«
»

3 ways to keep safe your files

December 5, 2008, 3:26 pm
security.jpg

One of the most important advantages that Linux has over Windows is the file security, but many users do not try to keep safe his private data. In this little guide I am going to talk about three ways to do that, in two of them we encrypt the files.

Let’s do it, first in the easiest way:

  1. Set up basic permissions from a terminal
  2. Using CFS to encrypt folders
  3. Using TrueCrypt to create virtual encrypted disks

1. Set up basic permissions using a terminal

This is the simplest way to protect our data, in wich you only need to set up the correct permissions in order to ban the access to non-authorized users. The only thing you need to do is typing this command:

chmod -R u+wrx,og-wrx private

Where private is a folder where we have our confidential documents.

-R

means that

chmod

will assign that permission to all files and directories recursively .

u+wrx

assign permissions of writing, reading y execution to ourselves; while

og-wrx

remove permissions permisos writing, reading y execution to others users and groups.

Of course, this is the most primitive way, but most of people do not do that, wich means a big security problem. Let’s continue with other methods more complex…


2. Using CFS to encrypt folders

CFS (Cryptographic Filesystem), is a file system that allows you to store and to recover encrypted data. CFS provides application-independent encryption/decryption of the filesystem layer that does not require modification of the underlying filesystem code nor any kind of modification of thekernel source.

Firstly, we must install CFS, for example from a Ubuntu or Debian distro:

sudo apt-get install cfs

Let’s do a quick example… the idea is creating a folder named confidential where we will store the confidential data; we can do it with the command cmkdir:

/home/cris/ $ cmkdir confidential
Key: type_a_long_password
Again: type_the_long_password_again

We must specify a password with at least 16 characters; it is important not to forget it, otherwise we won’t be able to recover the data again. In addition, it is not possible to access the folder that we have created, at least in plain text. But ¿how can we put files into the folder? In order to add files we must “mount” our directory in a separate folder with plain text access, using the cattach command:

/home/cris/ $ cattach /home/cris/confidential
key: type_the_long_password

That will create a folder named confidential in /crypt (/crypt/confidential), where we can access the files normally:

/home/cris/ $ cd /crypt/confidential
/crypt/confidential $ mv /home/cris/file.odt .
/crypt/confidential $ cat /etc/fstab > backup_fstab.bak
/crypt/confidential $ cd

All the files that we add on that directory will be crypted when we detach the folder:

/home/cris/ $ cdetach confidential

If we list the files on the /home/cris/confidential folder, we will see that CFS has crypted the files and filenames:

/home/cris/ $ ls confidential
37401e3e492f0bce 71d8783a255e3b68a8da544204eb3cad

That’s it. Now on, when you want to access your encrypted data you can use the cattach command, and don’t forget to detach it later using the cdetach command.

3. Using TrueCrypt to create virtual encrypted disks

This is in my own opinion the best way to encrypt our private data; TrueCrypt is a volume encryption system, wich is available for the most important linux distros, even of course Ubuntu. For installing it, you must download the installer for your distro. Now, if for example you have download the Ubuntu x86 one you must uncompress it and install the .deb package:

$ tar xvfz truecrypt-6.0a-ubuntu-x86.tar.gz
$ ./truecrypt-6.0a-setup-ubuntu-x86

You will see a window where you have the choice to extract the .deb package. That file will be sent to the /tmp folder, where you can install it easly using GDebi, or with the command:

$ sudo dpkg -i /tmp/truecrypt_6.0a-0_i386.deb

Once you have installed it, it is possible to use it from a terminal or with a GUI. Let’s do it both ways; the idea is creating a virtual volume where we will store our data:

Using TrueCrypt from the command line

Firstly, we need to create a virtual volume:

$ truecrypt -t -c
Volume type:
1) Normal
2) Hidden
Select [1]: 1

Select Normal typing 1 and then Enter. In general all the option can be set by the default simply typing Enter. Then we must write the path where we want to create the volume:

Enter volume path: /home/cristian/private

Type the volume size, for example 5 Gigabytes:

Enter volume size (sizeK/size[M]/sizeG): 5G

Select the encryption algorithm (in a normal case, just hit enter):

Encryption algorithm:
1) AES
2) Serpent
3) Twofish
4) AES-Twofish
5) AES-Twofish-Serpent
6) Serpent-AES
7) Serpent-Twofish-AES
8 ) Twofish-Serpent
Select [1]: 1

Select the Hash Algorithm (in a normal case, just hit enter):

Hash algorithm:
1) RIPEMD-160
2) SHA-512
3) Whirlpool
Select [1]: 1

Select the filesystem (in a normal case, just hit enter):

Filesystem:
1) FAT
2) None
Select [1]: 1

Type twice the password, at least 16 characters:

Enter password:
Re-enter password:

Or, if you have a file with the keys you can specify the path:

Enter keyfile path [none]:

Now we must type 320 random characters. Please, do not type things like “aaaaaaaa”; we should type something really random. If you type less than 320 characters, TrueCrypt will tell you how many characters are missing.

Please type at least 320 randomly chosen characters and then press Enter:
tg/E$%E%$Str·w%dU(OGH90HoN)ui09i
Done: 100,000% Speed: 5,7 MB/s Left: 0 s
The TrueCrypt volume has been successfully created.

That’s it, you’ve created the encrypted volume. Now, the only thing you need to do is mounting on a folder to access the data:

$ sudo mkdir /media/encrypted
$ truecrypt /home/cristian/private /media/encrypted
$ sudo umount /media/encrypted

TrueCrypt will ask you for the password, and then you can use the /media/encrypted folder normally.

Using TrueCrypt from the GUI

This time, we will do the same but using the TrueCrypt GUI. Just type the truecrypt command and you will see the following window:

Click on Create Volume button, select Create a file container and click on Next:

Select Standar TrueCrypt volume, and click on Next:

Browse to the path where you want to create the volume and click on Next:

In the following window you must select the encryption and hash algorithm. You can leave the default values if you want, then click on Next:

Now, you need to set your volume max size, for example 2 gigabytes and then click con Next:

Type the password and click on Next:

Select FAT as your file system and click on Next:

Then TrueCrypt will generate a random pool in order to encrypt the volume. Just click on Format, and that’s it! Click on Exit.

Now you can mount and unmount the volume in an easy way using the GUI. Just click on Select File, then select the file that you created in the past step, click on Mount, type the password and that’s it; now you can write and read your files on the folder normally, even you can use the volume file in other computers with TrueCrypt installed:

To umount, just click on Dismount.

Related Posts

FreeSoftwareDaily
Stumble
Delicious
Technorati
Facebook
Tags: , , ,
Category: Security

Comments are closed.