Program(s) for encrypting a folder in Trisquel
Dear Experts,
Is there a program or application for Trisquel that allows the user to create a folder or volume or virtual drive on the computer that requires password for accessing the files in that folder?
Thanks
I am a member!
You can try tomb. It is not in the repositories but you can get it here: http://www.dyne.org/software/tomb/
It is part of dyne:bolic GNU/Linux so it should be free software. With it, you can make an encrypted folder that you can easily copy and paste to any medium you choose. It uses a password and keys for decrypting, so you can keep your keys separate from your crypted folders which increases security. It's CLI only, but it is easy to use.
Hope this helps.
I am a member!
I don't know what you are trying to protect although you may be better off with whole disk encryption. Folder encryption does not protect you from others discovering what is contained within the folder. It only protects the contents of the files. Or in other words the file names are not well protected. Even there it has severe limits as your system is leaking lots of data all over the place about your activities and files when you open them. Temporary files are created and stored on the drive. These files can later be looked at and the contents of the encrypted files partially revealed. I've also found the folder encryption to be problematic and difficult to support on GNU/Linux. There is a lack of good documentation on recovering for instance. There may be people here more knowledgeable though. I have not put significant effort into uncovering the solution. But that is largely because it has been buggy. Those who have used it have found this out quickly so recovering said data hasn't been worth the time and effort to do more research.
I did indeed encrypt the whole disk. But I am trying to password protect access to multiple files of different types (text files, pdf, spreadsheets, etc.) that contain sensitive information. That's in case I am logged in and someone uses my computer. This happens occasionally. With Windows, from which I am trying to move away, I used a paid program that created a file (up to about 250GB I think) that it called a volume. Once you open the file with password, a new drive appears on your computer with folders and files in it. And you can just paste or drag files in there.
Tomb itself will work perfectly for your use case since it does not encrypt a folder itself but uses an encrypted file which is mounted via loopback as folder somewhere in your directory tree. You can even configure where Tomb automagically mounts your tomb files (e.g. ~/Documents)
A completely different approach: Create a new user account and select to encrypt this user's home directory. Don't actually log in as this user but put your "very private files" under its home directory. The password for this user will be the password for your directory. You can access the files from your session if you temporarily switch to that user.
But as has been said before, locking the screen will perhaps be the best solution. If you want someone else let to use your computer, make her an account. I have an unprivileged guest account on my laptop and when somebody asks me whether they can quickly use my laptop, I log in as that user for them. You can have multiple users logged in at the same time, so you don't even have to close the documents you had open when they asked you.
I like what Tomb is supposed to be able to do, but unfortunately I did not manage to install it. I will use the method suggested by 5gon12eder above - create another user account. Is there a way for me access that other user's files without logging out? I don't see the files in the home folder of that second user when I am logged in as the 1st user.
Yeah, just become root. An easy way to do that is to launch the file manager, e.g. on GNOME:
sudo nautilus
If you do it frequently enough, you could create a launcher that does this, but change "sudo" to "gksudo":
gksudo nautilus
I think there's also a better way to do this (i.e. I think you can set your account to be able to access that other account's files without root priveleges), but I don't know how.
While root certainly can do it, this would be overkill and a security hazard. Just become that other user.
$ su username Password: ****** $ cd ~ # edit files... $ exit
Unfortunately, this doesn't work for X. I think this can be done somehow, but I don't know how…
Of course you can set the permissions of that other user's home directory such that you can read / write it without doing anything, but what is the security gain, then?
I run these commands in the terminal but I don't see any of the files in the home directory of the 2nd user. And I don't know what you mean by "doesn't work for X".
Thanks!
Next I will respond to the question about how my installation of Tomb failed.
Are you sure you were looking in the correct directory? How did you put the files in the other user's home directory?
Just to be sure: with username, I mean the name of the "secret" user, not yours.
What I wanted to say is that you cannot run X applications (ie with graphical user interfaces) like that
$ su username Password: ****** $ nautilus $HOME No protocol specified Could not parse arguments: Cannot open display: ...
And unfortunately, I think this is what you ultimately want to do. It could be done via SSH but I don't think you want to install an SSH server.
I am a member!
About tomb:
What went wrong in the installation? Could you add the dyne repository properly? Link: http://apt.dyne.org/
This repository can be found from the tomb's main page of which I gave you the link to in my previous post. Just add the "ubuntu" repo since Trisquel is based on ubuntu.
After adding the repo, just run:
sudo apt-get install tomb
I can't remember the steps when I tried to install Tomb before, so I just tried installing again and got this:
user@user-Latitude-D830:~$ sudo apt-get install tomb
Reading package lists... Done
Building dependency tree
Reading state information... Done
tomb is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
So sounds like it is already installed. So I run
$ tomb-open
but I got this:
[!] Cannot find cryptsetup. Please install it.
So I run:
sudo apt-get install cryptsetup
Reading package lists... Done
Building dependency tree
Reading state information... Done
cryptsetup is already the newest version.
cryptsetup set to manually installed.
So then I try to run Tomb:
tomb-open
but again I get:
[!] Cannot find cryptsetup. Please install it.
So I don't know what I can try next...
Considering I can't even install Tomb, I wonder if I'll be capable of running it once I do install it...
Thanks for your help!
I am a member!
I think you have installed tomb, but you need to use it with sudo. Try:
$ sudo tomb open
Note that it is "tomb open" not "tomb-open".
The command
sudo tomb open
gives me this:
[*] Commanded to open tomb
[!] You have swap activated; use --ignore-swap if you want to skip this check
. Using encryption with swap activated is very bad, because some files, or even your secret key, could be written on hard disk.
. However, it could be that your swap is encrypted. If this is case, this is ok. Then, use --ignore-swap to skip this check
. You seem to be using 2 swaps:
/dev/zram0 partition 1030428 0 100
/dev/dm-0 partition 2006012 0 -1
Not sure if my swap is encrypted... So I type
--ignore-swap
but this doesn't do anything:
bash: --ignore-swap: command not found
I give up on trying to run Tomb... Do I just removed it with sudo apt-get remove tomb. I might try ot again one day when I am an expert or when they make it easier to install and run.
Thanks
It looks like your swap is encrypted. /dev/zram0 usually is the name for a virtual swap partition that isn't even written to disk so that's okay. /dev/dm-0 sounds much like the device mapper file of an encrypted partition. If I'm not terribly wrong, this is Trisquel's default setup. Check out /etc/crypttab to be sure. It should have a line
dm-0 /dev/sda3 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,loud
or so.
I never used tomb but --ignore-swap should be an option for it. So instead of doing
$ --ignore-swap
rather try
$ sudo tomb open --ignore-swap
GNU/Linux commands almost never begin with a dash, it is reserved for options.
I am a member!
I forgot to mention the --ignore-swap option, sorry. From tomb's man page:
By default, Tomb will abort any create and open operation if swap is used (see SWAP section for details). This flag will disable this behaviour. NOTE: it is not secure to do so, unless you know that your swap is encrypted.
So you should read the man page first (when you have installed tomb):
$ man tomb
Then you know what to do. After reading it myself again, I realized I have made quite a few mistakes in my previous posts. The command to start the interactive tomb creation mode is:
$ sudo tomb-open
(Yes, it is "tomb-open") After creating a tomb, a key and password for it, you can open the tomb like this:
$ sudo tomb open --ignore-swap -k /path/to/your/key /path/to/your/tomb-file
(Yes, now it is "tomb open")
--ignore-swap option is mandatory if you have a swap partition.
-k option specifies the location of the key.
Again, sorry for giving you false instructions. I hope this helps. Remember that creating a tomb can take some time even if you are creating a small one. Please, give tomb a second try and don't let my mistakes hinder you.
Happy Hacking.
I am a member!
1. Check encfs and his GUI cryptkeeper, it does just that, it encrypts the content of a directory, the downside if you will, is that even thou the folder names and file names within that encrypted folder are encrypted one can still see their size.
2. Fill with zero's a file of your needed size and create a luks partition within it, the downside would be that it will take space on your disk and that you need to be root to mount it, one upside would be that once encrypted you can archive it (zip) and the size of the archive will only be the size of you files and not the hole volume (10GiB volume and 2 GiB files = 2GiB archive).
If this interests you I described the procedure here.
Happy hacking !
Thanks teodorescup. I installed cryptkeeper. Where do I find it though? I looked under Accessories, Games, Internet, Office, etc. It is not near the clock in the bottom right of the screen either. In Windows and in Ubuntu I know where to find newly installed programs, but it doesn't seem to work that way in Trisquel... Is the only way to start cryptkeeper somehow through the terminal?
Thanks!
I understand from this site: http://www.ghacks.net/2009/09/27/add-cryptkeeper-for-on-the-fly-encrypted-folders-in-linux/ that an icon (an image of a key) is supposed to appear in the tray. It doesn't. I installed Crpyptkeeper through Trisquel's own Add/Remove Programs option, so it must be installed correctly.
Thanks everyone! Now both Tomb and Cryptkeeper are both installed and running. I appreciate everyone's help. Now I will try to learn how to use them.