Secure Documents
Preface
This presentation will be performed on 2005-02-15, prepared by:
- Mathias Jeschke and
- Sven Wittig
Secure Electronic Documents with PDF
Encryption
Signatures
Possibility of Encrypting Files with UNIX and Linux
With Linux you have in general two ways of encrypting files effectively:
- File based Encryption
- File System based Encryption
File based Encryption with OpenSSL
OpenSSL supports a great variety of strong encryption algorithms.
Symmetric Encryption with AES
To encrypt a file (e.g. document.txt) symmetrically with AES-256 just use:
$ openssl aes-256-cbc -e -in document.txt -out document.enc enter aes-256-cbc encryption password: Verifying - enter aes-256-cbc encryption password:
You will be asked for a password twice. This is the symmetric key for encryption/decryption. To decrypt the secured file use:
$ openssl aes-256-cbc -d -in document.enc -out document.txt enter aes-256-cbc decryption password:
Asymmetric Encryption with RSA
OpenSSL also supports asymmetric encryption, e.g. with RSA. First you need a private key to decrypt files, addressed to you later. Use a key with a minimal key size of 1024:
$ openssl genrsa -out bob.priv 1024 Generating RSA private key, 1024 bit long modulus ...........++++++ ......++++++ e is 65537 (0x10001)
Than export your public key from the private one:
$ openssl rsa -in bob.priv -out bob.pub -pubout
This public key could be sent to the sender, who encrypts the file, addressed to you. Your correspondence (e.g. Alice) encrypts the file with your public key:
$ openssl rsautl -encrypt -in document.txt -out document.enc -inkey bob.pub -pubin
You can decrypt the file with your private key (bob.priv):
$ openssl rsautl -decrypt -in document.enc -out document.txt -inkey bob.priv
File based Encryption with GnuPG
The GnuPG (GPG) program is optimized for e-mail-embedded encryption especially with asymmetric algorithms. Default the ElGamal/DSA encryption will be used. A nice feature is the possibility to save public keys on so called "key servers".
- EncFS/FUSE
- Cryptoloop
- loop-AES
- dm-crypt
Encrypted FileSystem (EFS) with Windows 2000/XP
Problems
Intersystem Communication or Using
Attacks
Physical Attacks
Decrypted Copies
/proc/kmem
Literature
- Die PostScript- & PDF-Bibel, Thomas Merz, Olaf Drümmer, Dpunkt Verlag, ISBN: 3935320019