Boot Puppy using pfix=ram (if you don't know how, it's pretty simple: insert the Puppy CD and boot up. When the boot process pauses so that you can provide input, type 'puppy pfix=ram' (without quotes) and press enter.)
Next, mount the USB drive if it isn't already. You can do this by clicking the relevant icon along the bottom of the desktop. It will mount the partition and pop up a filemanager window, allowing you to verify that it was the right one. Keep that window open.
If you don't have enough free space on the USB drive for another file of the same size as your current unencrypted savefile, you will need to mount another partition (see above) and move the unencrypted savefile onto it. Moving the file is done by simply dragging and dropping it between windows. A menu will appear offering the option to copy, move, or link. Chose move.
Either way, you'll want to rename the file slightly so that Puppy doesn't try to boot it anymore (we won't delete it until after we verify that the encrypted version works, and we don't want Puppy confused meanwhile). Right-click the file and go to "File '<filename>' -> Rename". Name it something like "savefilebackup.2fs", but make sure you leave the file extension (the .2fs or .3fs) the same as what it is now.
Next, open a terminal window on the USB partition. The easy way is by opening a filemanager window there and pressing the backquote key (on US keyboards, it's on the same key as tilde, above Tab and below Esc) or by right-clicking within said window and going to the "Window -> Terminal Here" entry.
In that terminal, run the following to load the modules you'll need for encryption support:
Code: Select all
modprobe cryptoloop
modprobe aes_generic
modprobe cbc
Create a file to turn into the new encrypted save file. You will have to tell it how large to make it in megabytes. For this example, I used 128.
Code: Select all
dd if=/dev/zero of=lupusave_crypta.2fs bs=1M count=128
Run the following to find the name of a free loopback device. It will give you something like "/dev/loop1" or "/dev/loop2", etc. For this example, I will be using /dev/loop1. You should use whatever losetup-FULL tells you to use.
Now we will bind the file to the loopback device you identified above, using encryption. Run the following command, substituting the correct loopback device. It will ask you for the password to use. Type it and press enter.
Code: Select all
losetup-FULL -e aes /dev/loop1 lupusave_crypta.2fs
Next we need to format the file so that it can be used as a filesystem image:
Good, now we can mount the loopback device as though it were a normal filesystem. Do so with the following:
Code: Select all
mount -o loop /dev/loop1 /mnt/data
Now if you look in /mnt/data, you'll be looking inside the new encrypted lupusave_crypta.2fs file. Next, mount your old unencrypted file. The easy way to do that is to track it down in the file manager and click on it. A window will pop up inside it. You can open a new terminal in that window and spare yourself having to type out a long path by pressing the backquote key (on US keyboards, it's on the same key as tilde, above Tab and below Esc) or by right-clicking within the window and going to the "Window -> Terminal Here" entry. If you run the command 'pwd' you can verify that you're inside the file (it will be a funky path like /mnt/+initrd+mnt+dev_ro2+500+lupusave.2fs). Once you have verified that the current directory is inside the old save file, run the following command to copy everything out of it into the new encrypted one (might take a while to finish):
Now we can start unmounting everything. Let's do the encrypted file first. Make sure no windows or terminals are open within the encrypted savefile's mountpoint, and then run the following commands:
Code: Select all
umount /mnt/data
losetup -d /dev/loop1
Next we'll unmount the old savefile. As before, close any windows or terminals that are inside that directory. You could then run the umount command, giving it the path, but if you mounted it by clicking like I advised above, you and unmount it by clicking as well.
Okay, now for the test. Reboot without making a new file. When Puppy boots it should pick up the encrypted file and prompt you for the password. When it finishes booting, you should be in what looks like your original Puppy. But everything is transparently being encrypted for you. If stuff is missing or it didn't prompt for a password, something went wrong. Otherwise, you can safely discard your old unencrypted file now.
Have fun, and remember that only things that would be saved within the save file are encrypted. If you save something directly to the drive (such as via /mnt/home/) it won't be encrypted. Also, keep in mind that encryption doesn't help you if you walk away from the computer while the system is running. It only helps you when it's shut down. And you are still susceptible to Van Eck Phreaking, among other really wacky attack vectors (picking up EMF from the keyboard, for example, or gleaning data from the RAM or swap files/partitions, etc.). None of this is a concern if you're only hiding from random punks. But if your enemies consist of large companies or governments or would-be alien overloards, you'll need to employ a higher level of paranoia.