UNIX Hints & Hacks
Chapter 3: Security
|
Sections in this Chapter: |
|
|
||
|
|
|
|
3.8 File Encryption |
|
|
|
|
|||
|
|
|
|||
|
|
|
|
|
|
UNIX Hints & Hacks |
|
||||||||||||||||||||||||||
|
Chapter 3: Security |
|
||||||||||||||||||||||||||
|
Encrypting files made easy.
Flavors: AT&T, BSD
Syntax:
crypt [ password ]
To encrypt an ASCII file, pipe the STDOUT of the file to the crypt command and redirect it to a new filename. Repeat the process to decrypt the data.
Take an ASCII file:
rocket 1% cat foo Hey Victor,
The secret back door entrance into UGU is located on the "i" in the Hints & Hacks Book section. Use the password: mcp
Kate
Encrypt the original file:
rocket 2% cat foo | crypt > foo.cpt Enter key:
Ensure that the file is encrypted:
rocket 3% cat foo.cpt POIM)(*(*Y()(^%(&*)JUYG^%RFGVBKLU*^%*()P{OK LKHY *&^(&^H:PO^%$%$KJHBI*B&H_)(I)(I{O)(**(&YNUY -)()(*&*&YBNUHIUY*&&{)IM(*OIIOIPOIM(*U&N(*UJ
Decrypt the file:
rocket 4% cat foo.cpt | crypt > foo.new Enter key:
Output the new decrypted file:
rocket 5% cat foo.new Hey Victor,
The secret back door entrance into UGU is located on the "i" in the Hints & Hacks Book section. Use the password: mcp
Kate
Another way the command could be written is to redirect the ASCII file into the crypt program and redirect it out in one command. So the previous code can be replaced with the following:
rocket 1% crypt < foo > foo.cpt rocket 2% crypt <foo.cpt > foo.new
Flavors: AT&T, BSD
Shell: All
Syntax:
crypt file compress [ -c ] [ name ] uncompress [ -c ] [ name ]
The compress command adds a little more security to the file. By doing so, it can give away your encryption technique.
rocket 1% compress -c foo | crypt > foo.cpt Enter key: rocket 2% crypt < foo.cpt | uncompress > foo.new Enter Key:
Now that you see how compression works with crypt, this is how you can give your technique away to a hacker. If a hacker attempts to decrypt a file that was encrypted with example One; using the decryption technique from example Two and applying the uncompress command, he would be notified that the file was never compressed.
rocket 2% crypt < foo > foo.cpt Enter key: rocket 3% crypt < foo.cpt | uncompress > foo.new Enter Key: stdin: not in compressed format
Flavors: AT&T, BSD
Shells: All
Syntax:
crypt file compress [ -cf ] [ name ] uncompress [ -c ] [ name ] dd [ bs=n ] [ skip=n ]
When compression is applied to a file, it contains a three-byte signature, or header. You can strip this header information with the use of dd. Even if the hacker assumes that the file was compressed when it was encrypted, there is no header information and the file is not decrypted.
rocket 1% compress -c foo | dd bs=3 skip=1 | crypt > foo.cpt 45+0 records in 45+0 records out Enter key:
rocket 2% (compress -cf /dev/null; crypt < foo.cpt | uncompress > foo.new Enter key:
Compression writes the contents of foo to STDOUT, strips out the three-byte header, and encrypts the file into foo.cpt. To decrypt the file, compress writes the nonexistent contents of /dev/null to extract the three-byte header after decrypting foo.cpt. It can now be uncompressed properly. Looks kind of different, huh?
crypt file
A file can be encrypted any number of times using a different key through each stage of the process. Every time a key is entered, if it does not match the existing key, the file is transformed once more. Don't forget the order in which the keys were applied.
rocket 1% crypt < foo > foo.1 Enter key: [key1] rocket 2% crypt < foo.1 > foo.2 Enter key: [key2] rocket 3% crypt < foo.2 > foo.3 Enter key: [key3]
rocket 4% crypt < foo.3 > foo.2 Enter key: [key3] rocket 5% crypt < foo.2 > foo.1 Enter key: [key2] rocket 6% crypt < foo.1 > foo.new Enter key: [key1]
If all the keys are entered in the correct order, the encrypted file should decrypt without any problems.
Flavors: AT&T, BSD
Shells: All
Syntax:
crypt file tar key [ file|buffer ] [name name ... ]
One last technique is to archive your data file with random data using tar and encrypt the entire tar file or pass it through the buffer.
Encrypting a tar file:
rocket 1% tar cf foo.tar rand1 foo rand2 rand3 rocket 2% crypt < foo.tar > foo.cpt Enter key:
rocket 3% crypt < foo.cpt > foo.tar Enter key: rocket 4% tar xf foo.tar
This two-step process of creating the tar file and encrypting it can be joined by one command.
rocket 1% tar cvf - rand1 foo rand2 rand3 | crypt > foo.cpt a rand1 1 block a foo 1 block a rand2 1 block a rand3 1 block Enter key:
rocket 2% crypt < foo.cpt | tar xvf - x rand1 1 block x foo 1 block x rand2 1 block x rand3 1 block Enter key:
By passing the packaged archive into the buffer with the dash symbol, the archive can be directly passed to the crypt program and vice-versa.
If you would like to keep any files more secure than by having permission locking the file down, this makes sure that even those with root cannot see your files.
Whichever method you choose, remain consistent. I once got to the point where I never knew which method a file was encrypted into. I decided to incorporate the method of my choice into a script that both encrypts and decrypts so that I always remain consistent as long as I use that script.
Man pages:
compress, crypt, dd, tar, uncompress
|
UNIX Hints & Hacks |
|
||||||||||||||||||||||||||
|
Chapter 3: Security |
|
||||||||||||||||||||||||||
|
© Copyright Macmillan USA. All rights reserved.