Secure Documents: Difference between revisions
mNo edit summary |
|||
| Line 14: | Line 14: | ||
=Possibility of Encrypting Files with UNIX and Linux= |
=Possibility of Encrypting Files with UNIX and Linux= |
||
With Linux you have in general two ways of encrypting files effectively: |
|||
==GnuPG== |
|||
* File based Encryption |
|||
==OpenSSL== |
|||
* File System based Encryption |
|||
| ⚫ | |||
==File based Encryption with OpenSSL== |
|||
[[OpenSSL]] supports a great variety of strong encryption algorithms. |
|||
===Symmetric Encryption with AES=== |
|||
To encrypt a file (e.g. document.txt) symmetrically with [[AES]]-256 just use: |
|||
$ openssl aes-256-cbc -e -in document.txt -out document.enc |
|||
enter aes-256-cbc encryption password: |
|||
Verifying - enter aes-256-cbc encryption password: |
|||
You will be asked for a password twice. This is the symmetric key for encryption/decryption. |
|||
To decrypt the secured file use: |
|||
$ openssl aes-256-cbc -d -in document.enc -out document.txt |
|||
enter aes-256-cbc decryption password: |
|||
===Asymmetric Encryption with RSA=== |
|||
OpenSSL also supports asymmetric encryption, e.g. with RSA. |
|||
First you need a private key to decrypt files, addressed to you later. |
|||
Use a key with a minimal key size of 1024: |
|||
$ openssl genrsa -out bob.priv 1024 |
|||
Generating RSA private key, 1024 bit long modulus |
|||
...........++++++ |
|||
......++++++ |
|||
e is 65537 (0x10001) |
|||
Than export your public key from the private one: |
|||
$ openssl rsa -in bob.priv -out bob.pub -pubout |
|||
This public key could be sent to the sender, who encrypts the file, addressed to you. |
|||
Your correspondence (e.g. Alice) encrypts the file with your public key: |
|||
$ openssl rsautl -encrypt -in document.txt -out document.enc -inkey bob.pub -pubin |
|||
You can decrypt the file with your private key (bob.priv): |
|||
$ openssl rsautl -decrypt -in document.enc -out document.txt -inkey bob.priv |
|||
==File based Encryption with GnuPG== |
|||
The [[GnuPG]] (GPG) program is optimized for e-mail-embedded encryption especially with asymmetric algorithms. |
|||
Default the [[ElGamal]]/[[DSA]] encryption will be used. |
|||
A nice feature is the possibility to save public keys on so called "key servers". |
|||
| ⚫ | |||
* EncFS/FUSE |
|||
* Cryptoloop |
|||
* loop-AES |
|||
* dm-crypt |
|||
=Encrypted FileSystem (EFS) with Windows 2000/XP= |
=Encrypted FileSystem (EFS) with Windows 2000/XP= |
||
Revision as of 21:06, 16 February 2005
Preface
This presentation will be performed on 2005-02-15, prepared by:
- Mathias Jeschke and
- Sven Wittig
Secure Electronic Documents with PDF
Encryption
Signatures
Possibility of Encrypting Files with UNIX and Linux
With Linux you have in general two ways of encrypting files effectively:
- File based Encryption
- File System based Encryption
File based Encryption with OpenSSL
OpenSSL supports a great variety of strong encryption algorithms.
Symmetric Encryption with AES
To encrypt a file (e.g. document.txt) symmetrically with AES-256 just use:
$ openssl aes-256-cbc -e -in document.txt -out document.enc enter aes-256-cbc encryption password: Verifying - enter aes-256-cbc encryption password:
You will be asked for a password twice. This is the symmetric key for encryption/decryption. To decrypt the secured file use:
$ openssl aes-256-cbc -d -in document.enc -out document.txt enter aes-256-cbc decryption password:
Asymmetric Encryption with RSA
OpenSSL also supports asymmetric encryption, e.g. with RSA. First you need a private key to decrypt files, addressed to you later. Use a key with a minimal key size of 1024:
$ openssl genrsa -out bob.priv 1024 Generating RSA private key, 1024 bit long modulus ...........++++++ ......++++++ e is 65537 (0x10001)
Than export your public key from the private one:
$ openssl rsa -in bob.priv -out bob.pub -pubout
This public key could be sent to the sender, who encrypts the file, addressed to you. Your correspondence (e.g. Alice) encrypts the file with your public key:
$ openssl rsautl -encrypt -in document.txt -out document.enc -inkey bob.pub -pubin
You can decrypt the file with your private key (bob.priv):
$ openssl rsautl -decrypt -in document.enc -out document.txt -inkey bob.priv
File based Encryption with GnuPG
The GnuPG (GPG) program is optimized for e-mail-embedded encryption especially with asymmetric algorithms. Default the ElGamal/DSA encryption will be used. A nice feature is the possibility to save public keys on so called "key servers".
- EncFS/FUSE
- Cryptoloop
- loop-AES
- dm-crypt
Encrypted FileSystem (EFS) with Windows 2000/XP
Problems
Intersystem Communication or Using
Attacks
Physical Attacks
Decrypted Copies
/proc/kmem
Literature
- Die PostScript- & PDF-Bibel, Thomas Merz, Olaf Drümmer, Dpunkt Verlag, ISBN: 3935320019