lately, I installed encfs for encryption. and I encrypted files.
as far as I know, there are two directories. first directory is encrypted files stored and second directory is unencrypted files stored (It's original files).
I think the purpose of using encfs is reading or writing files safely using encrypted file(in first directory). I'm wrong..??
So my question is how to read encrypted files. the files are encrypted so I can't read or write files without decryption. How to decrypt files??
I think I don't know principle of encfs.. Anyone can explain this problem??
How EncFS works is well explained here: http://ninjatips.com/encrypt-dropbox-using-encfs/
EncFS uses two directories in mounting an EncFS filesystem: the
“rootdir” and the “mountPoint”. Under the “rootdir” directory, every
file is encrypted including its filename and what’s in it. Each file
in the “mountPoint” has a specific file in the “rootdir” directory
that corresponds to it. The file in the “mountPoint” provides the
unencrypted view of the one in the “rootdir” directory
When you mount an EncFS drive, it creates a virtual encrypted filesystem on your computer and stores encrypted data in the rootdir directory and makes the unencrypted data visible at the mountPoint. You add, read, delete... files in the mountPoint. The actual encrypted files are in "rootdir".
Related
I'm interesting in how saltstack checks
if file already exists
if file is not corrupted
when it copies files.
Does it check hash sum of file and its content, or only file names? Especially when file.recurse state is used for copying directories.
Does anybody know how to iterate through the directory content and check hash sum for files?
I understand that here is a few questions, but it is important to imagine the big picture of copying process.
Salt compares the hash sums of the files to decide if a download is needed.
Hopefully a very simple question.
I have a read-only mount, and a encfs FUSE mount reads over that to decrypt the files. How do I know which encrypted file each decrypted file relates to?
For example: I want to delete a file, however won't be able to do that via the read-only filesystem. How do I know the true filename?
I am possibly looking for a more programmatic way of doing this
I found this is possible encfsctl. You can use encode function to turn the human readable name into the real path on the filesystem.
$ ENCFS6_CONFIG='encfs6.xml' encfsctl encode /encfs/mountpoint readable/name/in/mountpoint
EncFS Password:
decryptedname
http://manpages.ubuntu.com/manpages/hardy/man1/encfsctl.1.html
I found a solution I am not amazingly happy with. I can make up two directories encrypted and decrypted and use the same .encfs6.xml file to mount the decrypted/ directory as the encfs mountpoint.
I can then mkdir -p decrypted/parent/of/file and touch the filename. Then if I check in decrypted I will have the full path of the encrypted file I want.
It's not elegant but it's a solution. Does anyone have any better ideas?
I am having trouble with encrypting/decrypting a tar archive using Bouncy Castle OpenPGP library.
I'm using TarArchiveOutputStream to add files to a tar archive and Bouncy Castle OpenPGP to encrypt the archive. Afterwards I am using Kleopatra to manually decrypt the file using the option "Input file is an archive; unpack with: TAR(PGP compatible)".
After unpacking the archive all files except one are lost and the one remaining has all contents removed. (Also happens with other decrypting programs)
I have already confirmed that the tar archive contains all the files before it is encrypted. I have also tried decrypting with that option unchecked and then the archive also contains all the files. My question is why it doesn't work with that option checked since the input file is indeed an archive so it makes sense to check that option.
What I have also tried:
Using another library to make the tar file (JTar)
Comparing a manually made tar file to the one generated. The main difference that I saw was that the one made manually was smaller (22KB vs 30KB) while containing same files.
I am open to suggestions.
Thanks!
Say I have files encrypted and I open them with a text editor, am I in risk of those files being copied in some temp memory ?
I noticed this sentence in the introduction on truecrypt website
"Note that TrueCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted"
But do I understand it correctly ?
If a file stored in a TrueCrypt volume is opened in a text editor (or any application really), the decrypted file is temporarily stored in RAM. Once in RAM, another application could potentially copy the data if it can locate the files contents in memory. The feasibility of this is highly dependent on the operating system you're using though.
Also, the editor you've opened the decrypted file in may save a copy of it to a non-encrypted disk. Once you've opened a file in an application it can do anything it wants with the data, it doesn't matter where the data originally came from or in what form it was stored.
Last, depending on your operating system, the OS itself may leave traces of encrypted files. For example, Windows keeps a list of recently opened files, and while this doesn't leave decrypted file contents lying around, it does reveal the names of any files from the TrueCrypt volume that were opened.
We store measurement results in directories. Each directory has a meta.xml which describes common things about the result file, and several files of data. This result has to be encrypted.
I would dream of a solution like this:
We can use ZIP-, TAR- or a similar algorithm for packing the directory into a file
[optional] We can extend the archive header with our own MIME type (MIME recognition without file extensions)
We can use the encryption algorithm defined in the archive standard (e.g. ZIP) to encrypt/decrypt our result
We can extract single files from the archive, without decrypting the whole file (there are 100Mb files, but most of the time I'm only interested in the meta.xml)
We can use regular tools (7Zip, WinZip, zip on Unix) to access the encrypted file
[optional] We can use more than one key, to encrypt our result file
Is this solution realizable? Are there open-source libraries which do the job? Which encryption algorithm to use?
Best regards!
The use of AES encryption in zip files is supported by PKZip, WinZip, and 7-Zip and is specified in the PKWare zip appnote and well described here: Encryption Specification AE-1 and AE-2. Unfortunately neither Info-ZIP zip nor unzip currently support it (those are what you find on Unixish systems). 7-Zip is open source. As noted, the original zip "encryption" hardly even deserves the name and so should be avoided at all costs. The standardized AES encryption is strong, usable, and relatively widely supported.
Update:
I just noticed another part of your question. Each zip entry can be separately encrypted with a different password, and in fact you can mix unencrypted entries as well in the same zip file.