Secure Documents: Difference between revisions

From
Jump to navigation Jump to search
No edit summary
Line 71: Line 71:
* dm-crypt
* dm-crypt


=Encrypted FileSystem (EFS) with Windows 2000/XP=
=Encrypted FileSystem (EFS) with Windows 2000/XP/2003=





Revision as of 13:26, 21 February 2005

Preface

This presentation will be performed on 2005-02-15, prepared by:

  • Mathias Jeschke and
  • Sven Wittig


Secure Electronic Documents with PDF

Encryption

Signatures

Possibility of Encrypting Files with UNIX and Linux

With Linux you have in general two ways of encrypting files effectively:

  • File based Encryption
  • File System based Encryption

File based Encryption with OpenSSL

OpenSSL supports a great variety of strong encryption algorithms.

Symmetric Encryption with AES

To encrypt a file (e.g. document.txt) symmetrically with AES-256 just use:

$ openssl aes-256-cbc -e -in document.txt -out document.enc
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:

You will be asked for a password twice. This is the symmetric key for encryption/decryption. To decrypt the secured file use:

$ openssl aes-256-cbc -d -in document.enc -out document.txt
enter aes-256-cbc decryption password:

Asymmetric Encryption with RSA

OpenSSL also supports asymmetric encryption, e.g. with RSA. First you need a private key to decrypt files, addressed to you later. Use a key with a minimal key size of 1024:

$ openssl genrsa -out bob.priv 1024
Generating RSA private key, 1024 bit long modulus
...........++++++
......++++++
e is 65537 (0x10001)

Than export your public key from the private one:

$ openssl rsa -in bob.priv -out bob.pub -pubout

This public key could be sent to the sender, who encrypts the file, addressed to you. Your correspondence (e.g. Alice) encrypts the file with your public key:

$ openssl rsautl -encrypt -in document.txt -out document.enc -inkey bob.pub -pubin

You can decrypt the file with your private key (bob.priv):

$ openssl rsautl -decrypt -in document.enc -out document.txt -inkey bob.priv

File based Encryption with GnuPG

The GnuPG (GPG) program is optimized for e-mail-embedded encryption especially with asymmetric algorithms. Default the ElGamal/DSA encryption will be used. A nice feature is the possibility to save public keys on so called "key servers".

Encrypted File Systems and related Stuff

  • EncFS/FUSE
  • Cryptoloop
  • loop-AES
  • dm-crypt

Encrypted FileSystem (EFS) with Windows 2000/XP/2003

Problems

Intersystem Communication or Using

Attacks

Physical Attacks

Decrypted Copies

/proc/kmem

Literature

  • Die PostScript- & PDF-Bibel, Thomas Merz, Olaf Drümmer, Dpunkt Verlag, ISBN: 3935320019