configuration setting,
please press CTRL-C now to abort and start over.

Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism.  However, the password can be changed
later using encfsctl.

New Encfs Password:
Verify Encfs Password:
fuse: mountpoint is not empty
fuse: if you are sure this is safe, use the 'nonempty' mount option
fuse failed.  Common problems:
 - fuse kernel module not installed (modprobe fuse)
 - invalid options -- see usage message


whats the problem plz
Title: Re: How to create an encrypted folder for my private files?
Post by: malikawan on June 10, 2014, 04:18:23 AM
How to solve these problems please any idea

fuse: mountpoint is not empty
fuse: if you are sure this is safe, use the 'nonempty' mount option
fuse failed.  Common problems:
 - fuse kernel module not installed (modprobe fuse)
 - invalid options -- see usage message
Title: Re: How to create an encrypted folder for my private files?
Post by: Juanito on June 10, 2014, 05:54:14 AM
$ encfs ~/.atserial /home/tc/AT-SERIAL
The directory "/home/tc/.atserial/" does not exist. Should it be created? (y,n) y
Are you using a linux filesystem? The fact that AT-SERIAL is confused with at-serial would seem to indicate that you're using a FAT filesystem.

Quote
fuse: mountpoint is not empty
Possibly due to the issue mentioned above.

Quote
- fuse kernel module not installed (modprobe fuse)
Does "lsmod" show the fuse module is loaded?
Title: Re: How to create an encrypted folder for my private files?
Post by: malikawan on June 10, 2014, 06:25:36 AM
tc@box:~$ fdisk -l

Disk /dev/sda: 27.7 GB, 27733884928 bytes
255 heads, 63 sectors/track, 3371 cylinders, total 54167744 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *          63    54155114    27077526   83  Linux
______________________________________________________


tc@box:~$ lsmod
Module                  Size  Used by    Tainted: P 
dm_mod                 40960  0
mperf                  12288  0
cpufreq_userspace      12288  0
cpufreq_powersave      12288  0
cpufreq_stats          12288  0
cpufreq_conservative    12288  0
squashfs               24576 130
scsi_wait_scan         12288  0
zcache                 12288  0
zram                   12288  1
loop                   16384 260
ppdev                  12288  0
parport_pc             24576  0
ac                     12288  0
parport                24576  2 ppdev,parport_pc
pcspkr                 12288  0
pcnet32                24576  0


fuse module not loaded

Title: Re: How to create an encrypted folder for my private files?
Post by: Juanito on June 10, 2014, 06:27:30 AM
..so load it then  :)
Title: Re: How to create an encrypted folder for my private files?
Post by: malikawan on June 10, 2014, 06:30:03 AM
tc@box:~$ modprobe fuse
modprobe: module fuse not found in modules.dep

its not loaded how to load fuse module
Title: Re: How to create an encrypted folder for my private files?
Post by: malikawan on June 10, 2014, 07:11:25 AM
How to load fuse module any idea please?
Title: Re: How to create an encrypted folder for my private files?
Post by: Rich on June 10, 2014, 09:23:41 AM
Hi malikawan
bcrypt is not present in tinycore 4.7.7. I am using tinycore 4.7.7
Sure it is. It's part of base and located in  /usr/bin/.
Title: Re: How to create an encrypted folder for my private files?
Post by: tinypoodle on June 10, 2014, 10:23:06 AM
in my opinion bcrypt has some security issues

Could you elaborate please?

one aspect of many others:
the debian packagers did not include the package in the actual stable branch yet, so i had to look for alternatives :(

1. How would that be related to security issues?
2. How would that be of any relevance to Core, where bcrypt is included in base since many years and a specific boot code "protect" is provided with a mechanism to encrypt backup and decrypt at boot time out of the box?
3. With "many others" we are just back to "could you elaborate?" again...   ???
Title: Re: How to create an encrypted folder for my private files?
Post by: malikawan on June 11, 2014, 01:33:34 AM
How to load fuse module any idea please?
Title: Re: How to create an encrypted folder for my private files?
Post by: Juanito on June 11, 2014, 02:50:08 AM
encfs will need to be recompiled against the tc-5.x boost extension in order to work in tc-5.x
Title: Re: How to create an encrypted folder for my private files?
Post by: malikawan on June 11, 2014, 03:39:17 AM
Thanx for reply Juanito

I am using tinycore 4.7.7 and encfs installed but the problem is fuse module how i load it ?
Title: Re: How to create an encrypted folder for my private files?
Post by: Juanito on June 11, 2014, 07:57:36 AM
In fact the fuse module is compiled into the kernel so there is no need to load it.
Title: Re: How to create an encrypted folder for my private files?
Post by: malikawan on June 12, 2014, 06:31:07 AM
But by default fuse module not loaded now what to do to load it
Title: Re: How to create an encrypted folder for my private files?
Post by: Juanito on June 12, 2014, 08:37:03 AM
When a module is compiled into the kernel you don't need to load it - it is there for use if required.
Title: Re: How to create an encrypted folder for my private files?
Post by: malikawan on June 13, 2014, 12:46:24 AM
How to solve these problems please any idea

fuse: mountpoint is not empty
fuse: if you are sure this is safe, use the 'nonempty' mount option
fuse failed.  Common problems:
 - fuse kernel module not installed (modprobe fuse)
 - invalid options -- see usage message
Title: Re: How to create an encrypted folder for my private files?
Post by: malikawan on August 12, 2014, 11:59:57 PM
How to solve these problems please any idea while using encfs extention

fuse: mountpoint is not empty
fuse: if you are sure this is safe, use the 'nonempty' mount option
fuse failed.  Common problems:
 - fuse kernel module not installed (modprobe fuse)
 - invalid options -- see usage message
Title: Re: How to create an encrypted folder for my private files?
Post by: gerald_clark on August 13, 2014, 12:33:28 AM
We can't tell you what is wrong when you don't show us the command you are running that produces that error.
Title: Re: How to create an encrypted folder for my private files?
Post by: malikawan on August 18, 2014, 07:02:02 AM
After giving that command

tc@box:~$ encfs ~/.atserial /home/tc/AT-SERIAL
Title: Re: How to create an encrypted folder for my private files?
Post by: malikawan on March 20, 2015, 02:06:52 AM
An easy approach would be to use the natively supported boot code "protect", in which case backup is encrypted and gets decrypted at boot.........................

i use boot code "protect" but it require password every time when boot
Title: Re: How to create an encrypted folder for my private files?
Post by: netnomad on March 20, 2015, 02:29:11 AM
hi malikawan,

i also use boot code "protect" and the required password substitutes my user password at every boot.
confidential files and data are stored in an encrypted file-container that is secured by an additional password and this file-container is only opened by request, when these encrypted files are really needed :-)

i use cryptsetup with a file-container that is mounted by a loop-device:

$DB is my mount-point
$DATABOX is my file-container

     sudo mkdir -p /mnt/$DB
     sudo mknod -m 660 /dev/loop256 b 7 256 > /dev/null 2>&1
     sudo losetup /dev/loop256 $DATABOX     > /dev/null 2>&1
     sudo cryptsetup luksOpen /dev/loop256 $DB
     sudo mount -t ext3 -o rw,defaults /dev/mapper/$DB /mnt/$DB

this solution can be used on different linux-platforms without any changes...
Title: Re: How to create an encrypted folder for my private files?
Post by: curaga on March 20, 2015, 04:06:08 AM
i use boot code "protect" but it require password every time when boot

It would be rather insecure if the password was saved on the disk ;)