Using GPG for encrypting directories
Neil Williams
linux@codehelp.co.uk
Wed Sep 17 23:52:02 2003
--Boundary-02=_AhNa/Xg6BMYvuev
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline
On Wednesday 17 Sep 2003 8:51 pm, Paul Jahshan wrote:
> Hi all,
>
> I want to use GPG for local encryption only, and after reading the man
> file, I'm doing the following in order to encrypt a whole directory:
> I zip the directory with a password "zip -r -e foo foo", then I encrypt
> it with "gpg -c foo.zip" using a passphrase.
> Is this an elegant and secure way of encrypting directories? Am I using
> GPG's full cryptographic power? Are there better alternatives?
As with all decisions like this in GnuPG, it depends on just how paranoid y=
ou=20
want to be. A few pointers:
1. If, as it sounds, the data exists on the hard disc unencrypted at any ti=
me,=20
then the easiest way to crack it is to ignore the archive and concentrate o=
n=20
recovering the erased data directly from the filesystem. This can be made=20
more difficult if you use the 'shred' command instead of 'rm' but if the=20
attacker is willing to simply throw more and more computing power/time/mone=
y=20
at it, the chances are that at least some of the raw data can be recovered.=
=20
(Some would say that the only truly secure way of erasing data from a=20
harddrive involves a blowtorch and a sledgehammer.)
2. If the data only exists in memory before encryption, you still need to=20
consider swap space if you are being truly paranoid. This would be possible=
=20
to secure fully for encryption of data entered at the gpg command line, but=
=20
not for your purposes.
3. If the archive itself is to be attacked, you could use a longer key, tak=
e=20
extreme care with the passphrase and the secret key itself.
Overall, you need to consider just how likely an attack really is and how=20
determined an attacker is likely to be. The weakest parts of any encryption=
=20
are the areas outside the encryption itself - preparing/collating the data =
to=20
be encrypted, storing the decryption tools and social engineering.
You say this is for local encryption only - in that case, from whence would=
=20
the attack be made? You seem to be anticipating an attacker to already have=
=20
login access to your home directory - that would be the first route to be=20
made secure. Secondly, anyone with physical access to your machine can eras=
e=20
the BIOS password, use a bootable device to override your OS and then use=20
data recovery tools on the original data - ignoring the archive completely.=
=20
Only once these easier methods are secured does the method of encryption=20
become relevant.
An attacker will only attempt to force the encryption if all other methods=
=20
have been fully secured - something that is fairly unlikely in most routine=
=20
situations.
=2D-=20
Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk
http://www.biglumber.com/x/web?qs=3D0x8801094A28BCB3E3
--Boundary-02=_AhNa/Xg6BMYvuev
Content-Type: application/pgp-signature
Content-Description: signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQA/aNhAiAEJSii8s+MRAgDLAJ9Yn+XNA4evHT0Dihi87BNtpqyjywCgz/wn
vMBOCYy2VElsCOW9kWTJzLM=
=c3Dp
-----END PGP SIGNATURE-----
--Boundary-02=_AhNa/Xg6BMYvuev--