Multi-Platform Encrypted Disk Image Formats? 29
LockedDisk asks: I'm looking at an application that will use USB flash devices to distribute information that, while not "top-secret", is sensitive enough that I'd prefer not to distribute it in plaintext. It'll be accessed from multiple platforms by the users who get them. What I'm hoping to find is a tool to build encrypted disk images that can be mounted on Windows, MacOS X, and hopefully Linux as well. What I'd do in distributing these is put the encrypted image on the device, with mounters already on the thumb drive. Users would be able to simply use the right mounter for their platform. For instance, I know PGPdisk would support the multi-platform part, but the mounter doesn't look like it's very well-suited to what I'm looking for. Mac .DMG files can be encrypted, but I know of no way to mount them on any other platform. Any ideas, folks?"
why an encrypted filesystem? (Score:4, Insightful)
Re:why an encrypted filesystem? (Score:1)
Think in layers.
exactly (Score:2)
Re:why an encrypted filesystem? (Score:5, Informative)
Because modifying and re-encrypting your data that way isn't automatic. I can't speak for the person who submitted the question, but I can tell you why I use encrypted disks in Mac OS X: My home directory is filled with symlinks.
Using
At first, I was regularly copying the entire
FWIW, I'm planning on writing a howto describing how I use crypto in OS X, covering topics from ssh (keys, tunnels, socks proxy, scp) to gpg to Apple's AES dmg files (and my backup script). Hopefully I'll find the time soon, and post it on my website. If anyone has any input on this subject, I'm available on aim and would be interested in hearing pre-feedback. I'd really like to hear an answer to the Multi-Platform part of the submitters question, as currently my aes dmg encrypted data is only available in mac os x.
Re:why an encrypted filesystem? (Score:1)
Re:why an encrypted filesystem? (Score:1)
It may not come preinstalled with either, but it does work fine in both....
Re:why an encrypted filesystem? (Score:2)
Some ideas.... (Score:1)
Re:Some ideas.... (Score:2)
http://www.omnigroup.com/mailman/archive/macosx-d
Does anyone know of a way to open dmg files on platforms other than OSX?
Re:Some ideas.... (Score:2)
CDROM iso (Score:2, Interesting)
Re:PGP (Score:1, Insightful)
1. He said PGPdisk didn't suit his needs already
and
2. PGPdisk is only included in the paid-in-full version of the product if so ordered as such
Cheers.
BestCrypt (Score:3, Informative)
One way (Score:4, Interesting)
I've wished for something similar in the past. One solution that occurred to me would be to create an encrypted loopback filesystem under Linux (details here [linux.org]). For those not familiar with this scheme, it essentially encapsulates a filesystem in a regular file and [en|de]crypts it at the kernel level.
One potential way to access this from Windows would be using Namespace Extensions [microsoft.com]. I believe this is the way that "special folders" such as Control Panel and Scheduled Tasks are integrated into the Explorer. It would seem to be straightforward for someone knowledgable in the area to create a Namespace Extension that could mount an encrypted loopback filesystem created in Linux.
Re:One way (Score:2)
I really wish there was a cross-platform standard for volume encryption. My understanding is that with AES-256, loop-AES takes my passphrase and generates two 256-bit keys with SHA-512. The block number is encrypted using the first key to generate the initialization vector for the block, then the initialization vector and the secon key are used with AES in CBC mode to enc
Samba VFS (Score:3, Interesting)
And for platforms that don't support CIFS natively (are there any of this now a days?) you can use jCIFS
this is the post to mod up (Score:1)
FAT formatted USB drive->encrypted file->SMB/CIFS server->SMB/CIFS client on OS
BestCrypt (Score:1)
Cygwin (Score:2)
Re:IANAFSE (Score:1)
best bet... (Score:2)
The second part is to get transparent encryption/decryption. That's a matter of convenience. There is no single good solution for all platforms. Some programs (editors like vi and emacs) can automate this for you. You can write scripts or batch files to do this for you as needed.
On Linux, you can get transparent encrypt/decryption for almost all programs using LD_PRELOAD. Look at the "Plastic File System" (some assembly required). Similar DLL hacks are possible on Windows, though harder and less reliable.
Why Not Java? (Score:1)
Issues (Score:3, Informative)
The biggest issue with this idea is cross-platform. So far a few suggestions have been raised, and I like the idea of a samba frontend, though it seems a little extreme.
BestCrypt [jetico.com] is the only cross-platfrom encrypted drive/volume software I know of, its only free for Linux though. :(
Scramdisk [clara.net]/ e4m [samsimpson.com] are options. Though Scramdisk doesn't run on w2k or XP, nor Linux. E4M doesn't run on linux either. The source for Scramdisk and E4M is available, but I've forgotten what the license is. I *think* its GPL, but don't count on it.
DriveCrypt [samsimpson.com] is made by the same people as ScramDisk, but DC is closed source. Though they are promising a Linux release (as well as the current XP/2K/etc clients).
You may also like to try The Linux crypto mailing list [linux.org] to search for answers there.
Developing On-The-Fly encrypted drives for linux isn't all that hard, afterall, its been done before a few times. Doing so for Windows 95 though to XP is a lot harder.
As for the Mac side, I have no idea. I think the most portable option would be the Samba idea mentioned before. It shows the most promise, you are esentially piggybacking off a known and support product.
dont think there are crypto-"vault" multiplatform (Score:1)
But for a temporary solution i present BCrypt [sourceforge.net] - powerful multiplatform file encryption tool. Its also small and light but uses a 448bit Blowfish-encryption. You can carry the different version of the binary on your pendrive and encrypt/decrypt on virtually any platform. Of course it just encrypts files so you need to add zip or something for multiple files - yes its a bitch if there is alot of them but its the best suggestion i have.
Use PGPdisk (Score:1)
Does each platform have a webserver? (Score:1)
You can also use the [protect admin] tag to require username and password.
It is cross platform and the Developer Edition is FREE.
You can download it at Click Here [smithmicro.com]
Here is the sample encrypt tag
[Encrypt seed=abcdefg]Some Text that is private[/Encrypt]
[Decrypt seed=abcdefg][Encrypt seed=abcdefg]Some Text that is private[/Encrypt][/Decrypt]
In the example above, the first line of displayed text will be unintelligible, as seen below.
The second line decrypts the text and displays it as it was before:
Some Text that is private
Good Luck!!