In this document I will try to explain what it takes to get an encrypted fileserver.
I chose to have a server with one disk where the OS resides and all ‘big disks’ to be mounted into the directory-tree but that’s not something that’s necessary or such. I did not attempt to have the OS itself encrypted, to me it seemed unneedingly complicated and way to much a ‘single-point-of-failure’ solution to what I was looking for. I did however choose for the most secure OS out there (imho), OpenBSD :-)
From this point I assume you have an OpenBSD-box with OpenBSD 3.6 (or newer) and a generic kernel (there’s plenty of excellent literature on www.openbsd.org to help you with that) and have all the services you want installed (ftp/samba/etc.).
OK, well, we’ll start simple and have you send me your key. Mutt makes that very easy: reply to this and then exit the editor. On the compose screen (that’s the one with the to, cc, subject, attachments and other things screen, right?) just press esc-k. It will then ask you what key you want to attach. Just type in your email address: user@some.host.foo.
The disadvantage of using encrypted partitions is that while the partition is mounted, at least root can access the data. To prevent this, vi can be used in encrypted mode.
Use vi -x filename (or vim alternatively) to edit a new file. vi prompts you to set a password, after which it encrypts the content of the file. Whenever you access this file, vi requests the correct password.
For even more security, you can place the encrypted text file in an encrypted partition. This is recommended because the encryption used in vi is not very strong.
Thunderbird is a great and well know open source email client brought to you by the same group that puts out Firefox. But like Firefox, there’s extensions we can add to it to make an already secure application more secure. Welcome to the world of signing and encrypting your emails. This tutorial will already assume you have thunderbird installed, be it your distro’s package or the Mozilla Builds. We will also assume you have installed the Enigmail extension, luckily for me openSuse provides this with their default Thunderbird install from their repo’s. Other’s may have to download and install it from here. And for the last of our assumptions, we will assume you have GnuPG installed as well. Most Linux distributions today include GnuPG by default. To find out if this is the case, get to a command prompt and type gpg –version. If it tells you that you’ve got GnuPG 1.4.9 (or some later version), then you don’t need to do anything: it’s already there. To familiarize yourself with the basics of GPG, look at the man page for it, and also check out a previous entry Tuxtraining has written on the subject.
OTR allows you to have private conversations over instant messaging by providing encryption, authentication, and deniability. Most distro’s have OTR in the repo’s. It comes standard with your pidigin installation in Suse. A search of Synaptic or pruit/yumex in Fedora should easily find OTR as well. If it is not in your repo’s you can build it from source here: http://www.cypherpunks.ca/otr/#downloads
Binaries are also provided for Windows users as well. Below is a short video displaying OTR in use.
Need to protect sensitive information? Then you need an encryption program. Luckily most linux distrubtions come with openSSL already installed. I’ve tested this on openSuse and Ubuntu and both seem to have the package right out of the box.
To encrypt a file: openssl des3 -salt -in existing_file.txt -out file.des3
The above will prompt for a password, or you can put it in with a -k option (as shown below), assuming you’re on a trusted server.
Use YaST to encrypt partitions or parts of your file system during installation or in an already installed system. However, encrypting a partition in an already installed system is more difficult, because you have to resize and change existing partitions. In such cases, it may be more convenient to create an encrypted file of a defined size in which to store other files or parts of your file system. To encrypt an entire partition, dedicate a partition for encryption in the partition layout. The standard partitioning proposal as suggested by YaST does not, by default, include an encrypted partition. Add it manually in the partitioning dialog.
More and more ISP’s are limiting throttling BitTorrent traffic on their networks. By throttling BitTorrent traffic the speed of BitTorrent downloads decrease, and high speed downloads are out of the question.
The list of ISP’s that limit BitTorrent traffic, or plan to do so is growing every day, and according to the BBC, the ‘bandwidth war’ has begun.
But there is a solution. Encrypting your torrents will prevent throttling ISP’s from shaping your traffic. I will explain how to enable encryption in Azureus, ktorrent, Deluge the three most popular torrent clients in Linux.
