# need encryption program for linux and windows !!!

## H-Dragon

i have some data that is not to be viewed by anyone...  now i need to access it in linux as well as in windows 2000 (unfortunatelly) 

is there a program (maybe even an ebuild) that allows me to save my data onto a fat32 windows drive (that i have mounted in my fstab) and access it either way?

encryption should be military strength... really hard to break.

yet fast to en- and decrypt.

sorry to ask questions like that... but i think it is important to many.

----------

## m0pr0be

if you to de- and encrypt files under linux and win32 you can maybe try GnuPG.

its available for most platforms. i'm not sure if the GnuPG alhrithms satisfy your needs for very strong encryption. it supports public key mechanisms. and you can choose very long keys, to protect your data.

i think GnuPG doesnt support any newer enhanced security algorithms like blowfish, etc. (someone correct me if i'm wrong)

----------

## sisyphus

gpg has binaries compiled for Win32 and of course Linux.

It's a good cross platform solution and shares the same command syntax across 'em.

Don't forget that if you ever store the clear text on disk, the data will be recoverable. You'll want to use a non-journaling FS to allow you to scrub the data once you've finished with it. You might also what to install it setuid root to allow you to use locked memory pages (don't get swapped!).

gpg does support symmetric encryption (-c) if you don't want to use public key. Just remember that whatever the algorythm (GPG supports a vast range - use gpg --version to find out what), it's only as strong as your passphrase.

----------

## H-Dragon

my gentoo runs on / as ext3.  but i would have the data on my windows D drive (fat32).  no jfs as far as i know... is it?  so... gnupg....   

no other program that could do the job?  linux is all about security... there have got to be several ways of making data "disappear". 

and gnupg... what's that thing with the passwords... and public keys.

or what's with those keys anyway?

----------

## zhenlin

Public key: The key to lock your message.

Private key: The key to unlock your message.

Distribute the public key. Put your private key on portable media and carry it with you. Do not unnecessarily mount the media with your private key. While you're at it, encrypt your private key, and rotate keys every 6 months.

----------

## H-Dragon

bad idea.....

if the police comes to my house and asks for all my pc stuff... they will take my key with them... and viola...  encrypted for the ass

----------

## zhenlin

OK then... Print out your private key [in trinary] using large, legible font, and scan it in by OCR when you need it.  Dont forget to shred (1) your digital key after printing and using, and shred the paper version after you rotate keys.

----------

## klieber

 *H-Dragon wrote:*   

> if the police comes to my house and asks for all my pc stuff... they will take my key with them... and viola...  encrypted for the ass

 

That's why its important to have a good passphrase on your key.  

You should read the docs over at the gnupg site.  It will answer most of the questions you have.

--kurt

----------

## itsr0y

Well, since no one seems to be answering your question, the data written to a FAT32 (Windows) drive is recoverable (to a certain extent) after deletion.  When you delete the file, the system simply deletes the file's entry in the FAT tables.  The information stored in the file is still techinally on the drive, but the system thinks its free space.  When it needs to use some free space, it may just write over the file you deleted.  But, it may also leave it there and not write over it for a while.  If someone REALLY needs that information, there are services that can sometimes recover the data.  I don't know how hard it is, whether it's just a program to install or if you have to take it some where, but I hear its very hard and very expensive.

To fix this problem (if it is one), there are programs that "wipe" or zero out the data.  They write zeroes through the entire file THEN delete it, so that if the file is recovered, it will just be a bunch of zeroes.  PGP has this feature, and I'm sure there are many more like it out there.

Granted, there still may be a chance that the data is swap space (as someone had mentioned) but this will help.

----------

## Naan Yaar

gpg can also be used in a symmetric-cipher mode.  You need to use the "-c" or "--symmetric" option for this.  Then you would not need a public/private keypair.  For "local" encryption of files, etc., this should work fine.

----------

## klieber

 *Naan Yaar wrote:*   

> gpg can also be used in a symmetric-cipher mode.  You need to use the "-c" or "--symmetric" option for this.  Then you would not need a public/private keypair. 

 

Symmetric encryption still relies upon a key, however, and that key needs to be adequately protected in order to preserve the confidentiality of the data.

I've no idea how gpg stores keys used in symmetric encryption, but it's something that I would certainly research and understand before I started encrypting things en masse with it.

--kurt

----------

## Naan Yaar

With symmetric encryption, you type in the passphrase when encrypting and decrypting.  The passphrase is not stored anywhere on the system.

 *klieber wrote:*   

> 
> 
> Symmetric encryption still relies upon a key, however, and that key needs to be adequately protected in order to preserve the confidentiality of the data.
> 
> I've no idea how gpg stores keys used in symmetric encryption, but it's something that I would certainly research and understand before I started encrypting things en masse with it.
> ...

 

----------

## klieber

 *Naan Yaar wrote:*   

> With symmetric encryption, you type in the passphrase when encrypting and decrypting.  The passphrase is not stored anywhere on the system.

 

OK, but the key is.  Perhaps gpg uses public key cryptography to encrypt that which the passphrase then decrypts -- I'm not sure.

Not trying to beat up on gpg -- just pointing out that the symmetric key has to be stored somewhere, so the security of that key is crucial to the overall security of the data.

--kurt

----------

## Dalrain

In case everyone had forgotten, faithful old floppy drives work great for holding these keys.  Obviously background radiation can take some of the data out, so a backup somewhere is a good idea.  An alternative is a CD with the key that can be carried by the operator that needs access to the data.  (I just think floppies are better suited.  They work a little faster on the in and out, and leave the CD drive free.)  Also, you can destroy the floppy really easily if you need to.  (Mmmm...big magnet...oops...looks like the key is gone!)

----------

## Naan Yaar

Kurt,

Not really.  The key is derived from the passphrase string (string-to-key algorithm -- s2k) and not necessarily stored with the message.  Alternatively, a symmetrically encrypted message can contain one or more encrypted "session keys"; these keys are encrypted using a symmetric algorithm (or asymmetric algorithm for PK encryption).  Either way, there is no easy way to discover the decryption key.

RFC2440 has more details, if you are interested.

 *klieber wrote:*   

> 
> 
> OK, but the key is.  Perhaps gpg uses public key cryptography to encrypt that which the passphrase then decrypts -- I'm not sure.
> 
> Not trying to beat up on gpg -- just pointing out that the symmetric key has to be stored somewhere, so the security of that key is crucial to the overall security of the data.
> ...

 

----------

## sisyphus

Bottom line? 

If you want to be secure, learn about security (and encryption in particular in this case) and apply the lessons you learn. 

Keeping your data secure isn't just about encryption. It's not a magic fix that'll forever keep you secure (I should have stated this more clearly in my original post). The only way you get there is to learn about the technologies and principles concerned. As a very interesting person said "Security isn't a destination, it's a journey" (or something like that).

You're not going to get that from this forum, start from the gpg web site and work your way around. Do the reading. If you want a reading list, post a reply and I'll get round to posting one tomorrow - busy now, sorry  :Sad: .

There is no shortcut.

----------

## H-Dragon

life is all about shortcuts. if you are fast enough you don't need them, but they are there, not jsut for your entertainment.

a reading list would be great ....  yet i was simply looking for a Ebuild that sort of satisfied my needs for now... and i thought one of the users in this forum already had some experience with security and encryption related stuff or programs.

----------

## puddpunk

Google: 1

Google: 2

Google: 3

Ironically "encryption gpg shortcut" didn't turn up anything particulaly useful, but those should start you off...

As said before, really there isn't a shortcut for security. By the sounds of it you just seem to be wanting to hide your cracking programs from the police (illegal = bad mmmkay).

Gpg is the program you are looking for, except, it's not the "quick fix" you were looking for. You may actually have to learn how it works (god knows it took me long enough, keys, passphrases, signing, trust, and then some) but really you should.

Security needs to be your state of mind. I bet you booted up Gpg and created a key with your login password. Fair enough, but if your computer has been comprimised, it's likely that your gonna come out second best when it comes to hiding encrypted data.

Life may be about shortcuts, But really, you don't have to be fast to not need them, just smart. People who use shortcuts end up with broken things.

Thanks,

Chris.

----------

## bonsaikitten

I would recommend storing the encryption key (still guarded by a passphrase, of course) on a small "USB Memory Stick" That way, the key is not physically _on_ the computer, this should make recovery inherently more difficult. Setup should be possible both on Windows and Linux, although it might be a bit more difficult than just setting up GnuPG ...

----------

## klieber

 *H-Dragon wrote:*   

> yet i was simply looking for a Ebuild that sort of satisfied my needs for now

 

The problem with any security tool is that there are compromises made in order to make it usable.  Keys have to be generated and stored, passphrases have to be remembered, etc.  

If you don't understand the compromises for your chosen solution, you will not be able to adequately protect your data.   When used properly, ssh key-based authentication is *vastly* stronger than password-based authentication.  When used improperly (namely, no passphrase on the private key), it's *vastly* weaker.  

If you're not willing to take the time to at least learn the fundamentals, then you very likely will not be protecting your data to the level you indicated you wanted to.  It's that simple.

--kurt

----------

## H-Dragon

guess i will have to state my original question more clearly and wipe out some missunderstandings:

1) i wanted to know if there is an ebuild (or what different ebuilds there are)

2) i don't have a problem with reading and learning... as one might be able to recognize: i even do have the capability of writing (and this is not my mother-tounge)

3) it is true i hardly have time for all of this... but again. all i asked for was if there is someone with a suggestion for me (maybe different ones to make it more interesting...)

this almost-pgp sounds interesting... how strong is its encryption? do i have different choices of which alg. i want to use?

----------

## kerframil

For a good overview of PGP: http://www.pgpi.org/doc/pgpintro/. As for the nitty gritty of available ciphers and key lengths, the recommended key type is "DSA and ElGamal" and you can generate one of up to a length of 2048 I think. And various ciphers are supported including 3DES, Blowfish and CAST5. I imagine that it will be adequate for your requirements, particularly if you use a very strong passphrase that you can remember (without having to store it somewhere). I recall an excellent article in Linux Magazine (UK) which described real-world GnuPG usage in some depth (fortunately in an accessible way), so maybe you'd be interested in some of the recommendations contained therein? If so, let me know and I'll see if I can find the darned thing ...

As a side-note, app-crypt/seahorse is a nice Gnome front-end for GnuPG.

----------

## H-Dragon

someone should give you a gentoo-medal kerframil... i can't remember one topic where you didn't give me the expected answer. thanks dude.

i would love to read this article...  just mail it to me if you find it.

--> danielinhawaii@gmx.net

----------

## True

Umm, there's also this:

http://www.jetico.com/products.htm

----------

## MacMasta

Re: Hard Drive wiping

My understanding is that Three-Letter-Agencies can retrieve data from drives five or six rewrites deep - there are gidgets you can get that will zap drives over and over again until  everything is pretty much hosed.

Yeah, GPG is pretty much invincible as long as you are careful with it. Complicated, sure, but invincible.

~Mac~

----------

