OpenSourceEncryptionSoftware: Difference between revisions
(14 intermediate revisions by 6 users not shown) | |||
Line 3: | Line 3: | ||
Dm-crypt is part of the Linux Kernel. Some distributions might not include it in their kernel configurations, however. It is a lot like TrueCrypt: it allows you to mount encrypted files or partitions and decrypt/encrypt them on-the-fly. | Dm-crypt is part of the Linux Kernel. Some distributions might not include it in their kernel configurations, however. It is a lot like TrueCrypt: it allows you to mount encrypted files or partitions and decrypt/encrypt them on-the-fly. | ||
===Manual setup=== | ===Manual setup=== | ||
Your distro probably comes with a tool to simplify using dm-crypt. However, here is how you would manually mount a file-hosted dm-crypt volume. The [http://www.paranoiacs.org/~sluskyb/hacks/hashalot/ hashalot] tool is used to prompt you for and process your password. This is used both to create the device and access it: | Your distro probably comes with a tool to simplify using dm-crypt (also see Tomb below). However, here is how you would manually mount a file-hosted dm-crypt volume. The [http://www.paranoiacs.org/~sluskyb/hacks/hashalot/ hashalot] tool is used to prompt you for and process your password. This is used both to create the device and access it: | ||
losetup /dev/loop0 ~/encrypted | losetup /dev/loop0 ~/encrypted | ||
HASH=`hashalot -s InsertSaltHere sha256 | hexdump -e '32/1 "%02x"'` | HASH=`hashalot -s InsertSaltHere sha256 | hexdump -e '32/1 "%02x"'` | ||
Line 47: | Line 47: | ||
openssl enc -d -aes256 -in wallet.aes256 -out wallet.dat | openssl enc -d -aes256 -in wallet.aes256 -out wallet.dat | ||
There is a small shell script that automates the whole process of 1) decrypting wallet 2) launching Bitcoin 3) encrypting the wallet afterwards and cleaning up the unencrypted bits. [http://lorelei.kaverit.org/bitcoin.sh bitcoin-launch-script] | |||
==CCrypt== | |||
===Description=== | |||
'''CCrypt''' is a linux command-line utility by Peter Selinger[http://www.mathstat.dal.ca/~selinger/] that replaces the Unix ''crypt'' command. '''CCrypt''' is much more secure than ''crypt'' because it uses the Rijndael block cipher, the same encryption algorithm as AES and SSL, the algoirthms of choice for the US government and the commercial banking industry. The command line syntax for '''ccrypt''' is a bit simpler than ''openssl'' because it doesn't require the user to select an encryption algorithm or name the output file, but merely specify the direction (encrypt or decrypt). | |||
===Download=== | |||
Download the source code version of your choice at [http://ccrypt.sourceforge.net downloads] such as [http://ccrypt.sourceforge.net/download/ccrypt-1.9.tar.gz v1.9] | |||
or in a Debian distribution like Ubuntu just execute | |||
sudo apt-get install ccrypt | |||
===Examples=== | |||
To encrypt your wallet: | |||
ccrypt ~/.bitcoin/wallet.dat | |||
To decrypt the file created above: | |||
ccdecrypt ~/.bitcoin/wallet.dat.cpt | |||
or | |||
ccrypt -d ~/.bitcoin/wallet.dat.cpt | |||
===FAQ=== | ===FAQ=== | ||
[http://www. | [http://ccrypt.sourceforge.net/faq.html FAQ] | ||
===HomePage=== | |||
[http://ccrypt.sourceforge.net/ Ccrypt Project on SourceForge] | |||
===License=== | |||
[http://www.gnu.org/copyleft/gpl.html GNU General Public License.] | |||
==Tomb== | |||
===Description=== | |||
Tomb is a simple tool to manage encrypted storage on GNU/Linux. | |||
Tomb generates encrypted storage files to be opened and closed using | |||
their associated keyfiles, which are also protected with a password | |||
chosen by the user. | |||
A tomb is like a locked folder that can be safely transported and | |||
hidden in a filesystem; its keys can be kept separate, for instance | |||
keeping the tomb file on your computer harddisk and the key files on a | |||
USB stick. | |||
===HomePage=== | ===HomePage=== | ||
[http:// | [http://tomb.dyne.org Tomb - Crypto Undertaker] | ||
===Donation=== | |||
[http://dyne.org/donate Donation page] | |||
===Download=== | |||
[http://apt.dyne.org Binaries (WIP: Debian and Ubuntu)] | |||
[http://ftp.dyne.org/tomb Source] | |||
===License=== | ===License=== | ||
[http://www. | [http://www.truecrypt.org/legal/license True Crypt Open Source License.] | ||
==True Crypt== | ==True Crypt== | ||
===Description=== | ===Description=== | ||
Open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux. True Crypt creates a virtual encrypted disk within a file and mounts it as a real disk. | |||
===Documentation=== | ===Documentation=== | ||
[http://www.truecrypt.org/docs/ Documentation page.] | [http://www.truecrypt.org/docs/ Documentation page.] | ||
Line 73: | Line 128: | ||
===License=== | ===License=== | ||
[http://www.truecrypt.org/legal/license True Crypt Open Source License.] | [http://www.truecrypt.org/legal/license True Crypt Open Source License.] | ||
==xorsplit== | |||
===Description=== | |||
Open-source software for Linux. xorsplit copies a file into 3 separate | |||
backup files. Any two of the backup files are sufficient to reconstruct | |||
the original -- but any one of the files will yield at most half of | |||
the original information (the odd bytes or the even bytes). | |||
Optionally, each of the backup files can be encrypted with a password. | |||
===Home page, Download, Donation, and Documentation=== | |||
[http://www.xorsplit.com/ xorsplit.com] (Down) | |||
===License=== | |||
[http://www.xorsplit.com/xorsplit.c BSD-style Open Source License requiring | |||
that the donation address remain unchanged.] | |||
===Usage=== | |||
xorsplit file -- splits the file into file.1, file.2, and file.3 | |||
xorsplit-p file -- same, but requesting a password (no password means no encryption) | |||
xorsplit file.3 file.1 outfile -- combine file.1 and file.3 into outfile. | |||
xorsplit-p file.3 file.1 outfile -- same, after using the password to decrypt | |||
==GNU Privacy Guard== | |||
===Description=== | |||
GnuPG allows to encrypt and sign your data. | |||
===Homepage=== | |||
[http://www.gnupg.org/ gnupg.org] | |||
[[Category:Technical]] | [[Category:Technical]] | ||
[[Category:Open Source]] |
Latest revision as of 23:55, 3 July 2013
dm-crypt
Description
Dm-crypt is part of the Linux Kernel. Some distributions might not include it in their kernel configurations, however. It is a lot like TrueCrypt: it allows you to mount encrypted files or partitions and decrypt/encrypt them on-the-fly.
Manual setup
Your distro probably comes with a tool to simplify using dm-crypt (also see Tomb below). However, here is how you would manually mount a file-hosted dm-crypt volume. The hashalot tool is used to prompt you for and process your password. This is used both to create the device and access it:
losetup /dev/loop0 ~/encrypted HASH=`hashalot -s InsertSaltHere sha256 | hexdump -e '32/1 "%02x"'` echo 0 `blockdev --getsize /dev/loop0` crypt aes-cbc-essiv:sha256 \ $HASH 0 /dev/loop0 0 | dmsetup create dmDevice mount /dev/mapper/dmDevice /mnt/encrypted
- Losetup makes the container file (~/encrypted in this case) act like a device.
- The hashalot command prompts you for a password and then hashes it, adding the specified salt. The salt should be random, but it mustn't change.
- The hexdump command puts the binary hashalot output into the format required for dm-crypt
- Dm-crypt is set up on the /dev/loop0 device created by losetup. It uses the password hash created previously. The aes-cbc-essiv:sha256 encryption method is secure, though probably not as secure as Truecrypt's XTS method, which does not appear to be available in official kernel releases as far as I can tell. The dm-crypt device is created as /dev/mapper/dmDevice in this example.
- The device is mounted. Before you do this for the first time, you need to run mke2fs. If you ever enter the wrong password, the device will appear to contain random data and attempting to mount it will fail.
eCryptfs
Description
eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux.
Download
Latest source link on right side of page.
Examples
Examples can be found in Damien Oh's article How To Encrypt Files in Linux with eCryptfs.
FAQ
HomePage
eCryptfs - Enterprise Cryptographic Filesystem
License
OpenSSL
Description
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
Donation
Download
Examples
Based on Grondilu's post, to encrypt the wallet, from a terminal in the bitcoin parent directory, type:
openssl enc -aes256 -in ./.bitcoin/wallet.dat -out wallet.aes256
From Paul Heinlein's openssl command line how to, to decode, add the '-d' option, set the '-in' option to the output file name, to type:
openssl enc -d -aes256 -in wallet.aes256 -out wallet.dat
There is a small shell script that automates the whole process of 1) decrypting wallet 2) launching Bitcoin 3) encrypting the wallet afterwards and cleaning up the unencrypted bits. bitcoin-launch-script
CCrypt
Description
CCrypt is a linux command-line utility by Peter Selinger[1] that replaces the Unix crypt command. CCrypt is much more secure than crypt because it uses the Rijndael block cipher, the same encryption algorithm as AES and SSL, the algoirthms of choice for the US government and the commercial banking industry. The command line syntax for ccrypt is a bit simpler than openssl because it doesn't require the user to select an encryption algorithm or name the output file, but merely specify the direction (encrypt or decrypt).
Download
Download the source code version of your choice at downloads such as v1.9
or in a Debian distribution like Ubuntu just execute
sudo apt-get install ccrypt
Examples
To encrypt your wallet:
ccrypt ~/.bitcoin/wallet.dat
To decrypt the file created above:
ccdecrypt ~/.bitcoin/wallet.dat.cpt
or
ccrypt -d ~/.bitcoin/wallet.dat.cpt
FAQ
HomePage
License
Tomb
Description
Tomb is a simple tool to manage encrypted storage on GNU/Linux.
Tomb generates encrypted storage files to be opened and closed using their associated keyfiles, which are also protected with a password chosen by the user.
A tomb is like a locked folder that can be safely transported and hidden in a filesystem; its keys can be kept separate, for instance keeping the tomb file on your computer harddisk and the key files on a USB stick.
HomePage
Donation
Download
Binaries (WIP: Debian and Ubuntu)
License
True Crypt Open Source License.
True Crypt
Description
Open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux. True Crypt creates a virtual encrypted disk within a file and mounts it as a real disk.
Documentation
Donation
Download
FAQ
HomePage
License
True Crypt Open Source License.
xorsplit
Description
Open-source software for Linux. xorsplit copies a file into 3 separate backup files. Any two of the backup files are sufficient to reconstruct the original -- but any one of the files will yield at most half of the original information (the odd bytes or the even bytes).
Optionally, each of the backup files can be encrypted with a password.
Home page, Download, Donation, and Documentation
xorsplit.com (Down)
License
[http://www.xorsplit.com/xorsplit.c BSD-style Open Source License requiring that the donation address remain unchanged.]
Usage
xorsplit file -- splits the file into file.1, file.2, and file.3
xorsplit-p file -- same, but requesting a password (no password means no encryption)
xorsplit file.3 file.1 outfile -- combine file.1 and file.3 into outfile.
xorsplit-p file.3 file.1 outfile -- same, after using the password to decrypt
GNU Privacy Guard
Description
GnuPG allows to encrypt and sign your data.