Just thought I'd let you all know. The upcoming reiserfs4 will include "Encryption On Commit". This does approximately what I described below, but not on a fs image, but on single files withing the filesystem. The encryption is done through plugins to reiser.
The current schedule puts its release in june 2003. Kind regards Guy On Fri, 2002-12-13 at 16:52, Jack Coates wrote: > On Fri, 2002-12-13 at 07:30, Guy Van Sanden wrote: > > Hello everyone > > > > I've been looking arround for a way to use a PGP(/GPG) encrypted disk > > image on Linux. PGPdisk seems to provide it for windows (although the > > fact that the underlying OS is insecure neutralises the security). > > > > What I have in mind is a disk image with a filesystem on it that > > provides on the fly encryption with gnupg. > > That part is easy, but it should be mounted without decrypting it to > > disk first (avoiding a vulnerable copy that can be recovered). > > > > If your system has been compromised to the level that an attacker can > read an encrypted or decrpyted disk image in your home directory, then > that attacker is just as capable of reading your key ring. Getting the > passphrase is a mite tougher, but hardly impossible -- in fact, given > the timeout mentioned below it's somewhat likely that the passphrase > will be in .bash_history because your going to be typing it all the > time. Get a slow prompt or the wrong xterm, whoops! Of course, since the > attacker has shell with root or your privileges, they can easily run a > keyboard sniffer on your session. .bash_history will certainly provide a > lovely list of the files that you're using most frequently from the > encrypted area. > > > let's say that I have an image called /home/gvs/safe.imgpg. > > It should be mounted with something like 'mount -t gpg_img > > /home/gvs/safe.imgpg /home/gvs/safe, where you put your passphrase in. > > > > The trick is that the image should never be fully decrypted, if the > > system is powered off without unmounting, the image should remain > > encrypted. > > Using OpenPGP for the encryption has the advantage over other encrypted > > filesystems that you need both the private key and the passphrase to > > decrypt it, which makes it safe to transport it over insecure channels > > (like ftp). > > > > Maybe some option can be added, setting a timeout for the passphrase > > (next access needs it to be re-entered). > > > > Has anyone ever heard of something like this? > > Or any ideas how exactly this can be pieced together with existing > > programs? > > > > Have a look at http://www.kerneli.org for the basic tools, but it looks > to me like they've taken down their crypto-filesystem howto, at least > partially because of the argument above IIRC. The problem is the same on > Unix as on Windows -- you're trying to secure something while you're > using it. -- Guy Van Sanden <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part