This whole thread is a bit, well cause to ponder ..., and beef a little ...
On Fri, Aug 5, 2022 at 2:40 AM Uwe Brauer via Gnupg-users <gnupg-users@gnupg.org> wrote: > > Hi > > I apologize for this message that can be a bit off topic. > (I am on Ubuntu 16.04) (Running off to see how much longer that's going to be supported.) > How can I find say encrypted files in my home directory? You have encrypted files you aren't tracking? That's a good way to lose data or whatever was in them. > The idea is to > use some magic command together with the find command. > I know Magic seems to me to be opposed to the purpose of encryption, but I guess if that's what you want that's what you want. > 1. The file command will return for example for a gpg encrypted file > file .authinfo.gpg > .authinfo.gpg: PGP RSA encrypted > > 2. However for X509 file I obtain > file test.p12 > file.p12: data > > 3. I could use the ent command which measure the entropy, high > entropy is an indication of encryption (but jpg have also high > entropy). However I should then study the distribution of each > letter to be sure. As has been pointed out, entropy is orthogonal to the question of encryption. > So is there any other way to run find and some other script to find > suspicious files? Google is not really helpful Suspicious files? Oh. Okay, you or somebody you know has been sloppy and wants to recover. As you should note from the responses so far, there is no magic solution. Figure out what is important on the compromised system and work from there. It used to be a lot simpler, and I could give you a list of steps to go through, but these days you have to think about compromised BIOS and compromised media and I/O controllers and such. And the system with the symptoms is quite possibly not the only compromised system on your network. Which I guess may be why you are hoping for magic. Still, powering the system down, looking for other compromised systems on the network, removing the media and taking a raw image, deciding what's important on the compromised media and what can just be thrown away, etc. Deciding what's important is an essential step, because you won't know how to go looking for it if you don't know what you're looking for. And everything else just has to be tossed -- physically discarded. Unless you're willing to play craps, in which case, you might consider paying the people who (hopefully) know where they hid stuff -- although I'd hope you would first consider contacting your local police or whoever you trust to be able to help, and volunteer to cooperate in using your data as a trap to catch the miscreants. -- Joel Rees http://reiisi.blogspot.jp/p/novels-i-am-writing.html _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users