Encrypted multi-session?

Discuss anything specific to using Puppy on a multi-session disk
Post Reply
Message
Author
Mazzo
Posts: 26
Joined: Tue 19 Jul 2005, 12:05
Location: UK - Thames Valley

Encrypted multi-session?

#1 Post by Mazzo »

Hi all.

Is it possible to set the multisession CD so that it uses an encrypted file system?

I managed this on my USB stick and it worked fine (obviously for pup001). Now with the CD I would like to have some degree of privacy in case I lose it somewhere, so any files burned onto the CD are secure.

How can it be done, if at all?

Thanks

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#2 Post by Lobster »

you can encrypt sensitive data with bcrypt
from the prompt

Code: Select all

bcrypt (name of file)
and then decrypt

Code: Select all

bcrypt (new encrypted file with .bfe extension)
Maybe some smart cooky could make a batch file to encrypt the days files
and then decrypt at the start of the session . . .
# bcrypt
Usage is: bcrypt -[orc][-sN] file1 file2..
-o Write output to standard out
-r Do NOT remove input files after processing
-c Do NOT compress files before encryption
-sN How many times to overwrite input files with random data
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#3 Post by Flash »

That's a good point. At present, theoretically, anyone can read anything on your CD.

After giving it about 30 seconds of thought, here's what I came up with: an encryption program, perhaps a DotPup, would be used encrypt files on a file-by-file basis before they were saved to the CD. It would be unnecessary, and probably difficult, to encrypt the entire contents of the CD. An encryption program which encrypts only individual files as required would be easier to make and to use.

You'd have to know to start the decryption program and enter the password first or all you'd see when you clicked on the encrypted file would be garbage.

Perhaps the scheme could include the ability to prompt you to encrypt a plain language file before saving it.

Such an encryption scheme wouldn't be 'transparent' (automatic or always operating in the background) but it would be easy to use and would serve the purpose.

Naturally, if you forgot the password you'd lose everything you'd encrypted.

Edit: I see Lobster beat me to it. :)

Lobster, how is the password or encryption key given to bcrypt?

Mazzo
Posts: 26
Joined: Tue 19 Jul 2005, 12:05
Location: UK - Thames Valley

#4 Post by Mazzo »

Thanks - looks like it might be something that we could build in for the future.

I always liked the idea of my USB Puppy being safe to lug around and not get too bothered if I lost it. This would be great if the same were true for multi-session.

I like the idea of encrypting the saved files when puppy does a session save. This sounds the simplest solution.

I will start playing around, but I'm not a guru by any means, so will bow to others superior ability (and ideas)!

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#5 Post by Lobster »

Flash wrote: Lobster, how is the password or encryption key given to bcrypt?
When you from rxvt type

Code: Select all

bcrypt test.txt
it prompts for a password (and then again to confirm)

this creates test.txt.bfe

when you type

Code: Select all

bcrypt test.txt.bfe
it asks for your password
decrypts the file back to test.txt
and deletes test.txt.bfe

try it . . .
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#6 Post by Flash »

Thanks, I will - when I figure out how to get multisession Puppy to work. :?

Mazzo
Posts: 26
Joined: Tue 19 Jul 2005, 12:05
Location: UK - Thames Valley

#7 Post by Mazzo »

Flash

Thanks for having a go at this.

For me there are a couple of questions:
1. Is it better to bcrypt the iso or the files themselves?
2. When reading the sequentially the backups, is there a way to only input the password once?

I guess if you have different passwords for different increments, it would allow you to load or not load certain backups.

I am also toying with encrypted volumes. Not had any success in puppy yet (have on ubuntu and fedora) but there must be a way through the loopback as you used to be able to encrypt pup001. This would allow you to create a volume on another pc and then simply burn the encrypted volume to the multisession disk (- theoretically giving me all my normal PC's files in a secure lump). This is obviously static and cannot be written to, but it would still be useful. Both would be excellent.

These are two different things but with a similar purpose.

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#8 Post by Flash »

Mazzo wrote:Flash

Thanks for having a go at this.
Well, Lobster is the one who answered your question. All I did was shoot my mouth off. :)
For me there are a couple of questions:
1. Is it better to bcrypt the iso or the files themselves?
I don't see how the iso could be encrypted, practically speaking, since decrypting it would require a program running within an OS of some kind. Anyway, why encrypt the OS? It's already available for anyone to download. Just encrypt the files you don't want anyone else to see. If you lose the CD, all anyone can see without the password is a bunch of garbage if they click on the encrypted file. If nothing prompts for a password, and the file extension doesn't give it away, the thief might not even realize that the garbage was an encrypted file.
2. When reading the sequentially the backups, is there a way to only input the password once?
I'm not familiar with bcrypt. You'll have to try it and see. :)

Guest

#9 Post by Guest »

Hi again

I meant the incremental iso. The files are written using mkisofs, then that is copied onto the CD.

There is no need to do anything with the puppy iso. If they can't give the password for the increments, then they would get a raw system with no private data.

I have played around with bcrypt. Seems to work well. I just have a problem with working out the order of what to encrypt.

Also, does anyone know what system puppy uses to encrypt pup001?

Mazzo
Posts: 26
Joined: Tue 19 Jul 2005, 12:05
Location: UK - Thames Valley

#10 Post by Mazzo »

Ooops! Thought I was logged in. The above is from me.

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#11 Post by Flash »

Mazzo wrote: Hi again

There is no need to do anything with the puppy iso. If they can't give the password for the increments, then they would get a raw system with no private data.
Maybe that's why multisession Puppy never worked for me. Do you mean ms Puppy encrypts the pup001 file by default? If so I missed it asking me for a password when I shut it down for the first time and that's why it doesn't boot with the saved data.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#12 Post by Lobster »

another possibility that may suit is using the tinylogin program (have not used it) but it should be in the help section (start /help) on the Puppy menu
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

Mazzo
Posts: 26
Joined: Tue 19 Jul 2005, 12:05
Location: UK - Thames Valley

#13 Post by Mazzo »

Flash wrote:

Maybe that's why multisession Puppy never worked for me. Do you mean ms Puppy encrypts the pup001 file by default? If so I missed it asking me for a password when I shut it down for the first time and that's why it doesn't boot with the saved data.
No. It doesn't on multisession, just on the usb or hard drive version.

Lobster - haven't looked at tinylogin but will do so now. That might be the way to go with a completely encrypted disk - which is not ideal in my view.

The easiest way would be to encrypt the incrementals.

Barry, if you read this, can you let me know what you used on the usb versions of pup001 to encrypt them?

Thanks

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#14 Post by Flash »

Here ya go.

Mazzo
Posts: 26
Joined: Tue 19 Jul 2005, 12:05
Location: UK - Thames Valley

#15 Post by Mazzo »

Still not getting far.

Flash, you linked me to my other post!

I have ideas, but I'm really struggling. If someone could work with me who is better at scripting than me, we could possibly move it forward.

I think that the way to do it is this:
1. All the identified changed files (as per the shutdown-script in rc.reboot-cd) could be tar 'd into a single file (perhaps named in the same way using the date and time system that the normal incremental back-ups use).
2. That file could then be bcrypted
3. and finally the encrypted file sent to mkisofs and burned to CD.


4. On start-up, the script would need to try to read either unencrypted folders (the usual back-up files) and any bcrypted files (or even both).

The bcrypted files would need to be decrypted into ram and then the resultant tar'd file, untarred.

I can see the process, but I'm lacking the ability to get it to work.

Hopefully someone out there will have the ability....... :idea:

I know this isn't really solid security - on line you are vulnerable, if it uses swap, or even if you leave it on and go off for a coffee it isn't safe, but it would solve the problem of leaving it on the bus and having all your emails and files readable by anyone who finds it.

Post Reply