Secure Documents: Difference between revisions
No edit summary |
|||
(6 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
=Preface= |
|||
This presentation will be performed on 2005-02-15, prepared by: |
|||
* Mathias Jeschke and |
|||
* Sven Wittig |
|||
=Secure Electronic Documents with PDF= |
=Secure Electronic Documents with PDF= |
||
Line 64: | Line 57: | ||
Default the [[ElGamal]]/[[DSA]] encryption will be used. |
Default the [[ElGamal]]/[[DSA]] encryption will be used. |
||
A nice feature is the possibility to save public keys on so called "key servers". |
A nice feature is the possibility to save public keys on so called "key servers". |
||
To encrypt a file for Bob, Alice needs the public of Bob. A simple way is to import the key, |
|||
which Alice get from Bob over a secure channel: (cut and paste to stdin) |
|||
$ gpg --import |
|||
-----BEGIN PGP PUBLIC KEY BLOCK----- |
|||
Version: GnuPG v1.2.5 (GNU/Linux) |
|||
mQGiBDyFlIkRBACfVHJxv47r6rux7TwT4jHM7z/2VfyCrmcRegQEsbdLfqu3mEmK |
|||
RouuaDQukNINWk2V2ErOWzFnJqdzpapeuPJiOWp0uIEvU3FRPhYlytw9dFfwAHv4 |
|||
MJ7639tAx9PfXBmZOd1PAoE451+VLhIGlLQiFGFppJ57SZ1EQ71/+/nkSwCg8Mge |
|||
XFDxWgC+IH7CSUlLeLbJzU0D/AwpEG732YmcH8JmMCN3LpvuOh11fa4GmE4Su7nb |
|||
Ze4buY4NEiV4gYBDvSIuixSyfQK4fxFDXrgCyV6TiCN0dLlshaFsVDHlci9/Qkpz |
|||
uwTFi0fsDAAA4JgWSFhX++obaLAqbSiYQXYlrfOS5r8q2O/gd8f3INCwo/t8NzHO |
|||
Xcm0A/4r6h5qVqcI39SOpRwJ057hnFbOhCDKkdVkJ3u974NrnvMkVolneaI8gt4Y |
|||
PSCo2u65pOULedmkY9r03v0jA+CHYBRqaZlTUkaZSxPIai8nWFXwwUXyk6lbE5l6 |
|||
Zp3PmscDhRMIN82lwWvDbQb7cPf5nGvHaKja4E7PeZjCnqhyW7Q3QWRlbGUgKERl |
|||
ciBmcmV1bmRsaWNoZSBFLU1haWwtUm9ib3RlcikgPGFkZWxlQGdudXBwLmRlPohX |
|||
BBMRAgAXBQI8hZSJBQsHCgMEAxUDAgMWAgECF4AACgkQ5XM0aZKrP/cVUQCcCg0D |
|||
7UdPqImr+uMHbhmpa+sp0YsAnikvdHStgyYGVH11WxpwUbZ7pFh0iEYEEBECAAYF |
|||
AjysOCIACgkQ1KFFRITexqY/gQCgl8e3xWo0e4XmxZFXyf/alFNPXpMAnjCW2PF6 |
|||
r8Qop5yOKqwAF77Yf57biEYEEBECAAYFAjzJKAEACgkQRzhZddU/jsNWxwCeP17t |
|||
FqcnEwhSR+x0VKryNhaQGqoAoL5ONyTQagld+3eo1KJmC/ioTVByiEYEEBECAAYF |
|||
Ajz2xlcACgkQvrH7jXtexdeXnACcDuZ8ccba4B5SJ1jvqPH1LNQ24IAAoNrGYLUr |
|||
FWGbmDJ+K6d5uoimy46WiEYEEBECAAYFAj1SZXAACgkQg+j6cbVROcAIHgCePJY0 |
|||
L4dZ7NXtPWCDMRMeRfn/AiAAoN2JmArlNBeGhoBLNTcD1D3RJZR3iEYEEBECAAYF |
|||
Aj1XtVgACgkQBxToOlwvD1Hj7QCdFqY9IV+IfmITpG7GWXJsKyqpUSoAn1cqqXrp |
|||
p25McK4Xe92zUv4fHwsriEYEEBECAAYFAj2kd0kACgkQ3Wfq6WhVEt0y1QCgjRL7 |
|||
YKiZ8PJ2Hqilj4UHO0na7ZEAnjjAj7LhehGpDLfhaWzKJDcwjYTPiEYEEBECAAYF |
|||
Aj57Dp8ACgkQ61LGAMC0CWLeWwCdFQdl3u3XPcoyu1cnx49oxXhxzkgAoPmPy1uT |
|||
hSDsQcgCiIB7WOK46LMJiEYEERECAAYFAj1wpz8ACgkQY0wYHEsQySSTTACgnITA |
|||
JbYypobQRqRgC98Hjh3m6wkAoI0igVEHiG+EdH1zRbOJQ+ZWHfYRiEYEEBECAAYF |
|||
Aj+NTiIACgkQyJDKlzI3w7lZtQCgturczIt1Nxdlu2Y2dHFryi3NAxUAn3Jt7bSH |
|||
JMT1mSfEGpfHhNpUX5odiEYEEBECAAYFAkAx194ACgkQ25KzDkKyFYjZmQCfYt4z |
|||
0czZh/BTsG7lSbgByD6HJ6gAn2m+iKvEn/2lf0Wx+/FoVpxqtNEcuQENBDyFlJUQ |
|||
BACF7J+9d+E1aPlyIdFaF4aZqI/w0NAYkpteYKfo3PVcgXB0okWf81d7dHm/z1tB |
|||
IVf+STxG8zygq2NuD4fGJWmkzHb0pz12MjzMphnR8CcuwumpF64iB5s8MxIwTWZC |
|||
LEFtqNPh///m2FxP4XfsutnLDQllc62RisWL6psc6cvi6wADBQP/WKMatekcBZPz |
|||
0L6FOCJqtFa4+9jmvHKi5nLtVwuIFdvrc7e8LNZw6oVrCP44xZrmfryOUuhU05ee |
|||
TM4CBJiO4NzqhbST1NWl6AvB+KMy+fP5t8VHqnADngY07e/JKIbrLtylTdeQQO/z |
|||
m3U3F/e4UotBhI8VJ4aXy+5/841o7HyIRgQYEQIABgUCPIWUlQAKCRDlczRpkqs/ |
|||
979tAKCSRnnmYzAkm17ZjUsH1kLCzndPuACgnV8LeedsovXQX1z6PKQdSg54bW0= |
|||
=I1/Y |
|||
-----END PGP PUBLIC KEY BLOCK----- |
|||
or from a file: |
|||
$ gpg --import bob.pub.gpg |
|||
Now you can encrypt your file for Bob with: |
|||
$ gpg -o document.gpg -er Bob document.txt |
|||
Bob should be able to decrypt the file with: |
|||
$ gpg -o document.txt -d document.gpg |
|||
In addition GPG supports symmetric cryptography with the switch ''-c''. |
|||
See ''man gpg'' for further information. |
|||
==Encrypted File Systems and related Stuff== |
==Encrypted File Systems and related Stuff== |
||
Instead of encrypt/decrypt every file alone, it can make sense to use encryption for whole filesystems, |
|||
* EncFS/FUSE |
|||
which encrypt/decrypt file on-the-fly at access. |
|||
Linux comes with some built-in solutions to obtain this feature. |
|||
===EncFS/FUSE=== |
|||
FUSE is a combination of kernel module and a userspace library to provide the implementation of userspace filesystems. |
|||
The EncFS program is such a program using the FUSE library. The big advantage is, |
|||
that you are independent from your systems administrator if you want to use encrypted file systems. |
|||
EncFS stores the encrypted files as encrypted files in another directory with also encrypted file names. |
|||
The Usage is very simple: once you have configured an directory storing EncFS data, you only have to run: |
|||
# fuse doesn't shipped with default SuSE kernels |
|||
$ modprobe fuse |
|||
$ encfs ~/.crypto ~/.secret |
|||
and enter your encryption passphrase to save/read files to/from ~/.secret while the encrypted data are inside ~/.crypto. |
|||
If you don't need the secret data, just run: |
|||
$ fusermount -u ~/.secret |
|||
and your decrypted data are unaccessible for other user on your system. |
|||
To setup a directory for EncFS run encfs in the shown way with ''encfs [srcdir] [destdir]''. |
|||
If the directory wasn't prepared you will be asked for some details: |
|||
$ encfs ~/.crypto ~/.secret |
|||
* Cryptoloop |
* Cryptoloop |
||
* loop-AES |
* loop-AES |
||
Line 88: | Line 168: | ||
==Security== |
==Security== |
||
The only way (at the moment) to hack the symmetric or asymmetric key is brute-force and that takes a long time. So the best solution is to save the private key on a smartcard, but if you will lose the key you will have no longer access to the files. EFS provides the service of an Recovery Agent |
The only way (at the moment) to hack the symmetric or asymmetric key is brute-force and that takes a long time. So the best solution is to save the private key on a smartcard, but if you will lose the key you will have no longer access to the files. EFS provides the service of an Recovery Agent and he(normaly the administrator of the domain) will get automaticly access to all encrypted files of all user on his domain. |
||
=> ATTENTION! Access to the recovery agent means access to all files!!! |
=> ATTENTION! Access to the recovery agent means access to all files!!! |
||
Recovery agents can be designated either for the [http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/encrypt_to_add_recovery_agent.mspx local computer] or the [http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_SEprocsAddRecAgent.asp complete domain]. |
|||
==Problems== |
==Problems== |
||
Line 97: | Line 179: | ||
* EFS provides only non-encrypted transfer over network |
* EFS provides only non-encrypted transfer over network |
||
* packed and system-files can be not encrypted |
* packed and system-files can be not encrypted |
||
* with pysical access and a bootdisk its possible to get access to files on a Win2k System |
|||
* EFS is not a 100%security ,it makes it more difficult to get access but not impossible(so don't save files on the harddisk if it is not necessary) |
|||
=Problems= |
=Problems= |
||
Line 108: | Line 192: | ||
=Literature= |
=Literature= |
||
* Die PostScript- & PDF-Bibel, Thomas Merz, Olaf Drümmer, Dpunkt Verlag, ISBN: 3935320019 |
* Die PostScript- & PDF-Bibel, Thomas Merz, Olaf Drümmer, Dpunkt Verlag, ISBN: 3935320019 |
||
* Windows Server 2003, Eric Tierling, Addison-Wesley, ISBN: 3827320763 |
|||
* google.de ;) |
Latest revision as of 12:51, 20 April 2005
Secure Electronic Documents with PDF
Encryption
Signatures
Possibility of Encrypting Files with UNIX and Linux
With Linux you have in general two ways of encrypting files effectively:
- File based Encryption
- File System based Encryption
File based Encryption with OpenSSL
OpenSSL supports a great variety of strong encryption algorithms.
Symmetric Encryption with AES
To encrypt a file (e.g. document.txt) symmetrically with AES-256 just use:
$ openssl aes-256-cbc -e -in document.txt -out document.enc enter aes-256-cbc encryption password: Verifying - enter aes-256-cbc encryption password:
You will be asked for a password twice. This is the symmetric key for encryption/decryption. To decrypt the secured file use:
$ openssl aes-256-cbc -d -in document.enc -out document.txt enter aes-256-cbc decryption password:
Asymmetric Encryption with RSA
OpenSSL also supports asymmetric encryption, e.g. with RSA. First you need a private key to decrypt files, addressed to you later. Use a key with a minimal key size of 1024:
$ openssl genrsa -out bob.priv 1024 Generating RSA private key, 1024 bit long modulus ...........++++++ ......++++++ e is 65537 (0x10001)
Than export your public key from the private one:
$ openssl rsa -in bob.priv -out bob.pub -pubout
This public key could be sent to the sender, who encrypts the file, addressed to you. Your correspondence (e.g. Alice) encrypts the file with your public key:
$ openssl rsautl -encrypt -in document.txt -out document.enc -inkey bob.pub -pubin
You can decrypt the file with your private key (bob.priv):
$ openssl rsautl -decrypt -in document.enc -out document.txt -inkey bob.priv
File based Encryption with GnuPG
The GnuPG (GPG) program is optimized for e-mail-embedded encryption especially with asymmetric algorithms. Default the ElGamal/DSA encryption will be used. A nice feature is the possibility to save public keys on so called "key servers".
To encrypt a file for Bob, Alice needs the public of Bob. A simple way is to import the key, which Alice get from Bob over a secure channel: (cut and paste to stdin)
$ gpg --import -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.5 (GNU/Linux) mQGiBDyFlIkRBACfVHJxv47r6rux7TwT4jHM7z/2VfyCrmcRegQEsbdLfqu3mEmK RouuaDQukNINWk2V2ErOWzFnJqdzpapeuPJiOWp0uIEvU3FRPhYlytw9dFfwAHv4 MJ7639tAx9PfXBmZOd1PAoE451+VLhIGlLQiFGFppJ57SZ1EQ71/+/nkSwCg8Mge XFDxWgC+IH7CSUlLeLbJzU0D/AwpEG732YmcH8JmMCN3LpvuOh11fa4GmE4Su7nb Ze4buY4NEiV4gYBDvSIuixSyfQK4fxFDXrgCyV6TiCN0dLlshaFsVDHlci9/Qkpz uwTFi0fsDAAA4JgWSFhX++obaLAqbSiYQXYlrfOS5r8q2O/gd8f3INCwo/t8NzHO Xcm0A/4r6h5qVqcI39SOpRwJ057hnFbOhCDKkdVkJ3u974NrnvMkVolneaI8gt4Y PSCo2u65pOULedmkY9r03v0jA+CHYBRqaZlTUkaZSxPIai8nWFXwwUXyk6lbE5l6 Zp3PmscDhRMIN82lwWvDbQb7cPf5nGvHaKja4E7PeZjCnqhyW7Q3QWRlbGUgKERl ciBmcmV1bmRsaWNoZSBFLU1haWwtUm9ib3RlcikgPGFkZWxlQGdudXBwLmRlPohX BBMRAgAXBQI8hZSJBQsHCgMEAxUDAgMWAgECF4AACgkQ5XM0aZKrP/cVUQCcCg0D 7UdPqImr+uMHbhmpa+sp0YsAnikvdHStgyYGVH11WxpwUbZ7pFh0iEYEEBECAAYF AjysOCIACgkQ1KFFRITexqY/gQCgl8e3xWo0e4XmxZFXyf/alFNPXpMAnjCW2PF6 r8Qop5yOKqwAF77Yf57biEYEEBECAAYFAjzJKAEACgkQRzhZddU/jsNWxwCeP17t FqcnEwhSR+x0VKryNhaQGqoAoL5ONyTQagld+3eo1KJmC/ioTVByiEYEEBECAAYF Ajz2xlcACgkQvrH7jXtexdeXnACcDuZ8ccba4B5SJ1jvqPH1LNQ24IAAoNrGYLUr FWGbmDJ+K6d5uoimy46WiEYEEBECAAYFAj1SZXAACgkQg+j6cbVROcAIHgCePJY0 L4dZ7NXtPWCDMRMeRfn/AiAAoN2JmArlNBeGhoBLNTcD1D3RJZR3iEYEEBECAAYF Aj1XtVgACgkQBxToOlwvD1Hj7QCdFqY9IV+IfmITpG7GWXJsKyqpUSoAn1cqqXrp p25McK4Xe92zUv4fHwsriEYEEBECAAYFAj2kd0kACgkQ3Wfq6WhVEt0y1QCgjRL7 YKiZ8PJ2Hqilj4UHO0na7ZEAnjjAj7LhehGpDLfhaWzKJDcwjYTPiEYEEBECAAYF Aj57Dp8ACgkQ61LGAMC0CWLeWwCdFQdl3u3XPcoyu1cnx49oxXhxzkgAoPmPy1uT hSDsQcgCiIB7WOK46LMJiEYEERECAAYFAj1wpz8ACgkQY0wYHEsQySSTTACgnITA JbYypobQRqRgC98Hjh3m6wkAoI0igVEHiG+EdH1zRbOJQ+ZWHfYRiEYEEBECAAYF Aj+NTiIACgkQyJDKlzI3w7lZtQCgturczIt1Nxdlu2Y2dHFryi3NAxUAn3Jt7bSH JMT1mSfEGpfHhNpUX5odiEYEEBECAAYFAkAx194ACgkQ25KzDkKyFYjZmQCfYt4z 0czZh/BTsG7lSbgByD6HJ6gAn2m+iKvEn/2lf0Wx+/FoVpxqtNEcuQENBDyFlJUQ BACF7J+9d+E1aPlyIdFaF4aZqI/w0NAYkpteYKfo3PVcgXB0okWf81d7dHm/z1tB IVf+STxG8zygq2NuD4fGJWmkzHb0pz12MjzMphnR8CcuwumpF64iB5s8MxIwTWZC LEFtqNPh///m2FxP4XfsutnLDQllc62RisWL6psc6cvi6wADBQP/WKMatekcBZPz 0L6FOCJqtFa4+9jmvHKi5nLtVwuIFdvrc7e8LNZw6oVrCP44xZrmfryOUuhU05ee TM4CBJiO4NzqhbST1NWl6AvB+KMy+fP5t8VHqnADngY07e/JKIbrLtylTdeQQO/z m3U3F/e4UotBhI8VJ4aXy+5/841o7HyIRgQYEQIABgUCPIWUlQAKCRDlczRpkqs/ 979tAKCSRnnmYzAkm17ZjUsH1kLCzndPuACgnV8LeedsovXQX1z6PKQdSg54bW0= =I1/Y -----END PGP PUBLIC KEY BLOCK-----
or from a file:
$ gpg --import bob.pub.gpg
Now you can encrypt your file for Bob with:
$ gpg -o document.gpg -er Bob document.txt
Bob should be able to decrypt the file with:
$ gpg -o document.txt -d document.gpg
In addition GPG supports symmetric cryptography with the switch -c. See man gpg for further information.
Instead of encrypt/decrypt every file alone, it can make sense to use encryption for whole filesystems, which encrypt/decrypt file on-the-fly at access. Linux comes with some built-in solutions to obtain this feature.
EncFS/FUSE
FUSE is a combination of kernel module and a userspace library to provide the implementation of userspace filesystems. The EncFS program is such a program using the FUSE library. The big advantage is, that you are independent from your systems administrator if you want to use encrypted file systems. EncFS stores the encrypted files as encrypted files in another directory with also encrypted file names. The Usage is very simple: once you have configured an directory storing EncFS data, you only have to run:
# fuse doesn't shipped with default SuSE kernels $ modprobe fuse $ encfs ~/.crypto ~/.secret
and enter your encryption passphrase to save/read files to/from ~/.secret while the encrypted data are inside ~/.crypto. If you don't need the secret data, just run:
$ fusermount -u ~/.secret
and your decrypted data are unaccessible for other user on your system.
To setup a directory for EncFS run encfs in the shown way with encfs [srcdir] [destdir]. If the directory wasn't prepared you will be asked for some details:
$ encfs ~/.crypto ~/.secret
- Cryptoloop
- loop-AES
- dm-crypt
Encrypted FileSystem (EFS) with Windows 2000/XP/2003
What is EFS?
EFS is part of the OS and makes encryption of files and folders on a NTFS-partition possible. It is very easy for a user to encrypt or decrypt a file.
Why EFS?
With EFS you have an file access authorization. F.e. if an other user have physical access to your machine too maybe he has access to your private files. so you can encrypt the files with EFS and only you, with your private key, can open the file. EFS works transparently in the background.
Encryption
EFS use a combination of symmetric and asymmetric encryption. At first the file will be encrypted via DESX(128bit) or 3DES(168bit), the symmetric encryption, and then the key will be assymmetric encrypted via RSA(1024bit). The private key is saved on the machine encrypted via the user master key.
Security
The only way (at the moment) to hack the symmetric or asymmetric key is brute-force and that takes a long time. So the best solution is to save the private key on a smartcard, but if you will lose the key you will have no longer access to the files. EFS provides the service of an Recovery Agent and he(normaly the administrator of the domain) will get automaticly access to all encrypted files of all user on his domain. => ATTENTION! Access to the recovery agent means access to all files!!!
Recovery agents can be designated either for the local computer or the complete domain.
Problems
- Saving an encrypted file on a non NTFS-Partition means lost of encryption.
- tmp-files are normaly not encrypted => best solution is to encrypt a folder so all files in the folder are encrypted (f.e. word always creates the tmp-files in the same folder)
- EFS provides only non-encrypted transfer over network
- packed and system-files can be not encrypted
- with pysical access and a bootdisk its possible to get access to files on a Win2k System
- EFS is not a 100%security ,it makes it more difficult to get access but not impossible(so don't save files on the harddisk if it is not necessary)
Problems
Intersystem Communication or Using
Attacks
Physical Attacks
Decrypted Copies
/proc/kmem
Literature
- Die PostScript- & PDF-Bibel, Thomas Merz, Olaf Drümmer, Dpunkt Verlag, ISBN: 3935320019
- Windows Server 2003, Eric Tierling, Addison-Wesley, ISBN: 3827320763
- google.de ;)