cross-OS transparent encryption
Henry Hertz Hobbit
hhhobbit at securemecca.net
Tue Jun 7 13:12:41 CEST 2005
Dan Mundy <harob02 at earthlink.net> wrote:
>
>Erpo wrote:
>
>>The spanish thread on the list right now is revolving around the
problem
>>of sharing encrypted data between WinXP and Linux. The original poster
>>wants to share a read/write partition between the two OSs on a laptop
>>and have transparent encryption of the files on that partition.
>>
>>I said that NTFS will do this (windows only) as well as dm-crypt
(linux
>>only), but I'm stumped as far as cross-platform solutions with
>>compatible on-disk formats. The only suggestion I could offer was to
use
>>FAT32 and manually encrypt and decrypt the files before using them
>>(yuck). Any non-spanish-speakers have suggestions?
>>
>>
>>Eric
>>
>>
>what is the device name of his windows partition? i have found a way
to
>mount windows partitions in linux at startup.
>
>as root, gedit /etc/fstab. add a line like this just before the swap
line:
>
>/dev/hda1 /win auto
>auto,user,exec,rw,async 0 0
>
>create a folder named /win, and reboot. on the gnome desktop there
>should be a drive with the title 'win'. next, configure whatever you
>need to run off /win. This is how i manage windows files in linux.
I will caution you that at one time RedHat put in support for the
NTFS file system but for mounting READ ONLY. Unfortunately too many
idiots mounted their system NTFS partition RW (read and write) and
trashed their Windows Operating system. For that reason, you will
have to add support for NTFS yourself, but mount it READ ONLY! Support
for FAT32 is built in. I would add that in addition to handling the
FAT32 partition, you may want to mount the NTFS partitions, so what I
do is add the letter matching the DRIVE: designation on to /win.
# as root type
mkdir /win
mkdir /win/e # my FAT32 partition
# This mount line works with FC3. I used a different set of parameters
# for FC1 and RH9 & Mandrake.
/dev/hda3 /win/e vfat noauto,users,owner 0 0
------
You do not have to use the rw, since that is the default. I strongly
caution against using async, especially if you have EIDE_32BIT=3 and
LOOKAHEAD=1 like I do. For me, this means that:
/win/e/GnuPG/cryptedfile.gpg
on Linux is the same file as:
E:\GnuPG\cryptedfile.gpg
on Windows are one and the same file. Sorry, but I can't help you out
on Debian. The one I used to use on FC1 also worked on SuSE and
Mandrake, but I think the above should work with just a few minor
tweaks.
ENCRYPTION IS USED BY A TROJAN:
===============================
I thought you would all like to hear that a Trojan Horse is now using
encryption to encrypt people's files and hold them for ransom:
http://www.pcmag.com/article2/0,1759,1821782,00.asp
http://securityresponse.symantec.com/avcenter/venc/data/trojan.gpcoder.html
Now unlike that judge who found the mere presence of PGP on the person's
machine (I would have loved being a member of the jury to show the judge
just how ignorant he was) as indication of illegal activity, this IS an
illegal use of encryption! I am amazed they even caught it at all, and
evidently a bat file deleting itself is okay now.
HHH
--
Key Name: "Henry Hertz Hobbit" <hhhobbit at securemecca.net>
pub 1024D/E1FA6C62 2005-04-11 [expires: 2006-04-11]
Key fingerprint = ACA0 B65B E20A 552E DFE2 EE1D 75B9 D818 E1FA 6C62
More information about the Gnupg-users
mailing list