EncFS - Encrypted Folders for Puppy

Antivirus, forensics, intrusion detection, cryptography, etc.
Post Reply
Message
Author
jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

EncFS - Encrypted Folders for Puppy

#1 Post by jamesbond »

EncFS (wikipedia http://en.wikipedia.org/wiki/EncFS) is a user-space encrypted file system driver, developed by Valient Gough. Initially introduced in 2005, it went on active development until late 2008 - until which it seems to stop for a while. Recently Valient has restarted development and responded to bug reports. Homepage: http://www.arg0.net/encfs and also http://code.google.com/p/encfs.

It enables one to encrypt/decrypt at directory/folder level, instead of filesystem level (cf. cryptoloop, dm-crypt) or file level (cf. bcrypt). It uses FUSE and stores the encypted content on other filesystem - I have tested it on ext3 inside aufs (ie, Puppy's /root folder).

Inspired in a discussion with 01smokey here http://murga-linux.com/puppy/viewtopic. ... 965#422965, I have built this package and its dependencies for Quirky 1.x, and have created a few scripts to integrate with Rox. All you have to do is right-click any folder in Rox, and then choose whether to add encryption, remove encryption, or open access/close access for this encrypted folder. Each encrypted folder has its own password.

Package
All compiled under Quirky 1.1. Tested to work under Puppeee as well.
1. EncFS 1.5-2 proper
2. rlog 1.4
3. fuse 2.7.4 (only the libraries)
4. boost c++ libraries (note - I only build a subset which is required by encfs - the "filesystem and serialization" libraries).
5. rox-encfs 0.4 - my scripts to integrate EncFS with Rox.

Fatdog64 users can get it from the ibiblio repository - only encfs, rlog and rox-encfs required since Fatdog64 already comes with fuse and boost.

Sources
1. EncFS version 1.5-2 http://encfs.googlecode.com/files/encfs-1.5-2.tgz
2. rlog logging library (also by valient) version 1.4 (dependency of EncFS) - from here http://code.google.com/p/rlog/
3. Boost C++ library version 1.41 (newer versions of Boost have problems with EncFS - this is the last version known to work well) http://sourceforge.net/projects/boost/f ... st/1.41.0/
4. Fuse version 2.7.4 - I use this one instead of the latest because I think Quirky is build with this version http://bkhome.org/sources/alphabetical/ ... .4.tar.bz2

Others
If you prefer a centralised control over your encrypted directories, you may want to look at Master Wong's work here http://murga-linux.com/puppy/viewtopic.php?t=43131 which is also based on EncFS. Note that it was based on an older version of EncFS.

Usage Notes
1. Do not delete the folder when it is open for access. Unpredictable things will happen.
2. Encrypted files will be stored in a hidden encrypted storage directory, with the same name of the original directory, prefixed with a dot. (e.g if the original name is "icons", the storage directory is ".icons" - see the screenshots below). Do not delete this folder, and especially do not delete this folder while the folder is open for access.

EDIT: Update rox-encfs to 0.4 which will refresh rox automatically.
Last edited by jamesbond on Mon 31 May 2010, 13:49, edited 5 times in total.
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#2 Post by jamesbond »

The package. All are straight built - there is no effort spent to make it smaller as per puppy's tradition, others are welcome to do so.

EDIT: tested on puppeee (RC1) also - works well. Puppeee users don't need libfuse - it's already part of the included with Puppeee.

EDIT: update rox-encfs to 0.4
Attachments
rox-encfs-0.4.pet
This is the rox-integration script which
will give you the nice menu when you
right-click a folder in Puppy.
(7.74 KiB) Downloaded 1651 times
fuse-2.7.4-i486.pet
encfs dependency -
this pet contains the libfuse.
Puppeee users don't need this.
(54.54 KiB) Downloaded 1514 times
Last edited by jamesbond on Tue 01 Jun 2010, 01:06, edited 6 times in total.
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#3 Post by jamesbond »

Screenshots.
Attachments
encrypted-storage-folder-view.png
how the storage folder (which stores the actual encrypted files) looks like
(40.1 KiB) Downloaded 6705 times
closed-folder-view.png
how a closed (ie unmounted) encrypted folder looks like
(18.36 KiB) Downloaded 6954 times
opened-folder-menu.png
right-click menu for an opened (ie mounted) encrypted folders
(24.49 KiB) Downloaded 6831 times
encrypt-option.png
simple option for encryption strength
(20.68 KiB) Downloaded 6882 times
folder-menu.png
right-click encryption menu for folders
(26.04 KiB) Downloaded 6880 times
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

User avatar
smokey01
Posts: 2813
Joined: Sat 30 Dec 2006, 23:15
Location: South Australia :-(
Contact:

#4 Post by smokey01 »

I have done some testing with Lupu-501 and it seems to work very well but I do have a question or two, maybe more.

It appears there are five commands in your ROX script, they are:

Add Encryption
Change Password
Open Encrypted Folder
Remove Encryption
Close Encrypted Folder

I noticed that not all five are visible at the same time. Generally it seems either Open Encrypted Folder or Close Encrypted Folder are available but not both.

When I encrypt the folder it's contents are still visible until I close the folder. When I close the folder everthing is now secure. To get access to the folder I expected to be able to simply right click on the folder and select Open Encrypted Folder, type in the password and the folder would be visible again. This is not the case. I have to remove the encryption to see the contents of the folder.

I thought it would be possible to Open Encrypted Folder, work with files then close it when you are finished working. The entire time the folder is encrypted but open until it's closed and secure.

If you no longer needed to have the folder encrypted then simply Remove Encryption and it would revert to being a normal folder.

Are my assumptions correct? or am I expecting something that doesn't exist? or am I doing something wrong?

This is a very useful application.

Thanks for you work on it.

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#5 Post by jamesbond »

smokey01 wrote:I have done some testing with Lupu-501 and it seems to work very well but I do have a question or two, maybe more.
Sounds good ! Happy to hear that.
It appears there are five commands in your ROX script, they are:

Add Encryption
Change Password
Open Encrypted Folder
Remove Encryption
Close Encrypted Folder
Correct.
I noticed that not all five are visible at the same time.
Correct. I tried to make it as context-sensitive as I can - but ROX only has two options, menu to show when you click a folder (normal and closed encrypted folders), and menu to show when you show a mount-point (encypted folders being open for access).
Generally it seems either Open Encrypted Folder or Close Encrypted Folder are available but not both.
Correct.
When I encrypt the folder it's contents are still visible until I close the folder. When I close the folder everthing is now secure.
Correct - this is done on purpose. After you encrypt a folder, it's state is "open for access", so that you can continue to use the files inside.
To get access to the folder I expected to be able to simply right click on the folder and select Open Encrypted Folder, type in the password and the folder would be visible again.
Correct - this is how it should work. You can open and close as many times as needed.
This is not the case. I have to remove the encryption to see the contents of the folder.
That's odd ... any error message? Try this (starting on a normal folder) - "add encryption", refresh rox, "close access", refresh rox, "open access" - do you see your files?
I thought it would be possible to Open Encrypted Folder, work with files then close it when you are finished working. The entire time the folder is encrypted but open until it's closed and secure. If you no longer needed to have the folder encrypted then simply Remove Encryption and it would revert to being a normal folder.
Correct - that's the whole idea.
Are my assumptions correct? or am I expecting something that doesn't exist? or am I doing something wrong?
You are correct in everypoint. The fact that you have to "remove encryption" to see the content bothers me - something is wrong.

Ah yes, after you do anything (ie encrypt/decrypt/open/close), you have to "refresh" Rox by clicking the refresh button. It wouldn't hurt if you don't, Rox will still work, but you won't get the correct context menu. An open-for-access folder will show a green dot on the folder icon (=shows that it's actually a mount-point).

EDIT: Please update to version 0.4 of rox-encfs which fix this refresh problem.
This is a very useful application.
Thanks for you work on it.
You are welcome!
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

User avatar
smokey01
Posts: 2813
Joined: Sat 30 Dec 2006, 23:15
Location: South Australia :-(
Contact:

#6 Post by smokey01 »

It now works absolutely perfect and as expected.

I just tried it on LHP-443 full install, no problems.

This should be part of the standard puppy build as it is very useful and adds to the security that many complain about. Size is probably the only issue but not for me.

I will put it up on my site if you don't mind.

Thanks

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#7 Post by jamesbond »

Sure, go ahead! :D
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

User avatar
smokey01
Posts: 2813
Joined: Sat 30 Dec 2006, 23:15
Location: South Australia :-(
Contact:

#8 Post by smokey01 »

I stripped it down by about 420k by removing source and locals.

I also combined the five Pets into one for simplicity. It can be downloaded from here.

http://www.smokey01.com/pets/FolderEnc-1.0.pet

It would be nice if it would accept the enter key after typing the password instead of having to use the mouse. Clicking on OK is good but the enter key is more intuitive.

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#9 Post by jamesbond »

smokey01 wrote:It would be nice if it would accept the enter key after typing the password instead of having to use the mouse. Clicking on OK is good but the enter key is more intuitive.
It's irritating, I know. I tried to find a way around that as well. But there's no way to tell Xdialog to behave like that. The other option is to use gtkdialog - but that sounds like an overkill to me.

cheers!
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

User avatar
smokey01
Posts: 2813
Joined: Sat 30 Dec 2006, 23:15
Location: South Australia :-(
Contact:

#10 Post by smokey01 »

Is this an option?

--editbox filepath height width
The edit-box dialog displays a copy of the file. You may edit it
using the backspace, delete and cursor keys to correct typing er-
rors. It also recognizes pageup/pagedown. Unlike the --
inputbox, you must tab to the "OK" or "Cancel" buttons to close
the dialog. Pressing the "Enter" key within the box will split
the corresponding line.

On exit, the contents of the edit window are written to dialog's
output.

Or is this only for dialog and not Xdialog?

http://hpux.connect.org.uk/hppd/hpux/Sh ... 1/man.html

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#11 Post by jamesbond »

I'm using this:

Code: Select all

Xdialog --password --inputbox "some text" 0 0
.
The equivalent code in dialog would be

Code: Select all

dialog --passwordbox "some text" 0 0
- but I don't use dialog, dialog is for text/console input.

I don't know the equivalent gtkdialog code yet ...haven't done any reading yet, too lazy :)

The --editbox option (which works in both Xdialog and dialog) is to edit an entire file. I don't keep any password file - the password is fed straight to encfs, which will keep it securely as part of is directory encryption mechanism. So, --editbox option cannot be used.

cheers!
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

User avatar
smokey01
Posts: 2813
Joined: Sat 30 Dec 2006, 23:15
Location: South Australia :-(
Contact:

#12 Post by smokey01 »

Yes I noticed that after I posted. I was a little tired last night.

This is how Will made it work in Psip:

#!/bin/sh
CHAT=$(cat $PJTMP/chat.tmp) #should strip out newlines if we ever get to multiline posts
echo -e "\ni\n${1}\n${CHAT}\n" >> $PJSIGNAL
BUDDY_NAME="$(echo $1 | sed 's/sip://;s/@.*//')"
echo -e "$(date +%y/%m/%d-%T) [you->$BUDDY_NAME] ${CHAT}" >> $HOME/.psip/PSIP_chatlog

Now I have to be honest I don't fully understand it.

During my searching I noticed craftybytes was also trying to find a solution to the same problem.

He mention something about sed and I see it's used here.

I guess it's not bigggie but it would be good to solve. I might have a talk to some of the coding gurus in the forum.

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#13 Post by jamesbond »

Ok, I'm been doing some reading (from here http://xpt.sourceforge.net/techdocs/lan ... es/single/)

The replacement code for Xdialog --password --inputbox above is this:

Code: Select all

#! /bin/bash

export DIALOG='
<window title="Enter password" icon-name="gtk-dialog-question">
  <vbox>
    <hbox>
      <text>
        <label>Label:</label>
      </text>
      <entry activates-default="true">
        <variable>PASS0</variable>
		<visible>password</visible>
      </entry>
    </hbox>
    <hbox>
      <button cancel></button>
      <button can-default="true" has-default="true" use-stock="true">
        <label>gtk-ok</label>
      </button>
    </hbox>
  </vbox>
</window>
'

eval $(gtkdialog --program=DIALOG)
echo "$PASS0"
You can cut and paste the above code, put into a text file, make it executable (from rox, choose file/properties, and then click the topmost of "exec" checkbox. Run that in a terminal, the result is the password.

It's this monstrosity compared to the one line of Xdialog - now you see why I say it's an overkill :) Unless I'm very motivated I'd probably leave it as is :)

cheers!
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

User avatar
TwoPuppies
Posts: 77
Joined: Wed 29 Dec 2010, 05:13
Location: Melbourne, Australia

#14 Post by TwoPuppies »

‭I've used this application in both Quirky and Lupu, and it is really excellent. But it's really a shame that it does not work in Puppy 4.2 (my favourite Puppy OS). Is there any way that it can be modified so that it will?
[color=#006699]What you really need is two puppies:
Puppy Linux, and the sort with four legs and a tail.[/color]

User avatar
trapster
Posts: 2117
Joined: Mon 28 Nov 2005, 23:14
Location: Maine, USA
Contact:

#15 Post by trapster »

Is bcrypt in 4.2?

My simple directory encryption that I put in my right-click menu:

Code: Select all

#!/bin/sh

DIR="$@"
yaf-splash -text "Directory is being archived" &
tar -zcf $DIR.tar.gz $DIR
killall yaf-splash
yaf-splash -text "File is being encrypted" &
bcrypt_gui $DIR.tar.gz
killall yaf-splash
yaf-splash -text "Encryption complete" &
sleep 5
killall yaf-splash
trapster
Maine, USA

Asus eeepc 1005HA PU1X-BK
Frugal install: Slacko
Currently using full install: DebianDog

User avatar
smokey01
Posts: 2813
Joined: Sat 30 Dec 2006, 23:15
Location: South Australia :-(
Contact:

#16 Post by smokey01 »

Trapster I think Bcrypt only works on files not directories.

I'm not sure it can be modified for 4.2, maybe jamesbond can help.

User avatar
trapster
Posts: 2117
Joined: Mon 28 Nov 2005, 23:14
Location: Maine, USA
Contact:

#17 Post by trapster »

Smokey01 - It does, that's why I use tar on the directory in the script.
trapster
Maine, USA

Asus eeepc 1005HA PU1X-BK
Frugal install: Slacko
Currently using full install: DebianDog

User avatar
TwoPuppies
Posts: 77
Joined: Wed 29 Dec 2010, 05:13
Location: Melbourne, Australia

#18 Post by TwoPuppies »

Thanks for your response, Trapster.
Bcrypt is not included in 4.2 by default, but I have now downloaded and installed it.
Now, I apologize for my lack of knowledge, but can you tell me what to do with that script you provided?
[color=#006699]What you really need is two puppies:
Puppy Linux, and the sort with four legs and a tail.[/color]

User avatar
trapster
Posts: 2117
Joined: Mon 28 Nov 2005, 23:14
Location: Maine, USA
Contact:

#19 Post by trapster »

1. Copy and paste the script into a blank file. I called mine "encrypt-dir".
2. Save it in /usr/local/bin.
3. Use rox to navigate to /usr/local/bin and right click on encrypt-dir and click on "permissions" and choose yes.
4. Open another rox window and click on the eye in the top menu to show hidden files.
5. Navigate to /root/.config/rox.sourceforge.net/OpenWith/.inode_directory
6. Click and drag /usr/local/bin/encrypt-dir into /root/.config/rox.sourceforge.net/OpenWith/.inode_directory and choose "link (relative)".

You should now have the "encrypt-dir" as an option when you right click on a directory.

It will not delete the original directory. You can delete the original directory after you do a few tests to ensure it's working for you.

My apologies for hi-jacking this thread.

TwoPuppies - Please post a fresh topic if you need further assistance.
trapster
Maine, USA

Asus eeepc 1005HA PU1X-BK
Frugal install: Slacko
Currently using full install: DebianDog

MustardMan

Cross-platform use

#20 Post by MustardMan »

I've not used encrypted file systems before, and was not that keen on full hard disk encryption, so I tried this...

It works great on Wary 5 (old I know, but does my job, and works great on my hardware - sadly the newer versions don't). I used the 'all in one' bundle posted by smokey01 on 1st June 2010. Well done smokey01, it installed and worked just like that!!

I am using an encrypted folder that is also accessible with a windows (choke) machine, and was wondering if there is something similar for 'doze that will let me access my files from that side?

Cheers,
MM

Post Reply