Encrypting Files ---------------- This is a FYI and you probably should keep this for future use. Any sensitive information, such as passwords both system and private should be stored in encrypted files, and NOT as plain text. This guide is for encrypting individual files. Other encrypted data techniques include encrypted block devices (whole disks, partitions, or loop-back block files). Alternativally you can create encrypted file trees. ------------------------------------------------------------------------------- OpenSSL encrypted files Encrypt a file # encrypt file.txt to file.enc using 256-bit AES in CBC mode openssl enc -aes-256-cbc -salt -in file.txt -out file.enc # Output using base64 encoding for inclusion in an Email. # -a = base64 encoding as appropriate for encryption direction openssl enc -aes-256-cbc -a -salt -in file.txt -out file.enc.b64 decrypt a file # decrypt binary file.enc openssl enc -d -aes-256-cbc -in file.enc # decrypt base64-encoded version openssl enc -d -aes-256-cbc -a -in file.enc.b64 To get a list of encryption types use openssl list-cipher-commands WARNING: This uses the fast PBKDF1.5 password to key function. Which is a good hashing function for fast generation of one time pads. It does not use the slower more modern PBKDF2 method (see below), which is designed to make the hashing function very slow (about a second or so) so as to mke dictionary attacks impractical. For more info see the "openssl.hints" file (in this directory). ------------------------------------------------------------------------------- Personal "encrypt" encryption. I created a perl script "encrypt" which is basically equivelent to the OpenSSL "enc" file encryption, but with more advanced password hashing technique, known as PBKDF2 (see openssl below). This method is part of the OpenSSL library, but not available from the openssl command line for file encryption! For more information see "Password-Based Key Derivation Function v2" (PBKDF2 - RFC 2898) algorithm, in the "hashing.hints" file in this directory. You can download the "encrypt.pl" perl script from http://www.ict.griffith.edu.au/anthony/software/#encrypt ------------------------------------------------------------------------------- Mcrypt file encryption Mcrypt offers a lot more controls over the generated file format. The most important options can be pre-set using command line, environment variables, or a configuration file (rc config, or specified). Note the file checksum method can not be set that way. The 'key' may be specified in a number of ways. such as: command line option, environment, keyfiles. Though not pre-opened file descriptors. It can even be given as a raw pre-encrypted hex key. Essentually it is a more controllable form of the openssl file encrypt. mcrypt --keymode s2k-salted-md5 \ --algorithm rijndael-256 --mode cbc file or MCRYPT_ALGO=rijndael-256 \ MCRYPT_MODE=cbc \ MCRYPT_KEY_MODE=s2k-salted-md5 \ mcrypt file NOTE rijndael is the older original name for AES A lot of information is stored in the header of the file for easier decrypting, however a '--bare' form will remove all header information, and checksum. In that case this flag and all encryption info needs to be provided for decryption. However it does not provide access to a PBKDF2 iterative hashing function, to slow down brute force attacks. ------------------------------------------------------------------------------- PGP/GPG file encryption PGP (Pretty Good Privacy) and GPG (Gnu PGP) is normally used for sending and recieving encrypted mail, but it can also be used for encrypting and decrypting files with individual passwords. The following are details on how you can encrypt and decrypt files using the PGP system. First you do NOT need to have a PGP public/private key for encrypting files, such keys are generally for the sending of encrypted mail, not files. However GPG will insist in creating empty keyrings, even though they are not needed. It is posible to encrypt a file with your public key so only your private key will decrypt, or their public key so only the private key thay created can decrypt, this is not what were will be dealing with here. Files encrypted with PGP are saved with the suffix ".pgp" (encrypted with IDEA) while GPG files are saved with ".gpg" (typically CAST5 encryption). Such a file is generally a binary file, though a option exists to create a ascii version (known as ``ascii armoured'') which could then be safly mailed. To do this a "-a" option is also given during encryption, no change to the decryption is needed. To encrypt an existing plain text file... (using v2) pgp -c file (using v5) pgpe -c file (gnu PGP) gpg -c --force-mdc file The password to use to encrypt the file is asked for twice. And the commands can encrypt multiple files to the same passwd. The version 2 command may on first use ask you to just type a long phase to initialise its random number generator, This is a once only excercise. Version 5 does not require you to do this, but may complain about missing `keyrings', if you have not created your mail public and private PGP keys. Just ignore this. After encrypting you sould delete the original file rm file To decrypt the encrypted files back to normal use... (using v2) pgp file.pgp (using v5) pgpv file.pgp (gnu PGP) gpg file.gpg To just view a encrypted file safely (without saving the de-crypted file to disk) you can use any of the following. The version 5 is prefered as version 2 PGP creates a decrypted temporary file! (using v2) pgp -m file.pgp pgp -f < file.pgp | less (using v5) pgpv -m file.pgp pgpv < file.pgp | less (gnu GPG) gpg -o - t.gpg PGP Encryption using a prepared key Generate key if you don't have one gpg --gen-key (follow prompts) List keys gpg --list-keys Encrypt with key gpg -e -r 'Bob User' myfile gpg -e -r 'bob@somewhere.edu' myfile Decrypt gpg myfile.gpg The advantage with this is that you do not need a password to create the encrypted files but you will need your publick-key password to decrypt it. However files encrypted in this will report what key was used for the encryption process, without needing a password. That is all such files are marked as being encrypted, and the password key source, though that source is itself public key encrypted. ------------------------------------------------------------------------------- More advanced Encrypted Files Things that could (should) be included with the raw encrypted data, in a encrypted file... 1/ Some 'file magic' to identify the encryption method. Though strictly not required, and tells a cracker what encryption scheme has been used, it is required if you want to implement multiple versions or variations of file encryption. That is for backward compatibility. OpenSSL file encrupting learned this the the hard way, when they improved their encryption with Salting. It now uses "Salted__" as its encryptions "file magic" 2/ Random salt (public) for the password hashing. This makes a static 'rainbow table' hashed dictionary words useless. 3/ PBKDF v2 iteration count (public) for password to encryption key. This vastly improves security. First by adding more complexity to the final cryptographic key, and by my making it a lot slower to crack the password without making it two slow for a user to really notice. That is, it adds about 1/2 to 2 seconds delay, to hash the users password. 4/ A verification identifier (encrypted or hashed). Essentually something that will verify whether the user's passphrase is actually correct, and will decrypt the file data correctly. This verification identifier could be... (a) a 'fixed string' (without salting this could weaken encryption) (b) the users password itself (not the cryptographic hash) (c) the salt used (its random and changes, so should be a good test) (d) Some type of file checksum. For example of just the first block of the decrypted data, so it can be checked earily. (This is probably best) This is NOT an encryption of the whole file checksum, as that means you can not verify the file until you actually decrypt the whole file. For a large files that can be a very long time. Just for first block that follows the 'header' information (see next). Note verification can make it easier to crack, as a cracker can just decrypt the first block to see if they get something legible. But it generally does not help the cracker very much. But it does help provide valuable feedback to a valid user, especially on very large files, before it gets very far. Basically it can be used to prevent the decrypt command spewing binary garbage, if the users password is not correct. 5/ A final checksum of the encrypted data - total verification of data. Warning: This can be difficult to implement in a data pipeline as the data will have an unknown length. In any type of pipeline, any such checksum will always need to be added at the end, rather than in the header, and then you have the problem of separating the data from the checksum. Often this is easier to do by the program that is actually making use of the data, rather than as part of the encryption process. The original "OpenSSL enc" used none of the above when it was first released. It later added a hashing salt (2), as well as some file magic (1), so it can automatically identify the new encryption format, without breaking existing openssl encrypted files. My own perl "encrypt" program http://www.ict.griffith.edu.au/~anthony/software/#encrypt is the same as "openssl enc" but adds PBKDF2 (3) for added security. However it does not provide any form of 'verification' (4) at this time. I did however add an option to easilly turn off or change the file magic (1) if you wanted to obfuscate the encrypted data more. The "dmcrypt", or "LUKS cryptsetup" used for disk partition encryption under linux, implements 1 to thru to 4. The fifth is automatically provided by the filesystem stored on the encrypted disk. Similarly normal use of "EncFS" also provides 1 thur to 4 using information in the configuration file, that is normally stored in the parent directory of the encrypted directory tree. But this may not be the case if 'any password' option is enabled. ------------------------------------------------------------------------------- For the users using VIM you can also directly edit a ".pgp" file by creating a .vimrc file with the following... .vimrc "======8<--------CUT HERE----------axes/crowbars permitted--------------- " " General options " set nocompatible " Use Vim defaults like multi-undo (much better!) " Edit PGP (v5) encrypted files (.pgp) autocmd! BufReadPre,FileReadPre *.pgp set bin autocmd BufReadPost,FileReadPost *.pgp '[,']!pgpv -f autocmd BufReadPost,FileReadPost *.pgp set nobin autocmd! BufWritePre,FileWritePre *.pgp set bin autocmd BufWritePre,FileWritePre *.pgp '[,']!pgpe -fc autocmd BufWritePost,FileWritePost *.pgp undo autocmd BufWritePost,FileWritePost *.pgp set nobin " Edit GPG encrypted files (.gpg) autocmd! BufReadPre,FileReadPre *.gpg set bin autocmd BufReadPost,FileReadPost *.gpg '[,']!gpg -o - autocmd BufReadPost,FileReadPost *.gpg set nobin autocmd! BufWritePre,FileWritePre *.gpg set bin autocmd BufWritePre,FileWritePre *.gpg '[,']!gpg -c --force-mdc -o - autocmd BufWritePost,FileWritePost *.gpg undo autocmd BufWritePost,FileWritePost *.gpg set nobin " Edit GZip files (.gz) autocmd! BufReadPre,FileReadPre *.gz set bin autocmd BufReadPost,FileReadPost *.gz '[,']!gzip -d autocmd BufReadPost,FileReadPost *.gz set nobin autocmd! BufWritePre,FileWritePre *.gz set bin autocmd BufWritePre,FileWritePre *.gz '[,']!gzip autocmd BufWritePost,FileWritePost *.gz undo autocmd BufWritePost,FileWritePost *.gz set nobin " Decrypt/Encrypt .enc files using a personal "encrypt" command " A PBKDF v2 (salt+count) aes-256-cbc encryption. (File Magic "PBKDF2__") augroup enc autocmd! autocmd BufReadPre,FileReadPre *.enc set binary autocmd BufReadPre,FileReadPre *.enc set history=0 cmdheight=3 viminfo= autocmd BufReadPre,FileReadPre *.enc set noswapfile nowritebackup " autocmd BufReadPost,FileReadPost *.enc set shell=/bin/sh shellredir=> autocmd BufReadPost,FileReadPost *.enc '[,']!encrypt -d autocmd BufReadPost,FileReadPost *.enc set nobinary cmdheight& shell& autocmd BufReadPost,FileReadPost *.enc let b:encflag=1 autocmd BufReadPost,FileReadPost *.enc exe "doau BufReadPost ".expand("%:r") autocmd BufReadPost,FileReadPost *.enc redraw! " autocmd BufWritePre,FileWritePre *.enc mark z autocmd BufWritePre,FileWritePre *.enc set binary cmdheight=3 shell=/bin/sh autocmd BufWritePre,FileWritePre *.enc '[,']!encrypt " autocmd BufWritePost,FileWritePost *.enc undo autocmd BufWritePost,FileWritePost *.enc set nobinary cmdheight& shell& autocmd BufWritePost,FileWritePost *.enc 'z augroup END " OpenSSL encrypted files. " PBKDF v1.5 (salted) aes-256-cbc encrypted file. (File magic "Salted__") augroup ossl autocmd! autocmd BufReadPre,FileReadPre *.ossl set binary autocmd BufReadPre,FileReadPre *.ossl set history=0 cmdheight=3 viminfo= autocmd BufReadPre,FileReadPre *.ossl set noswapfile nowritebackup " autocmd BufReadPost,FileReadPost *.ossl set shell=/bin/sh shellredir=> autocmd BufReadPost,FileReadPost *.ossl '[,']!openssl aes-256-cbc -d -salt autocmd BufReadPost,FileReadPost *.ossl set nobinary cmdheight& shell& autocmd BufReadPost,FileReadPost *.ossl let b:encflag=1 autocmd BufReadPost,FileReadPost *.ossl exe "doau BufReadPost ".expand("%:r") autocmd BufReadPost,FileReadPost *.ossl redraw! " autocmd BufWritePre,FileWritePre *.ossl mark z autocmd BufWritePre,FileWritePre *.ossl set binary cmdheight=3 shell=/bin/sh autocmd BufWritePre,FileWritePre *.ossl '[,']!openssl aes-256-cbc -salt " autocmd BufWritePost,FileWritePost *.ossl undo autocmd BufWritePost,FileWritePost *.ossl set nobinary cmdheight& shell& autocmd BufWritePost,FileWritePost *.ossl 'z augroup END " Direct aes-256-cbc encryption (old OpenSSL file encryption) " PBKDF v1 (no salt and no magic file identification) augroup aes autocmd! autocmd BufReadPre,FileReadPre *.aes set binary autocmd BufReadPre,FileReadPre *.aes set history=0 cmdheight=3 viminfo= autocmd BufReadPre,FileReadPre *.aes set noswapfile nowritebackup " autocmd BufReadPost,FileReadPost *.aes set shell=/bin/sh shellredir=> autocmd BufReadPost,FileReadPost *.aes '[,']!openssl aes-256-cbc -d -nosalt autocmd BufReadPost,FileReadPost *.aes set nobinary cmdheight& shell& autocmd BufReadPost,FileReadPost *.aes let b:encflag=1 autocmd BufReadPost,FileReadPost *.aes exe "doau BufReadPost ".expand("%:r") autocmd BufReadPost,FileReadPost *.aes redraw! " autocmd BufWritePre,FileWritePre *.aes mark z autocmd BufWritePre,FileWritePre *.aes set binary cmdheight=3 shell=/bin/sh autocmd BufWritePre,FileWritePre *.aes '[,']!openssl aes-256-cbc -nosalt " autocmd BufWritePost,FileWritePost *.aes undo autocmd BufWritePost,FileWritePost *.aes set nobinary cmdheight& shell& autocmd BufWritePost,FileWritePost *.aes 'z augroup END "======8<--------CUT HERE----------axes/crowbars permitted--------------- You can now edit (read and write) an encrypted file with the suffixes: .pgp .gpg .enc .ossl .aes and well as edit compressed files: .gz This is a very safe way of updating a encrypted file as it is only decrypted in the editors buffer. Warning: some parts of the file may be saved temporarially unencrypted to a ".swp" file though later more advanced decryption methods prevent this. ------------------------------------------------------------------------------- Direct Vim File Encryption. If you edit/create a file using vim -x filename or while editing a file you use :X vim will write that file using the key it asks for in encrypted form. the file will have a Prefix of "VimCrypt~" but no special suffixes The key is saved during the editing using the "key" setting. So to removing the encryption use the command ":set key=" The method by default is 'zip' whcih is weak. You can change the default to a stronger method using "set cm=blowfish" in your ".vimrc" file while a file is in memory the files encryption method can be changed using ":setlocal cm=blowfish" otherwise it is the same as the encryption used when reading. The encryption method is stored as byte 9 and 10 with the string values of "01" or "02" respectivally. Other than this the actual encryption method is not known at this time. WARNING: while restore and undo files are encrypted the viminof file is not. Any command history or buffers may be saved into the viminfo file including cut/paste buffers, and ":set key=..." commands. No method of specifying an external encryption program is provided. IN SUMMARY: direct encryption using vim is not recommended. -------------------------------------------------------------------------------