On Tue, Apr 07, 2009 at 06:17:56PM -0400, H.S. wrote: > Douglas A. Tutty wrote: > > On Tue, Apr 07, 2009 at 05:46:31PM -0400, H.S. wrote: > >> Douglas A. Tutty wrote: > >>> Where does it hold the decrypted data? Does it stay in RAM, does it get > >>> swapped, does it go to a scratch file? > >> This might help: > >> http://www.easypg.org/ > > > > yea, it looks like it can leak info. > > I am just starting to play around with the two tools (gnupg.vim and > easypg). You appear to already know about vim and have pointed out a > possible problem with easypg. Does this problem not exist in the vim plugin?
I don't use the vim plugin. I currently have encrypted swap, with /tmp on tmpfs (so /tmp is encrypted), and have /home encrypted too. On boxes where /home isn't encrypted, I still have swap and /tmp encrypted. To decrypt a file without leaking info (other than that ram itself isn't encrypted, but that's another kettle of fish), I pipe the file through openssl and point the output to somewhere in $TMP. Example: In /etc/pam.d/common-session, I have: session optional pam_tmpdir.so which gives a $TMP of /tmp/user/1000 $ cat /proc/swaps: Filename Type Size Used Priority /dev/mapper/sda2_crypt partition 979956 0 -1 $ mount | grep -i /tmp /dev/mapper/sdb1_crypt on /var/tmp type ext3 (rw,data=journal) tmpfs on /tmp type tmpfs (rw,size=500m) Encryption/decryption is done with OpenSSL's enc To encrypt: openssl aes-256-cbc -a -e -salt -in file -out file.aes To decrypt: openssl aes-256-cbc -a -d -salt -in file.aes -out file All I need to do to keep unencrypted data off an unencrypted /home (or USB stick, whatever), is to ensure that the output of decrypt only goes to /tmp (or additionally in my case, /var/tmp). I can then edit the file, do whatever I want (as long as the software doesn't itself leak info), then re-encrypt the file putting the encrypted file whereever I like. There are a limited number of place where a piece of software can leak info: 1. to /tmp: Its encrypted 2. to /var/tmp: Its encrypted 3. to somewhere on ~/ I have /home encrypted 4. left in swap its encrypted 5. in a core dump after a crash: use ulimit (see man bash) to limit core dump size to 0 Of course, the uncrypted data is in memory, so anything that can read any memory segment can read your data. I hope that this helps in your considerations. Doug. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org