Re: [gentoo-user] executing a file on a usb thumb drive
Dale, On Monday, 2020-03-23 05:50:14 -0500, you wrote: > ... > ># cat /etc/sudoers | grep crypt > ># > > I wonder if this is a version issue. When I was googling for this, it > was claimed this was a recent change. That's my recollection anyway. > I'm using version veracrypt-1.24_p2. Me too :-) Sincerely, Rainer
Re: [gentoo-user] executing a file on a usb thumb drive
Dr Rainer Woitok wrote: > Dale, > > On Sunday, 2020-03-22 04:34:54 -0500, you wrote: > >> ... >> I wanted to post a couple things for future reference. First, it seems >> this thing requires sudo to work. Add the executable to the sudo file >> thingy. > I didn't do this, and it works anyway: > ># cat /etc/sudoers | grep crypt ># > I wonder if this is a version issue. When I was googling for this, it was claimed this was a recent change. That's my recollection anyway. I'm using version veracrypt-1.24_p2. >> It does ask for a root password, to mount the USB stick I >> guess. > Not quite, it does ask for MY password, but only for the first mount > after a login. And yes, under "Application Autostart" of XFCE I have > >/usr/bin/veracrypt --background-task > > If I remember correctly, when configuring VeraCrypt under Windows there > is a checkbox for autostarting it on login. I recall seeing there was a bug that affected XFCE but not all other desktops. I use KDE here. It had something to do with the way the program was started or something. Since I don't use XFCE, I didn't get into the details. >> ... >>I wanted this to work on windoze as well, I >> chose vfat or whatever. > My encrypted USB sticks (I have two identical ones, just in case) are > NTFS formatted. And yes, naming files requires some caution. Under > Linux files "A" and "a" can coexist, under Windows they can't. > > Sincerely, > Rainer > Yea, it poses a problem. In some ways, windoze has a advantage but in some ways, Linux does. Either way, it pays to be careful and to watch for errors. It could result in files not be copied over. So far, I like this software. It's fairly easy to use considering what it is doing. The best part, it has a GUI. That helps a lot. It's a lot easier to set options in a GUI than it is to remember a bunch of options on a command line. ;-) Dale :-) :-)
Re: [gentoo-user] executing a file on a usb thumb drive
Dale, On Sunday, 2020-03-22 04:34:54 -0500, you wrote: > ... > I wanted to post a couple things for future reference. First, it seems > this thing requires sudo to work. Add the executable to the sudo file > thingy. I didn't do this, and it works anyway: # cat /etc/sudoers | grep crypt # > It does ask for a root password, to mount the USB stick I > guess. Not quite, it does ask for MY password, but only for the first mount after a login. And yes, under "Application Autostart" of XFCE I have /usr/bin/veracrypt --background-task If I remember correctly, when configuring VeraCrypt under Windows there is a checkbox for autostarting it on login. > ... >I wanted this to work on windoze as well, I > chose vfat or whatever. My encrypted USB sticks (I have two identical ones, just in case) are NTFS formatted. And yes, naming files requires some caution. Under Linux files "A" and "a" can coexist, under Windows they can't. Sincerely, Rainer
Re: [gentoo-user] executing a file on a usb thumb drive
On 22/3/20 5:34 pm, Dale wrote: > Dale wrote: >> Dr Rainer Woitok wrote: >>> ... >>> William, if you can get it installed on your system, folks above you >>> would allow it, it is a nifty and quite simple thing to use. Sorting >>> out the initial kinks took some time but once done, it's done. The only >>> part I didn't care much for, the part where I had to move the mouse >>> pointer all over the place. Wrecks havoc on my wrist since it took a >>> while to get that little bar thingy all the way to the end. >>> >>> Hope this helps someone else with one or more of these issues. >>> >>> Dale >>> >>> :-) :-) >>> Hi, yes I did install veracrypt and it looked very good up until I tried it at work - it was fine on my own windows instances in testing. I was talking of the encryption built into the windows kernel - it can also be done on the linux side but I have not looked into if veracrypt uses it. Bill K.
Re: [gentoo-user] executing a file on a usb thumb drive
Dale wrote: > Dr Rainer Woitok wrote: >> >> I do exactly that: transfering files from Gentoo to Windows and back. >> And if anybody else would try to read the USB stick they would only find >> white noise on it. >> >> Sincerely, >> Rainer >> > > Thank you. That is MOST helpful. I want to document some things and > leave it behind, after I'm dead and gone, but I want a certain person to > be able to access it. They will have the password. Thing is, until > then, I don't want anyone to be able to see it or anything. This will > work very nicely. > > Off to youtube to see this thing in action. ;-) > > Dale > > :-) :-) > I wanted to post a couple things for future reference. First, it seems this thing requires sudo to work. Add the executable to the sudo file thingy. It does ask for a root password, to mount the USB stick I guess. I don't care much for sudo so it took me a while, and google, to figure out how to fix that. To save someone else some grief: root@fireball / # cat /etc/sudoers | grep crypt %wheel ALL = (root) NOPASSWD:/usr/bin/veracrypt root@fireball / # It still asks for the password but who cares anyway. It works. :-) I also don't have encryption built into my kernel. Obviously veracrypt can't encrypt without that unless you change it to software encryption. Go to Settings, Preferences and then select the tab System Integration. At the bottom, tick the Do not use cryptographic services under Kernel Services. It says it makes it slower so be ready for that. I am not able to compare since I don't have the kernel part included, yet. I'll have to figure that out next. Wish me luck. lol The next thing I noticed. I wanted this to work on windoze as well, I chose vfat or whatever. Here's the downside of that. You can't use some symbols in file names. I found out the colon, ":", is a no no. I suspect there is more. I don't use vfat for much so I don't have a lot of knowledge on those but I suspect some of you will, even if you wish you didn't have to know. :/ William, if you can get it installed on your system, folks above you would allow it, it is a nifty and quite simple thing to use. Sorting out the initial kinks took some time but once done, it's done. The only part I didn't care much for, the part where I had to move the mouse pointer all over the place. Wrecks havoc on my wrist since it took a while to get that little bar thingy all the way to the end. Hope this helps someone else with one or more of these issues. Dale :-) :-)
Re: [gentoo-user] executing a file on a usb thumb drive
On Sunday, 22 March 2020 03:00:51 GMT William Kenworthy wrote: > On 22/3/20 2:29 am, Dr Rainer Woitok wrote: > > Dale, > > > > On Saturday, 2020-03-21 13:01:01 -0500, you wrote: > >> ... > >> > >> Thing is, if I > >> > >> give it to someone who uses windoze, can they just put in the password > >> and open it or does it have to be on the original system? > > > > They just have VeraCrypt to be installed and they have to know the cred- > > entials, which may be a password and/or a certain file on each system. > > > >> Basically, I'd like to transfer > >> > >> files from one system to another but it be encrypted while in transit. > >> I use Linux, they use windoze tho. That make sense? > > > > I do exactly that: transfering files from Gentoo to Windows and back. > > And if anybody else would try to read the USB stick they would only find > > white noise on it. > > > > Sincerely, > > > >Rainer > > Good point - securestick leaves the "structure" of directories visible > on the standard exfat FS but encrypts the files in place. My view is its > "good enough" for my purposes and while veracrypt is better - it wont > work in my use case. > > > BillK I'd like to add the "good enough" encryption requirement Bill mentions here, appropriate to a particular use case should be understood for what it is. A relative measure of security and retention of privacy. Many hardware and software data encryption schemes offer only a relative level of security and are not strong enough to trust them with your life. Convoluted methods using browsers and what not open additional side-channel attack opportunities and increase exposure. Software solutions which work today, may stop working tomorrow on the next release of MSWindows OS. Many hardware solutions promising built-in encryption, well ... they are not to be trusted: https://www.ieee-security.org/TC/SP2019/papers/310.pdf Many of these methods are weak for a determined and technically capable attacker, but they are perfectly adequate stopping the general public from accessing your data. signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] executing a file on a usb thumb drive
On 22/3/20 2:29 am, Dr Rainer Woitok wrote: Dale, On Saturday, 2020-03-21 13:01:01 -0500, you wrote: ... Thing is, if I give it to someone who uses windoze, can they just put in the password and open it or does it have to be on the original system? They just have VeraCrypt to be installed and they have to know the cred- entials, which may be a password and/or a certain file on each system. Basically, I'd like to transfer files from one system to another but it be encrypted while in transit. I use Linux, they use windoze tho. That make sense? I do exactly that: transfering files from Gentoo to Windows and back. And if anybody else would try to read the USB stick they would only find white noise on it. Sincerely, Rainer Good point - securestick leaves the "structure" of directories visible on the standard exfat FS but encrypts the files in place. My view is its "good enough" for my purposes and while veracrypt is better - it wont work in my use case. BillK
Re: [gentoo-user] executing a file on a usb thumb drive
On 22/3/20 12:53 am, Dr Rainer Woitok wrote: Dale, On Saturday, 2020-03-21 08:06:35 -0500, you wrote: ... Mind if I'm nosy for a minute. I'd like to store files on a USB stick that are encrypted as well. However, I'd like it to be able to work no matter what OS is used. I googled but thought it was not possible. You seem to have found a way to do this, broken at the moment but there's hope. For what it's worth, I'm successfully using VeraCrypt (the successor of TrueCrypt) on both, Windows and Gentoo, to read and write encrypted USB sticks. See "https://www.veracrypt.fr/en/Home.html; for their web site and just emerge "app-crypt/veracrypt". Sincerely, Rainer That would have been my preference but I am a user on an enterprise locked down version of windows (probably lucky they let me use usb!) - the securestick webdav approach sidesteps the fact that windows encryption (as almost all usb encryption in apps on windows like veracrypt crypt do) goes through the kernel so it (in my case) has been used to enforce policy which is only aimed at the common security risks (so has it has left some holes :) The alternative I used previously was an encrypted archive copy'd back and forward. With Securestick I can sync using unison on this side, and a windows app on the other. BillK * if there is something better than securestick out there, like Dale I would love to hear of it!
Re: [gentoo-user] executing a file on a usb thumb drive
Dr Rainer Woitok wrote: > Dale, > > On Saturday, 2020-03-21 13:01:01 -0500, you wrote: > >> ... >> Thing is, if I >> give it to someone who uses windoze, can they just put in the password >> and open it or does it have to be on the original system? > They just have VeraCrypt to be installed and they have to know the cred- > entials, which may be a password and/or a certain file on each system. > >> Basically, I'd like to transfer >> files from one system to another but it be encrypted while in transit. >> I use Linux, they use windoze tho. That make sense? > I do exactly that: transfering files from Gentoo to Windows and back. > And if anybody else would try to read the USB stick they would only find > white noise on it. > > Sincerely, > Rainer > Thank you. That is MOST helpful. I want to document some things and leave it behind, after I'm dead and gone, but I want a certain person to be able to access it. They will have the password. Thing is, until then, I don't want anyone to be able to see it or anything. This will work very nicely. Off to youtube to see this thing in action. ;-) Dale :-) :-)
Re: [gentoo-user] executing a file on a usb thumb drive
Dale, On Saturday, 2020-03-21 13:01:01 -0500, you wrote: > ... > Thing is, if I > give it to someone who uses windoze, can they just put in the password > and open it or does it have to be on the original system? They just have VeraCrypt to be installed and they have to know the cred- entials, which may be a password and/or a certain file on each system. > Basically, I'd like to transfer > files from one system to another but it be encrypted while in transit. > I use Linux, they use windoze tho. That make sense? I do exactly that: transfering files from Gentoo to Windows and back. And if anybody else would try to read the USB stick they would only find white noise on it. Sincerely, Rainer
Re: [gentoo-user] executing a file on a usb thumb drive
Dr Rainer Woitok wrote: > Dale, > > On Saturday, 2020-03-21 08:06:35 -0500, you wrote: > >> ... >> Mind if I'm nosy for a minute. I'd like to store files on a USB stick >> that are encrypted as well. However, I'd like it to be able to work no >> matter what OS is used. I googled but thought it was not possible. You >> seem to have found a way to do this, broken at the moment but there's hope. > For what it's worth, I'm successfully using VeraCrypt (the successor of > TrueCrypt) on both, Windows and Gentoo, to read and write encrypted USB > sticks. > > See "https://www.veracrypt.fr/en/Home.html; for their web site and just > emerge "app-crypt/veracrypt". > > Sincerely, > Rainer > Questions. Since you use it, maybe you can tell me if this works. I'd like to use this on a USB stick for files/directories. Thing is, if I give it to someone who uses windoze, can they just put in the password and open it or does it have to be on the original system? It sounds like it will work on different systems. Basically, I'd like to transfer files from one system to another but it be encrypted while in transit. I use Linux, they use windoze tho. That make sense? Thanks. Dale :-) :-)
Re: [gentoo-user] executing a file on a usb thumb drive
Dale, On Saturday, 2020-03-21 08:06:35 -0500, you wrote: > ... > Mind if I'm nosy for a minute. I'd like to store files on a USB stick > that are encrypted as well. However, I'd like it to be able to work no > matter what OS is used. I googled but thought it was not possible. You > seem to have found a way to do this, broken at the moment but there's hope. For what it's worth, I'm successfully using VeraCrypt (the successor of TrueCrypt) on both, Windows and Gentoo, to read and write encrypted USB sticks. See "https://www.veracrypt.fr/en/Home.html; for their web site and just emerge "app-crypt/veracrypt". Sincerely, Rainer
Re: [gentoo-user] executing a file on a usb thumb drive
William Kenworthy wrote: > > On 21/3/20 9:06 pm, Dale wrote: >> William Kenworthy wrote: >>> I have an encrypted usb thumb drive I use to transfer files from work >>> (Win10) to home (gentoo) - the encryption and access is via a program >>> that is stored and executed from the thumb drive. >>> >>> Some time back, it became impossible to execute files stored on the >>> thumb drive. I found I could get it to work if it was mounted within >>> the users home directory. Since the last round of updates that has >>> become broken as well. >>> >>> I presume the culprit is something in eudev/udisks/polkit/elogind >>> (this is an openrc system) >>> >>> Can someone point me to a guide on how to set up executing files from >>> a usb thumb drive on gentoo? >>> >>> Thanks, >>> >>> BillK. >>> >>> >>> >>> >> >> Mind if I'm nosy for a minute. I'd like to store files on a USB stick >> that are encrypted as well. However, I'd like it to be able to work no >> matter what OS is used. I googled but thought it was not possible. You >> seem to have found a way to do this, broken at the moment but there's >> hope. >> >> Would you share what you are using? Links maybe?? >> >> Thanks. >> >> Dale >> >> :-) :-) >> > > Look at http://www.withopf.com/tools/securstick/. > > Its mounted as a webdav share. It does limit the windows side to > files ~35mb or so ( an MS limitation) > > The windows side is seamless, linux is clunky > > You put a linux and windows executable on the thumb drive and execute > the one needed - a login screen appears within your browser. > > > I just found that exec with the home directory still works ... but > only if in a terminal, cant click on it using a file manager. > > > BillK > Thanks much. It gives me a starting place. Dale :-) :-)
Re: [gentoo-user] executing a file on a usb thumb drive
On 21/3/20 9:06 pm, Dale wrote: William Kenworthy wrote: I have an encrypted usb thumb drive I use to transfer files from work (Win10) to home (gentoo) - the encryption and access is via a program that is stored and executed from the thumb drive. Some time back, it became impossible to execute files stored on the thumb drive. I found I could get it to work if it was mounted within the users home directory. Since the last round of updates that has become broken as well. I presume the culprit is something in eudev/udisks/polkit/elogind (this is an openrc system) Can someone point me to a guide on how to set up executing files from a usb thumb drive on gentoo? Thanks, BillK. Mind if I'm nosy for a minute. I'd like to store files on a USB stick that are encrypted as well. However, I'd like it to be able to work no matter what OS is used. I googled but thought it was not possible. You seem to have found a way to do this, broken at the moment but there's hope. Would you share what you are using? Links maybe?? Thanks. Dale :-) :-) Look at http://www.withopf.com/tools/securstick/. Its mounted as a webdav share. It does limit the windows side to files ~35mb or so ( an MS limitation) The windows side is seamless, linux is clunky You put a linux and windows executable on the thumb drive and execute the one needed - a login screen appears within your browser. I just found that exec with the home directory still works ... but only if in a terminal, cant click on it using a file manager. BillK
Re: [gentoo-user] executing a file on a usb thumb drive
On Sat, Mar 21, 2020 at 8:39 AM William Kenworthy wrote: > > I have an encrypted usb thumb drive I use to transfer files from work > (Win10) to home (gentoo) - the encryption and access is via a program > that is stored and executed from the thumb drive. > > Some time back, it became impossible to execute files stored on the > thumb drive. I found I could get it to work if it was mounted within > the users home directory. Since the last round of updates that has > become broken as well. I'm aware of 2 things that would break this: - The filesystem is mounted with the noexec flag set. - For filesystems that don't have permissions natively (like FAT), the filesystem is mounted with a umask that prevents the execute bit from being set. You could check both of these things in /proc/mounts when the filesystem is mounted. How to fix it depends on what is actually mounting the filesystem in the first place. How do you access the drive after you plug it in?
Re: [gentoo-user] executing a file on a usb thumb drive
William Kenworthy wrote: > I have an encrypted usb thumb drive I use to transfer files from work > (Win10) to home (gentoo) - the encryption and access is via a program > that is stored and executed from the thumb drive. > > Some time back, it became impossible to execute files stored on the > thumb drive. I found I could get it to work if it was mounted within > the users home directory. Since the last round of updates that has > become broken as well. > > I presume the culprit is something in eudev/udisks/polkit/elogind > (this is an openrc system) > > Can someone point me to a guide on how to set up executing files from > a usb thumb drive on gentoo? > > Thanks, > > BillK. > > > > Mind if I'm nosy for a minute. I'd like to store files on a USB stick that are encrypted as well. However, I'd like it to be able to work no matter what OS is used. I googled but thought it was not possible. You seem to have found a way to do this, broken at the moment but there's hope. Would you share what you are using? Links maybe?? Thanks. Dale :-) :-)
[gentoo-user] executing a file on a usb thumb drive
I have an encrypted usb thumb drive I use to transfer files from work (Win10) to home (gentoo) - the encryption and access is via a program that is stored and executed from the thumb drive. Some time back, it became impossible to execute files stored on the thumb drive. I found I could get it to work if it was mounted within the users home directory. Since the last round of updates that has become broken as well. I presume the culprit is something in eudev/udisks/polkit/elogind (this is an openrc system) Can someone point me to a guide on how to set up executing files from a usb thumb drive on gentoo? Thanks, BillK.