Encrypting disk volumes ? files ?

Michael H. Warfield mhw@wittsend.com
Mon Oct 22 02:47:01 2001 

On Sun, Oct 21, 2001 at 05:42:41PM -0400, Toxik - Fabian Rodriguez wrote:

> Hi,



> I'd like to know what would be the easiest/most transparent way to encrypt

> files or entore disk volumes for personal use ?


	Under WHAT?  Windows?  Linux?  *BSD?  Solaris?  All have solutions
and (most) are different.  This list is not just Linux...


> I dont' expect this to be an easy task to *configure/install* but I was

> wondering if it can be done with GnuPG ?


	Not a job for GnuPG (yet?).


> Something that would act just like WinZip under windows (or similar, under

> other OSs), wher eyou double click on the file and if its encrypted you

> enter a paaword, then the appropiate app opens. When you close the file,

> it's encrypted back and closed automatically...



> Maybe at the filesystem level ?


	I'm going to take a wild ASS GUESS and ASSume that you mean
Linux.  If so you have the following options...

	On the device (partition) level:

	pppd (2.2.x only)	[I have used this]
	cryptoapi		[I have used this - loopback patches]
	kerneli			[I have used this - loopback patches]
	loop-AES		[I'm currently using this]

	On the file level

	cfs			[I have used and contributed to this]
	tcfs			[Never used this]

	I'm sure that there are others.

	Cfs is Matt Blaze's Cryptographic File System which works on a
variety of systems, not just Linux.  If I were on a Slowlaris box, this
would be my choice, no question...

	*BSD platforms have their own crypto systems available (and are
different depending on OpenBSD vs FreeBSD vs NetBSD etc, etc, etc).

	Ppdd, and loop-AES can encrypt swap.  Recent versions of cryptoapi
SHOULD be able to encrypt swap.  All three CAN encrypt the root partition
but it gets real tricky (find your local friendly initrd guru).

	The kerneli patches are largely deprecated and replaced by
cryptoapi.  Loop-AES is sort of a peer / competator to cryptoapi
and hopefully well see a merge between them end up in the kernel itself.

	There are also some patches available for setting up encrypted
home directories (which involves a bit of a catch-22) with file level
encryption.

	Most are not real difficult to set up.  Ppdd is probably the
biggest pain to set up and isn't really being maintained any more
(no 2.4.x patches).  Some of these also have some puntative smart-card
support which I'm actively pursuing.

	The README file with loop-AES has some techniques I contributed
for using gpg to encrypt the keys used for loop-AES giving you two-level
security (something you know and something you have).

	Search SourceForge and FreshMeat for more info.


> Thanks for any suggestions or ideas on this.



> Fabian Rodriguez - Toxik Technologies Inc.

> www.Toxik.com - Open PGP ID: 0x5AF2A4D5


	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!