I use AxCrypt for my USB FOB on windows. Just double-click a file, enter a passphrase (which I make fairly long) and the file decrypts temporarily while open. Dunno if there is a version for linux or not.
- Alex -----Original Message----- From: Andrew Cowie [mailto:[EMAIL PROTECTED] Sent: Saturday, March 05, 2005 9:58 PM To: gentoo-user Subject: Re: [gentoo-user] [OT] Securing files in a USB stick On Thu, 2005-03-03 at 17:54 +0100, Jose Gonzalez Gomez wrote: > > > I would like to put some sensitive information in my USB stick, so > > > I can take it with me (ssh private keys, I had the same issue. I travel a *lot*, and so sooner or later a hard drive will die, or a laptop will get stolen, or... So I carry (wear around my neck) a USB key. Whenever I've done more than a few lines of work on something, I just simple copy it onto the usbkey - a draft document, some source code - no big deal. But corporate documents, my archive of presentations, my web site code and source code-in-progress, taken together, that certainly needs to be encrypted. > > Use GPG and encrypt the files. So a few months ago, I wrote something to make tarballs of important hierarchies in my home directory and then sign/encrypt them, and then push them to { usbkey | remote server }. I just use standard GPG encryption with myself as the recipient. That, of course, implies I have my private key to decrypt those tarballs... > I've been reading a bit about GPG (I haven't used it before) and it > seems ... only difference between them seem to be that GPG trust is > based on a decentralized web of trust [ remember that trust is irrelevant if you are using asymmetric encryption when "sending" something to yourself - you by definition have the private half of the your own key pair. (In GPG terms, that's "ultimate trust") ] > I guess in this case I should include the private key as a unencrypted > file in my USB stick and protect it with a good password, as it will > be used whenever I need to decrypt any file. Am I right? Even more important than all the documents and what-not are my ssh keys and pgp keys + trustdb. Naturally, if I'm storing those against the possibility of loosing my machine (naturally causes or otherwise), using asymmetric encryption is no good because I wouldn't have the private key available to recover the data! So, as suggested elsewhere in this thread, I store the private crypto information in a separate tarball which I encrypt using gpg's symmetric facility. ++ Naturally, a script to do all this is a natural idea. Well, I wrote one, and it got out of hand. :) You're welcome to use it. It's called "geode". http://www.operationaldynamics.com/reference/software/scripts/#geode [You'll need to customize it a bit, as it's obviously specific to my paths and usage cases] If nothing else it's a good example of how to use some of the more obscure gpg options. It's also a good example of how to use zenity (a little command line front-end for creating GTK dialog boxes). I used it to ask for the pass phrases and to pop up a progress bar of how far it has worked through the .tar.bz2 creation. AfC Sydney -- Andrew Frederick Cowie Managing Director OPERATIONAL DYNAMICS A management consultancy in the IT Operations space. We are available worldwide and specialize in technology strategy, changes & upgrades, enterprise architecture, and performance improvement for mission critical systems & the people who run them. Sydney: +61 2 9977 6866 New York: +1 646 472 5054 Toronto: +1 416 848 6072 London: +44 207 1019201 http://www.operationaldynamics.com/ -- gentoo-user@gentoo.org mailing list
