Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 16 Jul 2019, 08:35
All times are UTC - 4
 Forum index » Advanced Topics » Cutting edge
PupVault v8 - a luks encrypted file store
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [4 Posts]  
Author Message
gyro

Joined: 28 Oct 2008
Posts: 1627
Location: Brisbane, Australia

PostPosted: Sun 07 Apr 2019, 12:45    Post subject:  PupVault v8 - a luks encrypted file store
Subject description: also, with enchanced luks support for Puppy
 

PupVault works a bit like a physical vault.
Once you've set it up, if you want access to any of the files inside you "Open" it,
and after you "Close" it, you can't access what is inside or even see what is inside.

The "combination" to this PupVault is a password which you define when you "Create" it.
Without this password the contents of the PupVault are inaccessible, all you can do is delete the PupVault file.
So, don't forget the password.
Guessing the password is also the easiest way for "attackers" to gain access to the PupVault.
So the password needs to be difficult to guess.

A PupVault is a file, just like a luks encrypted savefile.
So, it can be stored any where, on any filesystem.

When you "Create" a PupVault file, you need to specify the size of the file in MiB.
The minimum size is 4MiB, but with this size there is only a little less than 1MiB of available space inside.
So I suggest that, once you have worked out which files you want to keep secret and how much space they require,
you create a trial PupVault to see if your files will easily fit inside.

Also when you "Create" a PupVault file, you will be asked for a "name", the default being 'vault'.
Whatever "name" you choose, '_luks.4fs' will be appended to produce the filename of the PupVault file,
so the default filename is 'vault_luks.4fs'.


Prerequisites:

1. A working "cryptsetup" utility to do the luks stuff.

2. Bionicpup32, Bionicpup64 or similar woof-ce vintage Puppy.

PupVault v8 is released as a ydrv...sfs for these Puppies because it makes use of the enhanced luks support contained within "ydrv_pupvault_8.sfs".
These luks enhancements replace some existing woof-ce files that have significantly changed over recent months, the replacements won't work properly in older Puppies.


Usage:

1. Download the "ydrv_pupvault_8.sfs" file, move it into the frugal install directory of a suitable Puppy,
rename it to the appropriate ydrv filename for that Puppy, and reboot.

2. "PupVault - encrypted file store" should be available in the "Filesystem" menu beside "Pmount".

3. Run "PupVault" and "Create" a PupVault file.

4. "Open" the PupVault file, which opens a filemanager window at the mountpoint.

5. copy/move some "secret" files into the opened directory.

6. "Close" the PupVault file, which closes the filemanager window opened in 4.

Notes:

1. The default PupVault file is "$HOME/vault_luks.4fs", usually '/root/vault_luks.4fs'.

2. The default mountpoint is '/mnt/vault'


Why do this when Puppy already has luks encrypted savefiles available?

1. Savefiles contain a lot of files that are Puppy files and hence easily available in the public domain.
What's the point of encrypting these files? Remember that any software installed via a ".pet" is in there.

2. Some Puppy users prefer to use a savefolder rather than a savefile, but would still like to encrypt some of their files.

3. A PupVault file can be stored any where in the mounted filesystem, so it can be stored outside the save mechanism and hence be shared between many Puppies.

gyro
ydrv_pupvault_8.sfs.gz
Description  Remove fake ".gz" to produce sfs file.
gz

 Download 
Filename  ydrv_pupvault_8.sfs.gz 
Filesize  24 KB 
Downloaded  60 Time(s) 

Last edited by gyro on Sun 07 Apr 2019, 14:58; edited 1 time in total
Back to top
View user's profile Send private message 
gyro

Joined: 28 Oct 2008
Posts: 1627
Location: Brisbane, Australia

PostPosted: Sun 07 Apr 2019, 12:47    Post subject:  

"ydrv_pupvault_8.sfs" includes enhanced luks support in the following files:

/sbin/mount.crypto_LUKS:

The major changes are a re-implementation of parameter processing.
This includes a new parameter to request an fsck of the embedded ext4 filesystem.
A new parameter to allow the password to be provided by the calling application.
Support passing on of mount options, e.g. "-o ro", "-o discard" to the mounting of the embedded ext4 filesystem.
Allow "mount -t crypto_LUKS /root/vault_luks.4fs /mnt/vault" to work as well as "mount -t crypto_LUKS /dev/sdc3 /mnt/sdc3".

Also change the names generated for /dev/mapper/ devices to be of the form, either /dev/mapper/luks_loop3 or /dev/mapper/luks_sdc3,
so the host block device name can always be derived from the /dev/mapper/ device name.
If it starts with /dev/mapper/luks_loop then it's a file, else it's a partition.

/bin/umount:

Now recognises a mounted luks file or partition, and appropriately calls umount.crypto_LUKS.
If the device name found in an entry in /proc/mounts starts with /dev/mapper/luks then it's luks.
So "umount /mnt/sdc3" works if sdc3 is an ordinary partition or a luks partition,
and "umount /mnt/vault" also works for a mounted luks file, e.g. a PupVault file.
This is important so that the stray filesystem cleanup code in rc.shutdown will work properly for stray mounted luks devices.

/sbin/umount.crypto_LUKS:

Modified to support the changes in mount.crypto_LUKS, and umount.

/usr/local/pup_event/frontend_rox_funcs:
/usr/sbin/pmount:
/usr/sbin/filemnt:

These have been modified to take advantage of the enhancements noted above.

Note: It is my intention to patch woof-ce with these modified files.

gyro
Back to top
View user's profile Send private message 
gyro

Joined: 28 Oct 2008
Posts: 1627
Location: Brisbane, Australia

PostPosted: Sun 07 Apr 2019, 12:54    Post subject: PupVault v7 - a luks encrypted file store
Subject description: also, with enchanced luks support for Puppy
 

"ydrv_pupvault_7.sfs" is a version of "ydrv_pupvault_8.sfs" that has been "hacked" to allow it to work with slightly older versions of Puppy.
The "7" refers to Puppy v7 and the "8" refers to Puppy v8.
The pupvault files, mount.crypto_LUKS, umount.crypto_LUKS, and umount files are the same, but other support files have been "hacked",
if you are looking at the code, please ignore these "hacked" files.
It works for me with xenialpup (with yad binary replaced with yad 0.39.0) and upupbb (the pre-bionicpup32 version).

To use: Rename downloaded sfs file to appropriate ydrv....sfs filename for the Puppy you are using.

Note1: A working version of cryptsetup is still a prerequisite.

Note2: PupVault might fail to run in xenialpup because the version of yad is too old.
Upgrading yad should fix this.

gyro
ydrv_pupvault_7.sfs.gz
Description  Remove false ".gz" to produce sfs file
gz

 Download 
Filename  ydrv_pupvault_7.sfs.gz 
Filesize  24 KB 
Downloaded  60 Time(s) 
yad_32-39.pet
Description  Click on downloaded file to install
pet

 Download 
Filename  yad_32-39.pet 
Filesize  70.21 KB 
Downloaded  59 Time(s) 
yad_64-39.pet
Description  Click on downloaded file to install
pet

 Download 
Filename  yad_64-39.pet 
Filesize  73.71 KB 
Downloaded  60 Time(s) 
Back to top
View user's profile Send private message 
gyro

Joined: 28 Oct 2008
Posts: 1627
Location: Brisbane, Australia

PostPosted: Tue 23 Apr 2019, 15:32    Post subject:  

I have attached updated "ydrv_pupvault_8.sfs" and "ydrv_pupvault_7.sfs".

As I recall, there is a bug in "drive_all" processing, (that's the drive icons on the rox desktop).

These files can also be downloaded from http://www.mediafire.com/folder/4nla3vcbco1ot/pupvault

gyro
ydrv_pupvault_8.sfs.gz
Description  Remove fake ".gz" to produce sfs file
gz

 Download 
Filename  ydrv_pupvault_8.sfs.gz 
Filesize  24 KB 
Downloaded  63 Time(s) 
ydrv_pupvault_7.sfs.gz
Description  Remove fake ".gz" to produce sfs file
gz

 Download 
Filename  ydrv_pupvault_7.sfs.gz 
Filesize  24 KB 
Downloaded  55 Time(s) 
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [4 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Cutting edge
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0367s ][ Queries: 12 (0.0060s) ][ GZIP on ]