[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

encryption of single files using cryptsetup ala gpg -c

most people( according to google search ) seem to use gpg command to encrypt a single file in linux with a passphrase.

I just added the ability to encrypt a single file like gpg in zulucrypt using cryptsetup,currently in plain format.

The current implementation adds a 512 byte header to the encrypted file to store information about the plain data length to work around padding issues if the data that is to be encrypted is not a multiple of 512. The header is also encrypted with the load so the only way to read the header is to first decrypt the encrypted file with the correct passphrase.

Like somebody said in one of the previous discussions on plain volumes,the only way to know a correct passphrase was used when decrypting a plain volume is to check in the  decrypted data for something that is known to be there from the original data.

The question i am asking is, is it possible to write some information in the header in a way that will tell me the decrypting key is the same as the encrypting key?

One solution i came up with is to write the same random 100 byte data read from "/dev/urandom" to offse 100t and offset 200 when encrypting the file. One decryption,the these two offsets are memcmp and an assumption is made that the key is the same if they match. Will this work? With plain volumes, if two chunks of 100 bytes are known to be the same at encryption. Will tey always be different if decryption is done with a different key?

Another solution is to write the first 100 bytes of the key in the header at a specified offset and then compare ithe offset against the key used in decryption. If they match,then an assumption is made that the decryption keys are the same since there is recognizable pattern.

can somebody come with a better solution?

I already store plain text data load length in the header and i know the encrypted file will be larger that plain text file by a number >= 512 and < 1024. I can use this knowledge to check if the decryption key is correct but i am looking for a more "standardized way".

The current implementation can is at: http://code.google.com/p/zulucrypt/source/browse/zuluCrypt-cli/lib/file_encryption.c
dm-crypt mailing list

[DM Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

Add to Google Powered by Linux