Re: Editing and storing encrypted files
Wouter Hanegraaff wrote: Convert all text to encrypted text before writing autocmd BufWritePre,FileWritePre*.gpg '[,']!gpg -e -r Wouter 2 /dev/null Or slightly more portable, s/-r Wouter/--default-recipient-self/ I like to add a -a too, YMMV. Nice hack to avoid the temp files, BTW. :-) -- see shy jo
Re: Editing and storing encrypted files
On Wed, Sep 06, 2000 at 11:17:40PM +0200, Philipp Schulte wrote: On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote: Hi, I have some files that I would like to store encrypted. Of course I can just type them in, encrypt them using gpg and delete the original, but that seems to be a bit of a kludge. It would mean the file is at some time readable unencrypted (after saving in the editor), and forgetting to turn off the backup file option in the editor when changing the file. I solved this problem with a little script: #!/bin/bash gpg .dev.gpg /dev/null emacs .dev rm .dev.gpg gpg -r Philipp Schulte -e .dev rm .dev rm .dev~ a nicer way of doing this would be to write a defun in emacs my-load-file so - it loads a file into a buffer - if the file has certain traits that encrypted files do (ie: GPG headers) pipe it through gpg file (mailcrypt does this nicely). and also write my-save-file which does the opposite - and maybe we keep track of what files have to be encrypted. C-x C-f calls my-load-file C-x C-s calls my-save-file of course emacs needs to be patches to only put its temp files in an encrypted loopback and we index them so we know where they are related. peter 'darkewolf' crystal -- email : [EMAIL PROTECTED] || [EMAIL PROTECTED] || [EMAIL PROTECTED] url : http://cyberpunks.org/darke/homepage.phtml url : http://netverse.sourceforge.net/ url : http://walledcity.sourceforge.net/ gpg key : http://cyberpunks.org/keys/darke_gpg.asc Programming , Webdesign, AI theory, Paranoia, System Administration, Network Design, Problem Solutions A disciple of another sect once came to Drescher as he was eating his morning meal. I would like to give you this personality test, said the outsider, because I want you to be happy. Drescher took the paper that was offered him and put it into the toaster, saying: I wish the toaster to be happy, too.
Re: Editing and storing encrypted files
Wouter Hanegraaff wrote: Hi, I have some files that I would like to store encrypted. Of course I can just type them in, encrypt them using gpg and delete the original, but that seems to be a bit of a kludge. It would mean the file is at some time readable unencrypted (after saving in the editor), and forgetting to turn off the backup file option in the editor when changing the file. There must be better solutions, but I can't seem to find them. What I would like to have is an editor that has built-in encryption or gpg integration, and the option not to store any non-encrypted data on disk or on the clipboard. Is something like this available? Try seahorse package. You can decrypt from file to text editor, edit text, then encrypt it back into file. I use it like this. -- Ondřej Surý [EMAIL PROTECTED] Globe Internet s.r.o.http://globe.cz/ Tel: +420235365000 Fax: +420235365009 Pláničkova 1, 162 00 Praha 6 Mob: +420602667702 ICQ: 24944126 Mapa: http://globe.namape.cz/ NAJDI.TO http://najdi.to/Chief Administrator and Developer.
Re: Editing and storing encrypted files
* Wouter Hanegraaff | Is something like this available? $apt-cache show crypt++el Package: crypt++el Version: 2.87-2 Priority: extra Section: editors Maintainer: Christoph Martin [EMAIL PROTECTED] Depends: emacsen Recommends: mailcrypt Architecture: all FileName: dists/potato/main/binary-all/editors/crypt++el_2.87-2.deb Size: 35832 Installed-Size: 143 MD5sum: 5d1a32288c1012f7de8ca8d02bf00522 Description: Emacs-Lisp Code for handling compressed and encrypted files Code for handling all sorts of compressed and encrypted files like: .gz, .tar.gz, .Z, .zip, PGP etc. -- Tollef Fog Heen Unix _IS_ user friendly... It's just selective about who its friends are.
Re: Editing and storing encrypted files
Thanks all for the overwhelming response! I'll probably try cfs in the near future, as it seems a nice and elegant solution and it was recommended by a lot of people. But for a quick start, I'll use the vim auto commands, because I'm already used to vim and because it was so easy to setup (similar to editing gzip'd files (:help gzip-example in vim)). Thanks a lot!! Wouter
Re: Editing and storing encrypted files
Hello. I've played a bit with autocommands in vim (the first time ever I looked at them), and came up with this (shamelessly stolen from the default vimrc, there it handles *.bz2): augroup encrypted au! autocmd BufReadPre,FileReadPre*.gpg set bin autocmd BufReadPre,FileReadPre*.gpg let ch_save = ch|set ch=2 autocmd BufReadPost,FileReadPost *.gpg '[,']!gpg --decrypt 2 /dev/null autocmd BufReadPost,FileReadPost *.gpg set nobin autocmd BufReadPost,FileReadPost *.gpg let ch = ch_save|unlet ch_save autocmd BufReadPost,FileReadPost *.gpg execute :doautocmd BufReadPost . expand(%:r) autocmd BufWritePre,FileWritePre*.gpg '[,']!gpg --encrypt 2 /dev/null augroup END It seems to work for me, and the .swp file is _encrypted_, no need to disable them. Could somebody more familiar with vim than me please tell me (us) wheter this writes anything unencrypted onto disk? If not, shall I file a wishlist bug against vim-rt to include this? ciao, 2ri -- Note that there are two possible orientations of the log. If the end with the larger diameter is facing downstream, the log is said to be big-endian; otherwise, it is little-endian. -- Philip Willoughby [EMAIL PROTECTED] on Segfault.org
Re: Editing and storing encrypted files
Wouter Hanegraaff schrieb: Is something like this available? Yes vi. ;) Type what you want, then enter this in command mode: :%! gpg -ea The whole buffer is piped through gpg and encryptet to self (assuming you encrypt to self per default) and does ascii armoring (you don't need to do this). Now you can save that buffer without having written anything to disk. You should probably check first wether your vi clone writes swap files. One way to to solve the swap file problem for vim would be to disable them if editing a file with a extension like .gpg, and when we are at it we could make the above gpg command part of the saving hook. Then you would just start vi like this: vi password.gpg, write something and save it, and vi calls gpg to encrypt stuff before he saves it. Hmm, need to do this now ... ciao, 2ri -- Note that there are two possible orientations of the log. If the end with the larger diameter is facing downstream, the log is said to be big-endian; otherwise, it is little-endian. -- Philip Willoughby [EMAIL PROTECTED] on Segfault.org
Re: Editing and storing encrypted files
On Thu, 07 Sep 2000, Arthur Korn wrote: Could somebody more familiar with vim than me please tell me (us) wheter this writes anything unencrypted onto disk? If not, shall I file a wishlist bug against vim-rt to include this? Is your swap file (not VIM's, the OS') in an encripted partition? Otherwise, unless VIM locks memory (like gnupg running suid root will try to and warn you if it fails to) you could end up with sensitive data in the swap file. A quick solution is to disable swapping first (but be sure to have enough RAM :-) ). Also, unless VIM was written in a rather secure way (gnupg was), it could easily leave sensitive data in RAM when it exits. I know of no easy solution to this problem. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpbhLYMQS3fj.pgp Description: PGP signature
Re: Editing and storing encrypted files
On Thu, Sep 07, 2000 at 06:11:28PM +0200, Arthur Korn wrote: It seems to work for me, and the .swp file is _encrypted_, no need to disable them. The .swp file is definitely not encrypted. Worse, it's not possible to disable using a swapfile when a vim session is already started: :set uc=0 as described in the manual, does not work: $ strings .swp b0VIM 5.6 wouter daria U3210#! bla blie boe And this is after I opened a new vim session and set uc=0. And of course after I typed bla blie boe. Wouter
Re: Editing and storing encrypted files
On Thu, Sep 07, 2000 at 07:19:11PM +0200, Wouter Hanegraaff wrote: On Thu, Sep 07, 2000 at 06:11:28PM +0200, Arthur Korn wrote: It seems to work for me, and the .swp file is _encrypted_, no need to disable them. The .swp file is definitely not encrypted. Worse, it's not possible to disable using a swapfile when a vim session is already started: Well, it _is_ possible to disable a swapfile, just not with :set uc=0 as indicated in the manpage, but with :set noswapfile. After some tweaking with the autocommands, the following vimrc snippet seems to work ok for me without creating unencrypted swap-, backup- or tempfiles on disk. Have fun, Wouter augroup encrypted au! First make sure nothing is written to ~/.viminfo while editing an encrypted file. autocmd BufReadPre,FileReadPre *.gpg set viminfo= We don't want a swap file, as it writes unencrypted data to disk autocmd BufReadPre,FileReadPre *.gpg set noswapfile Switch to binary mode to read the encrypted file autocmd BufReadPre,FileReadPre *.gpg set bin autocmd BufReadPre,FileReadPre *.gpg let ch_save = ch|set ch=2 autocmd BufReadPost,FileReadPost*.gpg '[,']!gpg --decrypt 2 /dev/null Switch to normal mode for editing autocmd BufReadPost,FileReadPost*.gpg set nobin autocmd BufReadPost,FileReadPost*.gpg let ch = ch_save|unlet ch_save autocmd BufReadPost,FileReadPost*.gpg execute :doautocmd BufReadPost . expand(%:r) Convert all text to encrypted text before writing autocmd BufWritePre,FileWritePre*.gpg '[,']!gpg -e -r Wouter 2 /dev/null Undo the encryption so we are back in the normal text, directly after the file has been written. autocmd BufWritePost,FileWritePost*.gpg u augroup END
Editing and storing encrypted files
Hi, I have some files that I would like to store encrypted. Of course I can just type them in, encrypt them using gpg and delete the original, but that seems to be a bit of a kludge. It would mean the file is at some time readable unencrypted (after saving in the editor), and forgetting to turn off the backup file option in the editor when changing the file. There must be better solutions, but I can't seem to find them. What I would like to have is an editor that has built-in encryption or gpg integration, and the option not to store any non-encrypted data on disk or on the clipboard. Is something like this available? Wouter
Re: Editing and storing encrypted files
On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote: Hi, I have some files that I would like to store encrypted. Of course I can just type them in, encrypt them using gpg and delete the original, but that seems to be a bit of a kludge. It would mean the file is at some time readable unencrypted (after saving in the editor), and forgetting to turn off the backup file option in the editor when changing the file. I solved this problem with a little script: #!/bin/bash gpg .dev.gpg /dev/null emacs .dev rm .dev.gpg gpg -r Philipp Schulte -e .dev rm .dev rm .dev~ .dev is my encrypted file. Phil
Re: Editing and storing encrypted files
On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote: Hi, I have some files that I would like to store encrypted. Of course I can just type them in, encrypt them using gpg and delete the original, but that seems to be a bit of a kludge. It would mean the file is at some time readable unencrypted (after saving in the editor), and forgetting to turn off the backup file option in the editor when changing the file. There must be better solutions, but I can't seem to find them. What I would like to have is an editor that has built-in encryption or gpg integration, and the option not to store any non-encrypted data on disk or on the clipboard. Is something like this available? There are several possibilities. A great deal depends on your threat model: What are you trying to protect against? It sounds like you're worried about someone searching your raw disk and recovering data. For that, you probably want to encrypt entire partitions, and also make sure swap and /tmp are protected. There's good discussion and several possibilities listed in the Encryption-HOWTO: (http://fachschaft.physik.uni-bielefeld.de/leute/marc/Encryption-HOWTO/Encryption-HOWTO.html) I personally would be tempted to use Matt Blaze's CFS (ftp://research.att.com/dist/mab/cfs.announce), but I actually store all of my sensitive files on a separate secured machine. (no network daemons, etc.) If you have more extreme secrecy needs, you might want to look into duress filesystems or steganographic file storage. Those are only really useful if you might need to plausibly deny that you had the encrypted files at all. I'm also not aware of any available implementations. Jon Leonard
Re: Editing and storing encrypted files
On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote: Hi, I have some files that I would like to store encrypted. Of course I can just type them in, encrypt them using gpg and delete the original, but that seems to be a bit of a kludge. It would mean the file is at some time readable unencrypted (after saving in the editor), and forgetting to turn off the backup file option in the editor when changing the file. Correct. There must be better solutions, but I can't seem to find them. What I would like to have is an editor that has built-in encryption or gpg integration, and the option not to store any non-encrypted data on disk or on the clipboard. Is something like this available? Have you considered using an encrypted filesystem? The advantage to this is that the blocks are encrypted on the filesystem then decrypted on the fly. From the TCFS FAQ: TCFS is a Transparent Cryptographic File System that is a suitable solution to the problem of privacy for distributed file system. By a deeper integration between the encryption service and the file system, it results in a complete transparency of use to the user applications. Files are stored in encrypted form and are decrypted before they are read. The encryption/decryption process takes place on the client machine and thus the encryption/decryption key never travels on the network. Since the encryption/decryption is done on the fly for the person holding the key for the encrypted mount, privacy would be enhanced. Basically TCFS and similar encrypted filesystems are NFS-like, so as long as the directory from which you are editing the file within should be encrypted. The downside to this is that drive access will be considerably slower. -- --Brad Bradley M. Alexander, CISSP | Co-Chairman, Beowulf System Admin/Security Specialist |NoVALUG/DCLUG Security SIG Winstar Telecom | [EMAIL PROTECTED] (703) 889-1049 | [EMAIL PROTECTED] I have a firm grasp on reality. Now I can strangle it.
Re: Editing and storing encrypted files
On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote: I have some files that I would like to store encrypted. Of course I can See also PPDD: http://linux01.gwdg.de/~alatham/ppdd.html
Re: Editing and storing encrypted files
how about encrypted loopback? just need the crypto/int'l patch for the kernel. no other software. but then again it doesn't use gpg there's a howto for it on linuxdoc.org. herb On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote: Hi, I have some files that I would like to store encrypted. Of course I can just type them in, encrypt them using gpg and delete the original, but that seems to be a bit of a kludge. It would mean the file is at some time readable unencrypted (after saving in the editor), and forgetting to turn off the backup file option in the editor when changing the file. There must be better solutions, but I can't seem to find them. What I would like to have is an editor that has built-in encryption or gpg integration, and the option not to store any non-encrypted data on disk or on the clipboard. Is something like this available? Wouter -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: Editing and storing encrypted files
Wouter Hanegraaff wrote: I have some files that I would like to store encrypted. Of course I can just type them in, encrypt them using gpg and delete the original, but that seems to be a bit of a kludge. It would mean the file is at some time readable unencrypted (after saving in the editor), and forgetting to turn off the backup file option in the editor when changing the file. There must be better solutions, but I can't seem to find them. What I would like to have is an editor that has built-in encryption or gpg integration, and the option not to store any non-encrypted data on disk or on the clipboard. Is something like this available? Use cfs (Cryptographic File System) to store the unencrypted files in. cfs maps an ordinary directory containing encrypted files to a pseudo-partition that is only available to the user who owns it; he has to enter a pass phrase to get access. Files are encrypted before they are written to the filesystem. Even their names are encrypted. -- Oliver Elphick[EMAIL PROTECTED] Isle of Wight http://www.lfix.co.uk/oliver PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47 GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C Behold, I stand at the door, and knock; if any man hear my voice, and open the door, I will come in to him, and will sup with him, and he with me. Revelation 3:20
