Mageia forum

[rodgoslin]

For some time, I've been passwording Libre Office files containing sensitive material, personal, financial, password lists, and the like. it came to me that a passworded directory, to hold such files would serve better, in that if a password was needed to read the directory, it would be simpler to use. However I've searched for such a thing without success. I did come across encfs and cryptkeeper, in the search. But, as usual with Google searches it produces an entirely different, and far more complicated answer to the problem, since these are purely encryption systems and not what I was aiming for. Has anyone come up with a system along the lines I've described? I did install both encfs and cryptkeeper with a notable lack of success. The resulting installation of encfs resulted in a non-functioning command, which i rectified, and cryptkeeper simple went away and never completed the initiating command

[jiml8]

In general, you can do that by setting up a new user and giving the directory that you want to protect to that user, and only allowing access to that user. Then, to access that directory, you have to su to that user, and at that time you enter that user's password.

Not exactly what you wanted, but this is how I do it - except that those directories that I want to protect belong to root and I have to su to root to access them.

You might look into ACLs (access control lists) to see if implementing that feature of the filesystem would better suit you. Don't think so, but you might investigate.

You also could get the effect you want by tying down the permissions on your home directory so that only you can access that directory. If you do this, you would have to add some system things (like anything that would run as a user other than you but might want to write into a config file in your home directory) to your user group, but this is do-able.

[jiml8]

You also could construct a blank file of the desired size, then mount it using the loopback device, encrypt it using luks, put a filesystem on it, and you would have a secure container for sensitive stuff.

You would need a couple of scripts to mount and open it, and later close and dismount it, but once you had those scripts worked out it would work transparently and would have good security. You could even have a pop-up requester (using kdialog or the equivalent for whatever desktop you are using) that would ask for the password when you tried to access that filesystem, and the mount/unmount scripts could be executed from a desktop icon.

Here is the basic procedure to do this:

1. Create your container file:

Code: Select all

dd if=/dev/zero of=container bs=1M count=10


This will create a 10M container. Adjust as necessary to make the size what you want. I called the file "container"; you can use whatever name suits you best.

2. As root, attach your container to a loop device:

Code: Select all

losetup /dev/loop3 container


I used loop3, but you actually may choose loopN where N is some digit (not sure what the maximum is).

3. As root, encrypt your container:

Code: Select all

cryptsetup luksFormat /dev/loop3


You will be prompted to enter your passphrase; do it twice.

4. As root, open your encrypted container:

Code: Select all

cryptsetup luksOpen  /dev/loop3 crypt-loop3


Now, if you look in /dev/mapper, you will see an entry crypt-loop3

5. As root, create a filesystem on your encrypted container:

Code: Select all

mkfs /dev/mapper/crypt-loop3


Now, you can mount this device on any convenient mountpoint. If you create a folder called mymnt in your home directory, as root:

Code: Select all

mount /dev/mapper/crypt-loop3 mymnt


Now, if you cd mymount, you are inside your encrypted filesystem in your container. And this container is fully portable; you can copy it to another volume and take it with you. You just have to attach it to a loop device, open it, and mount it to use it anywhere.

I will leave how to nicely shut this down as an exercise for the reader, but basically, you dismount it, then close it, then detach it from the loop device.

[rodgoslin]

Hi, thanks for the input. Your first idea, has merit. I might develop something on those lines. I've a couple of Drobo units, I could hide a directory, in plain sight, as it were. There's certainly plenty of room!. Your other idea is very much on the lines of encfs, etc, where encrypted files are in a directory in the home directory, and the unencrypted origins are in a directory buried in root space. An operation to mount that in user space gives you access. But it still needs the faff of encryption, decryption. I was rather looking for something simple. At the moment, in LibreOffice, I can simply password each file, but passwording is something not available on many file types.

[wintpe]

Hi Rod, Jim
another way is create a veracrypt container and store everything there
ive used luks but only because i had to on a redhat course.
ive never used it in reality as i found it so clunky.

so i create veracrypt containers and then occasionally burn them to cd/dvd/blueray.
veracrypt offers two container types one hidden and one visible.
the idea is you put something in the visible so that if someone forces you to open it, you can, and then keep your really secure stuff in the hidden one.
if that is you have something your need to hide like your real savings bank account numbers, passwords etc.
and leave the fake stuff in the non hidden one with different passwords.
for blueray you can create aprox 45 gig container and burn it.
that all backed up on one disk that costs aprox 50p

veracrypt is supplied with mageia, and is available for multiple platforms so the files are portable.

regards peter

[rodgoslin]

Thanks, Peter. I've tended away from encrypment, per se, since frequent saves, as you should do, require re-encrypment. By chance I came across cryptkeeper, which initially put me off since the name seems to indicate encrypment, and all the faff I'm trying to avoid. Tonight I gave it a whirl, and it does seem to do what I want it to do. Running cryptkeeper from the icon, simply adds an entry on the system tray. That gives you the opportunity to create a directory and an associated password. Normally the directory is not visible. Clicking on the applet in the system tray discloses an entry for the directory. Clicking the box brings up a pop-up requiring the password. Entering that, the directory becomes visible, you can move files into the directory or create files there. unticking the entry in the applet, and the directory disappears. Even while the directory is visible, the file manager indicates that the directory is empty, and no files are visible, Open the directory and there they are. It seems the ideal solution. Has anyone any indications that the thing is a bad idea?

[rodgoslin]

FWIW, I wondered how cryptkeeper handled backups. I use Back-in-Time as a backup, and it handled it fine. It did backup the cryptkeeper directory, properly, AND only showed the directory listing when the crypt was open, which was neat. I was a bit worried that the contents of the directory, not visible, would be missed in the backup.