Needed: easy-to-use encryption utility (other than gpg)
Till I was on Windows I used dsCrypt from: http://members.ozemail.com.au/~nulifetv/freezip/freeware/ I would like to use an equivalent utility on Linux *other* than gpg or kgpg. I haven't understood this public-key private-key thing yet and am too busy right now to study it up. My security needs are not so great so the AES cipher which dsCrypt gives me is more than enough. So is there an equivalent app on Linux? dsCrypt runs reasonably well on Wine but I would rather use a native Linux app, for interface convenience. Better still, since the C source code to dsCrypt is available, can any kind soul teach me how to compile this on Linux to get a GUI on Linux just as on Windows? Thanks a lot! Shriramana Sharma.
Hi, use openssl. Example: encodes with blowfish-cbc, output is base64, password from stdin encode:openssl bf -a -salt -in file -out file.bf decode:openssl bf -d -a -salt -in file.bf -out file -Stathis On Tuesday 25 October 2005 18:30, Shriramana Sharma wrote:
Till I was on Windows I used dsCrypt from:
http://members.ozemail.com.au/~nulifetv/freezip/freeware/
I would like to use an equivalent utility on Linux *other* than gpg or kgpg. I haven't understood this public-key private-key thing yet and am too busy right now to study it up. My security needs are not so great so the AES cipher which dsCrypt gives me is more than enough.
So is there an equivalent app on Linux? dsCrypt runs reasonably well on Wine but I would rather use a native Linux app, for interface convenience.
Better still, since the C source code to dsCrypt is available, can any kind soul teach me how to compile this on Linux to get a GUI on Linux just as on Windows?
Thanks a lot!
Shriramana Sharma.
Tuesday 25 Oct 2005 20:13 samaye rouvas alekhiit:
encodes with blowfish-cbc, output is base64, password from stdin
encode:openssl bf -a -salt -in file -out file.bf decode:openssl bf -d -a -salt -in file.bf -out file
samjnaa@linux:~> encode:openssl bash: encode:openssl: command not found Now what do I do? Shriramana.
Shrirmana, On Wednesday 26 October 2005 19:03, Shriramana Sharma wrote:
Tuesday 25 Oct 2005 20:13 samaye rouvas alekhiit:
encodes with blowfish-cbc, output is base64, password from stdin
encode:openssl bf -a -salt -in file -out file.bf decode:openssl bf -d -a -salt -in file.bf -out file
samjnaa@linux:~> encode:openssl bash: encode:openssl: command not found
Now what do I do?
Come, now. Is impending marriage making you dull? Install it. Openssl, that is.
Shriramana.
Randall Schulz
Thursday 27 Oct 2005 08:30 samaye Randall R Schulz alekhiit:
samjnaa@linux:~> encode:openssl bash: encode:openssl: command not found
Now what do I do?
Come, now. Is impending marriage making you dull?
Though I admit that I am distracted with the preparations and other details:
Install it. Openssl, that is.
I do have openssl 0.9.7g-2. Do I need to install the devel package too? Package manager search for openssl gives: [Keep] openssl | 0.9.7g-2 | 2.1 MB [Do Not Install] openssl-devel | 0.9.7g-2 | 3.3 MB [Do Not Install] perl-OPENSSL | 1.1.2-2 | 109.0 kB [Do Not Install] python-openssl | 0.6-4 | 933.9 kB [Do Not Install] tls | 1.5.0-21 | 68.3 kB Shriramana.
Shriramana, On Wednesday 26 October 2005 19:03, Shriramana Sharma wrote:
Tuesday 25 Oct 2005 20:13 samaye rouvas alekhiit:
encodes with blowfish-cbc, output is base64, password from stdin
encode:openssl bf -a -salt -in file -out file.bf decode:openssl bf -d -a -salt -in file.bf -out file
samjnaa@linux:~> encode:openssl bash: encode:openssl: command not found
Now what do I do?
Actually, I think the problem is that you appear to have attempted to run the command "encode:openssl". There is no such command, but there is an "openssl" command (given that you've installed the "openssl" package). I think in some way, this is what Stathis was trying to tell you to do. Something like this: In order to encode the file "file": % openssl bf -a -salt -in file -out file.bf I verified that this command, after prompting and confirming a password, encrypts "file", leaving the result in "file.bf" ("bf" for blowfish, of course). Conversely: To decode the encrypted file "file.bf": % openssl bf -d -a -salt -in file.bf -out file I likewise verified that this recovers the original file after prompting for the encryption key. NOTE: In practice, I'd not try to overwrite my original in this manner.
Shriramana.
Randall Schulz
Thursday 27 Oct 2005 10:11 samaye Randall R Schulz alekhiit:
Actually, I think the problem is that you appear to have attempted to run the command "encode:openssl". There is no such command, but there is an "openssl" command (given that you've installed the "openssl" package).
Hey, thanks! This works. But why is the output in base64? Why not binary? Or is there a way to make the output binary? Also, I tried to run diff between input.txt and output.txt (where I encrypted input.txt to output.bf and decrypted output.bf to output.txt) and I got nothing. samjnaa@linux:~/docs> diff input.txt output.txt samjnaa@linux:~/docs> Does this mean there is no difference?
hi,
On 27/10/05, Shriramana Sharma
Hey, thanks! This works. But why is the output in base64? Why not binary? Or is there a way to make the output binary?
Also, I tried to run diff between input.txt and output.txt (where I encrypted input.txt to output.bf and decrypted output.bf to output.txt) and I got nothing.
samjnaa@linux:~/docs> diff input.txt output.txt samjnaa@linux:~/docs>
Does this mean there is no difference?
Yes, there is no difference. Why should there be? You encrypted a text file, then decrypted it. The resulting file should be the same as the original one. Obviously, there will be a difference between input/output.txt and "output.bf", though. -- /Paul "It's not about the ending, it's about the journey." - Lex Luthor
Thursday 27 Oct 2005 14:35 samaye Paul alekhiit:
samjnaa@linux:~/docs> diff input.txt output.txt samjnaa@linux:~/docs>
Does this mean there is no difference?
Yes, there is no difference. Why should there be?
Well I was expecting some message like with DOS's FC: "No differences encountered"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2005-10-27 at 14:58 +0530, Shriramana Sharma wrote:
Well I was expecting some message like with DOS's FC:
"No differences encountered"
Those linux or unix utilities follow the maxim of saying nothing if there is nothing important to say. In this case, the output expected is the list of differences, perhaps to be piped to some other program, which would yield incorrect results if it found "No differences encountered" instead. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDYMNjtTMYHG2NR9URAs8LAJ47tjgiEVVQA04Cr1r0uPYqJ9ZaRwCgildZ uX4W7GUdsuFY86MVQAeio+8= =9/0O -----END PGP SIGNATURE-----
Tuesday 25 Oct 2005 20:13 samaye tvayaa likhitam:
openssl bf -a -salt -in file -out file.bf
Why are all files created using this command having Salted__ as the first characters? Most irritating. I want the encrypted file to be the same size as the original. Or preferably smaller. These unnecessary bytes only *add* to the filesize. Shriramana.
Shrirmana, Once again, it seems you're using the list to get a tutorial. There are far better and more appropriate ways to learn background knowledge. On Thursday 27 October 2005 10:18, Shriramana Sharma wrote:
Tuesday 25 Oct 2005 20:13 samaye tvayaa likhitam:
openssl bf -a -salt -in file -out file.bf
To answer this and your previous question, check out: - http://www.openssl.org/docs/apps/enc.html From that page: "-salt " use a salt in the key derivation routines. This option should ALWAYS be used unless compatibility with previous versions of OpenSSL or SSLeay is required. This option is only present on OpenSSL versions 0.9.5 or above."
Why are all files created using this command having
Salted__
Because the ciphertext is salted.
as the first characters? Most irritating. I want the encrypted file to be the same size as the original. Or preferably smaller. These unnecessary bytes only *add* to the filesize.
Why? You should probably drop (or at least questino) your preconceived notions about cryptography. And why would you expect compression to be part of the bargain? Compression is, in some sense, the antithesis of cryptography (encryption seeks to create featurelessness or apparent randomness, compression seeks to eliminate redundancy). Compress first, if that's what you want. Then encrypt.
Shriramana.
Randall Schulz
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Shriramana Sharma wrote:
I would like to use an equivalent utility on Linux *other* than gpg or kgpg. I haven't understood this public-key private-key thing yet and am too busy right now to study it up. My security needs are not so great so the AES cipher which dsCrypt gives me is more than enough.
Well, AES is among the strongest cyphers around :)
So is there an equivalent app on Linux? dsCrypt runs reasonably well on Wine but I would rather use a native Linux app, for interface convenience.
Unfortunately there aren't that many good alternatives with a user-friendly GUI around. There is kfilecoder (http://kfilecoder.sourceforge.net/), but the project seems to be dormant. Linux Journal has an exhaustive article here, but this may be a bit too complex: http://www.linuxjournal.com/article/8599 I'd like to recommend to give kgpg another try. Setting up your own GPG key pair is not that complicated, kgpg will actually guide you through the process. Later on, you can simply encrypt files by using Konqueror (Actions -> Encrypt File). And as kgpgp is using your regular GPG key ring, you can re-use that key for other purposes like encrypting or signing emails. As an alternative, you could set up an encrypted file system using YaST, that could contain all your secret data. I actually have my entire home file system on an encrypted partition, in case my Laptop gets stolen.
Better still, since the C source code to dsCrypt is available, can any kind soul teach me how to compile this on Linux to get a GUI on Linux just as on Windows?
Sorry, that's not easily doable - windows GUI apps don't "just compile"
on Linux, as they use completely different GUI widget libraries. So you
would need to port the app to a Linux GUI environment first.
Bye,
LenZ
- --
- ------------------------------------------------------------------
Lenz Grimmer
Wednesday 26 Oct 2005 00:59 samaye Lenz Grimmer alekhiit:
I'd like to recommend to give kgpg another try. Setting up your own GPG key pair is not that complicated, kgpg will actually guide you through the process.
I already set up my own KGPG, but two things: 1. What do I do to backup and restore my KGPG key? 2. I use different passwords for different kinds of files (but I remember them). KGPG won't let me do that. It asks me to decrypt using my passphrase. So if I want to use different passphrases I should set up different keys, which is more the pain if I lose the intricate public-key private-key files. With dsCrypt I can simply remember a single password and wherever I can run dsCrypt from I can decrypt the file without having any files on the local KGPG system. (What if I have to decrypt the KGPG-encrypted file on a Windows system?) So what do you suggest? Thanks all, for the info.
The approach using openssl I wrote about yesterday, doesn't cut it? why? -Stathis On Wednesday 26 October 2005 15:45, Shriramana Sharma wrote:
Wednesday 26 Oct 2005 00:59 samaye Lenz Grimmer alekhiit:
I'd like to recommend to give kgpg another try. Setting up your own GPG key pair is not that complicated, kgpg will actually guide you through the process.
I already set up my own KGPG, but two things:
1. What do I do to backup and restore my KGPG key?
2. I use different passwords for different kinds of files (but I remember them). KGPG won't let me do that. It asks me to decrypt using my passphrase. So if I want to use different passphrases I should set up different keys, which is more the pain if I lose the intricate public-key private-key files. With dsCrypt I can simply remember a single password and wherever I can run dsCrypt from I can decrypt the file without having any files on the local KGPG system. (What if I have to decrypt the KGPG-encrypted file on a Windows system?) So what do you suggest?
Thanks all, for the info.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2005-10-26 at 18:15 +0530, Shriramana Sharma wrote:
I already set up my own KGPG, but two things:
1. What do I do to backup and restore my KGPG key?
kgpg is a front-end to gpg. I suppose it has an option to export public and private keys, otherwise, you could do it manually. Warning: store the private key file in a _safe_ box. Or you can copy the contents of the .gnupg directory.
2. I use different passwords for different kinds of files (but I remember them). KGPG won't let me do that. It asks me to decrypt using my passphrase. So if I want to use different passphrases I should set up different keys, which is more the pain if I lose the intricate public-key private-key files.
Yes, because it uses a very different system. You need both the private key and the paraphrase. One must be stored very safely, the other must be committed to memory. The key ring file could be broken if some one has access to it.
With dsCrypt I can simply remember a single password and wherever I can run dsCrypt from I can decrypt the file without having any files on the local KGPG system. (What if I have to decrypt the KGPG-encrypted file on a Windows system?) So what do you suggest?
I would have another key pair in that windows machine, and encrypt on your computer using the public key of the second machine. Then the file can be read there, and only there. Or you can encrypt using multiple keys. The approach is very different. Read the documentation in "/usr/share/doc/packages/gpg/*", all is explained there. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDYBbatTMYHG2NR9URAhZ7AJ9IjQl8CG948pTrql5malnZUczFfgCgkUI0 HAyGyLhHYRjaeXMoBMUDyDo= =B+tb -----END PGP SIGNATURE-----
Wednesday 26 Oct 2005 00:59 samaye Lenz Grimmer alekhiit:
Well, AES is among the strongest cyphers around :)
How come AES is not one of the ciphers that I can use with the openssl command? Base64 Encoding Blowfish Cipher CAST Cipher CAST5 Cipher DES Cipher Triple-DES Cipher IDEA Cipher RC2 Cipher RC4 Cipher RC5 Cipher are all that are listed under man openssl?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2005-10-27 at 22:15 +0530, Shriramana Sharma wrote:
How come AES is not one of the ciphers that I can use with the openssl command?
How come you think it doesn't? Try 'openssl --help' or 'openssl ciphers'. You will see a list including aes. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDYWpgtTMYHG2NR9URAmrtAJ9l5yrI8qHfgaOrb/gdGrJeTew8PACfUJTb WSPRUPgywhkivNBGewaiPc0= =qoBr -----END PGP SIGNATURE-----
Carlos, Shriramana, On Thursday 27 October 2005 17:01, Carlos E. R. wrote:
The Thursday 2005-10-27 at 22:15 +0530, Shriramana Sharma wrote:
How come AES is not one of the ciphers that I can use with the openssl command?
How come you think it doesn't?
Try 'openssl --help' or 'openssl ciphers'. You will see a list including aes.
Or, as I'm wont to do with such things: % openssl ciphers |tr : \\n DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA AES256-SHA <<< Look here! <<< EDH-RSA-DES-CBC3-SHA EDH-DSS-DES-CBC3-SHA DES-CBC3-SHA DES-CBC3-MD5 DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA AES128-SHA RC2-CBC-MD5 DHE-DSS-RC4-SHA RC4-SHA RC4-MD5 RC4-MD5 RC4-64-MD5 EXP1024-DHE-DSS-DES-CBC-SHA EXP1024-DES-CBC-SHA EXP1024-RC2-CBC-MD5 EDH-RSA-DES-CBC-SHA EDH-DSS-DES-CBC-SHA DES-CBC-SHA DES-CBC-MD5 EXP1024-DHE-DSS-RC4-SHA EXP1024-RC4-SHA EXP1024-RC4-MD5 EXP-EDH-RSA-DES-CBC-SHA EXP-EDH-DSS-DES-CBC-SHA EXP-DES-CBC-SHA EXP-RC2-CBC-MD5 EXP-RC2-CBC-MD5 EXP-RC4-MD5 EXP-RC4-MD5
-- Cheers, Carlos Robinson
Randall Schulz
participants (6)
-
Carlos E. R.
-
Lenz Grimmer
-
Paul
-
Randall R Schulz
-
rouvas
-
Shriramana Sharma