Discussion, talk and tips
https://forum.puppylinux.com/
at the bottom of this post, http://www.murga-linux.com/puppy/viewto ... 02#1043322. I didn't remember that " Packit, built into every recent Puppy, AFAIK, will compress a folder simultaneously encrypting it. XArchive, also builtin, available thru the Right-Click Menu, will ask for the password." Code: Select all
# mkdir xyz .xyz
#
# encfs /root/.xyz /root/xyz
Creating new encrypted volume.
Please choose from one of the following options:
enter "x" for expert configuration mode,
enter "p" for pre-configured paranoia mode,
anything else, or an empty line will select standard mode.
?>
Standard configuration selected.
Configuration finished. The filesystem to be created has
the following properties:
Filesystem cipher: "ssl/aes", version 3:0:2
Filename encoding: "nameio/block", version 4:0:2
Key Size: 192 bits
Block Size: 1024 bytes
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File holes passed through to ciphertext.
Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism. However, the password can be changed
later using encfsctl.
New Encfs Password:
Verify Encfs Password:
Code: Select all
# ls -rt -goh .xyz
-rwxr-xr-x 1 23K Sep 18 15:48 Bxz2jx,JJzEH8kZRdGgOTzlZ
-rwxr-xr-x 1 565 Sep 18 18:39 XgSIQ0UwA3ICpTbfJ4gJsVjA
-rwxr-xr-x 1 451 Sep 18 18:39 We6vECLKAaoJSKWI3XmpsuNe
-rwxr-xr-x 1 249 Sep 18 18:39 ngijSCIbEnSKEwT7l7AXKhTR
-rwxr-xr-x 1 19K Oct 17 21:53 eDpY2W5JCikdDAT1hBlZvPdy
-rwxr-xr-x 1 36 Oct 20 00:08 w6kpLOMU9wBn6I-7KROkiCqd
-rwxr-xr-x 1 37 Oct 20 00:08 mq8UxI28OxGk0LUjKRiJaW6r
-rwxr-xr-x 1 30K Oct 20 00:08 jaZ8z3L5ggeVxEsLOb3nzeQ6
-rwxr-xr-x 1 167 Oct 20 00:08 iPrFSXaswTvrIBrSGZobJV15
-rwxr-xr-x 1 9.8K Oct 20 00:08 eb3JZnwKiX2onfGrtX2e5QI5
-rwxr-xr-x 1 308 Oct 20 00:08 d5MlzzKr,Y8-Rjo29LkwXivC
-rwxr-xr-x 1 60 Oct 20 00:08 8vf-UW6wQ2LEF,j8l5ttn3Ju
# Code: Select all
# umount-FULL /root/xyz/Code: Select all
encfs /path/to/encrypted-dir /path/to/unencrypted-dir
@Jarrett I keep my address book in a compression archive, though admit also storing contacts in Android is pretty damning for privacy.Jarrett wrote: Sat Oct 24, 2020 9:06 am @JASpup
I think something like this may prove the easiest option.
What I'm trying to protect is my email client which has an address book and a Logins file. It's not as if I'm trying to hide state secrets.
In the event of my losing the USB stick (it's a Sandisk Cruzer and I can lose that on my desk!) I would like my address book and logins reasonable secure.
Code: Select all
openssl helpYou can install ccrypt in BionicPup. It's probably available in the Puppy Package Manager (ppm). My executable is about 56k.I've used ccrypt to encrypt files but I would like to encrypt an entire directory. What is the simplest way of going about this?
Code: Select all
#!/bin/sh
DIR="$@"
yaf-splash -text "Directory is being archived" &
tar -zcf $DIR.tar.gz $DIR
killall yaf-splash
yaf-splash -text "File is being encrypted" &
bcrypt_gui $DIR.tar.gz
killall yaf-splash
yaf-splash -text "Encryption complete" &
sleep 5
killall yaf-splash@Trapster
I tried this but it didn't work with Bionic Pup 64. Thanks anyway.
@williams2
ccrypt has been replaced by Bcrypt. It's fine, works well but is limited to files and as far as I've tried out, text files only.
encrypt seems to work but it's a bit cumbersome.
Packit, using 7zip, second pass only, works and doesn't leave a pile of files that need deleting. Given I'm not trying to hide anything critical and just want to make life difficult for someone who has access to my computer or finds a USB drive with my passwords etc on, 7zip would seem adequate.
I think these days a simple but effective rule is, if you don't want anyone to have access to stuff on your computer, don't leave it on there in the first place.
Perhaps in a future release a simple application like Bcrypt that worked for folders/directories would be a good addition.
I would suggest to try veracrypt again. It worth the trouble.
https://www.veracrypt.fr/en/Downloads.html
or try the one I made/use for BusterDog/StratchDog (renaming this to SFS)
veracrypt_1.22_amd64_180330.squashfs https://1fichier.com/?uo4stzcw7ya52ojcrwck
or
veracrypt_1.23_i386_legacy.tar.gz_v01b.squashfs https://1fichier.com/?pfmwgle08d05xjh9qfdq
I've been using it for year with encrypted drives and files (with folder structure inside).
Hi!!
I've always used Bcrypt, but in the Fossapup version, I can't find it. First I create a zip of the folder then I pass Bcrypt to it and the resulting file can be encrypted again. (I don't know if that adds security).
The Bcrypt application that Puppy Linux has installed is the easiest I have found. I would like someone to try to hack a calc file, with pasword, inside a zip with password and also, passed through bcrypt. I think I would sponsor a pizza for such an achievement. 
peazip, https://peazip.github.io/.
I posted about this on the old forum. If you use it to create an encrypted ".pea" archive then rename it to remove or change the ".pea" ending, the archive used* to look like a binary. Nothing will open it until you return or rename it to have the ".pea" ending and provide the password. http://murga-linux.com/puppy/viewtopic.php?p=815424.
In other words, before you can even attempt to access it's contents you must first know that the file isn't what it appears to be. Good luck to strangers finding a lost USB-Key.
====
* The iconic display may depend on the theme in use. But even if the display doesn't misleadingly suggest that it's a binary to be run, you could have named your archive something like "tulips" and given it the ending ".png". Trying to open tulips.png in a graphic application results in a notice such as that the file is corrupt.
Reading this post again, I just read on Wiki EncFS volumes are dynamically sized. Can VeraCrypt pull this? Is there another big advantage over Vera?
https://en.wikipedia.org/wiki/EncFS
williams2 wrote: Fri Oct 23, 2020 7:57 pmYou can use encfs to encrypt the files a directory
BionicPup64 doesn't seem to have it installed, you would install it from the ppm Puppy Package Manager.
search for encfs and install with all dependencies (libtinyxml)Code: Select all
# mkdir xyz .xyz # # encfs /root/.xyz /root/xyz Creating new encrypted volume. Please choose from one of the following options: enter "x" for expert configuration mode, enter "p" for pre-configured paranoia mode, anything else, or an empty line will select standard mode. ?> Standard configuration selected. Configuration finished. The filesystem to be created has the following properties: Filesystem cipher: "ssl/aes", version 3:0:2 Filename encoding: "nameio/block", version 4:0:2 Key Size: 192 bits Block Size: 1024 bytes Each file contains 8 byte header with unique IV data. Filenames encoded using IV chaining mode. File holes passed through to ciphertext. Now you will need to enter a password for your filesystem. You will need to remember this password, as there is absolutely no recovery mechanism. However, the password can be changed later using encfsctl. New Encfs Password: Verify Encfs Password:This mounts the encrypted dir /root/.xyz on the mountpoint /root/xyz/
A file you put in /root/xyz will go into /root/.xyz
All files in .xyz will be encrypted.
All files in xyz will seem to exist and be unencrypted.Code: Select all
# ls -rt -goh .xyz -rwxr-xr-x 1 23K Sep 18 15:48 Bxz2jx,JJzEH8kZRdGgOTzlZ -rwxr-xr-x 1 565 Sep 18 18:39 XgSIQ0UwA3ICpTbfJ4gJsVjA -rwxr-xr-x 1 451 Sep 18 18:39 We6vECLKAaoJSKWI3XmpsuNe -rwxr-xr-x 1 249 Sep 18 18:39 ngijSCIbEnSKEwT7l7AXKhTR -rwxr-xr-x 1 19K Oct 17 21:53 eDpY2W5JCikdDAT1hBlZvPdy -rwxr-xr-x 1 36 Oct 20 00:08 w6kpLOMU9wBn6I-7KROkiCqd -rwxr-xr-x 1 37 Oct 20 00:08 mq8UxI28OxGk0LUjKRiJaW6r -rwxr-xr-x 1 30K Oct 20 00:08 jaZ8z3L5ggeVxEsLOb3nzeQ6 -rwxr-xr-x 1 167 Oct 20 00:08 iPrFSXaswTvrIBrSGZobJV15 -rwxr-xr-x 1 9.8K Oct 20 00:08 eb3JZnwKiX2onfGrtX2e5QI5 -rwxr-xr-x 1 308 Oct 20 00:08 d5MlzzKr,Y8-Rjo29LkwXivC -rwxr-xr-x 1 60 Oct 20 00:08 8vf-UW6wQ2LEF,j8l5ttn3Ju #Code: Select all
# umount-FULL /root/xyz/Basically, just mount an empty dir on the encrypted dir:
Code: Select all
encfs /path/to/encrypted-dir /path/to/unencrypted-dirumount the unencrypted-dir to make the dir empty again.
I just read on Wiki EncFS volumes are dynamically sized
Basically, with EncFS, an encrypted dir is mounted on an empty dir using the EncFS driver.
For example, you could create an empty dir named "mydir" and you could create another empty dir named "dotmydir" (a hidden dir because of the dot.) Then you could mount "mydir" on "dotmydir"
Now you can put files in "mydir" and it will look like the files are going in "mydir" but they are really going in "dotdir" Files and dirs in "dotdir" will all be encrypted, each filename and dir, and the contents of each file is also encrypted. If you unmount "mydir", it will be empty again. The files will all be in "dotmydir", emcrypted.
The space you have available in the encrypted dir "dotmydir" is all of the free space in the file system that the dir is in.
The space taken in the dir and therefore in the file system, is the size of the files. That is what they mean by dynamic, I think. Exactly the same as a Puppy save folder.
Can VeraCrypt pull this?
VeraCrypt encrypts a partition, or it can encrypt a file system in a file. VeraCrypt can create and use parts of a partition or in a file to make and use a hidden encrypted, but there is nothing to prevent hidden space from being accidentally overwritten by the regular fiile system.
I'm not sure if VeraCrypt volumes can be resized. It should say in the manual or in the faqs.
Is there another big advantage over Vera?
EncFS encrypts file by file. It's not at all hidden.
VeraCrypt's volimes can be hidden in a partition or in a file (plausible deniability.)
I would not want to risk my life with either one.
Your explanations are thorough and clear, and surely one will benefit when coming across or looking for the information.
My interest here was basic thinking:
'I was just calculating VeraCrypt partition sizes. That's not required by EncFS because it sizes dynamically. Great!'
Part B:
'Now can Vera do this too, or is EncFS that advantageous?'
Part C:
'Does EncFS have any other comparative tricks up its sleeve I'm missing?'
moving on...
Vera's hidden partitions look like a useful feature, but I need to wrap my head around the technology first before I comprehend the risk. I plan to start with the more basic container. Ironically TrueCrypt is in the PPM & Vera not, but that may be because I'm not updated/in the newest Puppy. EncFS is quite small in comparison, even with dependencies.
williams2 wrote: Sun Apr 11, 2021 3:42 amI just read on Wiki EncFS volumes are dynamically sized
Basically, with EncFS, an encrypted dir is mounted on an empty dir using the EncFS driver.
For example, you could create an empty dir named "mydir" and you could create another empty dir named "dotmydir" (a hidden dir because of the dot.) Then you could mount "mydir" on "dotmydir"
Now you can put files in "mydir" and it will look like the files are going in "mydir" but they are really going in "dotdir" Files and dirs in "dotdir" will all be encrypted, each filename and dir, and the contents of each file is also encrypted. If you unmount "mydir", it will be empty again. The files will all be in "dotmydir", emcrypted.
The space you have available in the encrypted dir "dotmydir" is all of the free space in the file system that the dir is in.
The space taken in the dir and therefore in the file system, is the size of the files. That is what they mean by dynamic, I think. Exactly the same as a Puppy save folder.Can VeraCrypt pull this?
VeraCrypt encrypts a partition, or it can encrypt a file system in a file. VeraCrypt can create and use parts of a partition or in a file to make and use a hidden encrypted, but there is nothing to prevent hidden space from being accidentally overwritten by the regular fiile system.
I'm not sure if VeraCrypt volumes can be resized. It should say in the manual or in the faqs.
Is there another big advantage over Vera?
EncFS encrypts file by file. It's not at all hidden.
VeraCrypt's volimes can be hidden in a partition or in a file (plausible deniability.)
I would not want to risk my life with either one.
From https://sourceforge.net/p/veracrypt/dis ... c8919cd0b/
2020-06-17
At present, there is no 'Volume Shrinker' utility, only a 'Volume Expander' (VeraCryptExpander.exe), and, AFAIK, no plans to create one.
I've had to deal with this issue recently, and had to copy the data elsewhere before deleting the original volume and then creating a new, smaller one, and writing the data back to it.
The 'Expander' works well, with NTFS formatted volumes only, and where there is no hidden volume, and so I've learnt to start with smaller volumes, and expand them if and when necessary.
Bull's-eye that's good to learn. I expect to be experimenting with both. I saw a tray applet in the PPM for EncFS so it may have a gui side as well, if not at least menu options.
Re-reading this thread I noticed that someone complained about none of the solutions being "Senior-Friendly".
I still like peazip, and the camouflage technique described here, viewtopic.php?p=15147#p15147. Using yad and a simple bash script it shouldn't be very difficult to create applications to 'mask' and 'unmask' a camouflaged file:
Mask:
Step 1: Puppy has a Right-Click>Copy-to option which will copy either/both files and FOLDERS to 'bookmarked' locations. Add a "peazip-temp" folder as a destination.
Step2: Puppy also has Right-Click>Copy & Duplicate options. Copy and change name to something innocuous --e.g. a flower, e.g. Rose.
Step 3: Run peazip, selecting folder. Peazip has a bookmarking tool which can make selecting the "peazip-temp" --the one in which folders are masked/unmasked-- easy to reach. And IIRC, once you select a folder it will automatically open to it until you select a different folder.
Step 4: Left-Click the Rose File/folder --already within peazip-temp folder so it will appear in GUI. Left-Click "Enter password /keyfile" button and enter password. It can be something easy to remember: a middle name, a favorite pet, or perhaps slightly more complex such as one's first telephone number that is no longer being used. Click OK. The Output is Rose.pea. That file will be in the peazip-temp folder.
Step 5. Script removes ".pea" adds, e.g. png.
Step 6. Script deletes unencrypted file from peazip-temp folder.
File can now be emailed to recipient who knows password.
Unmask:
Step 1: Script copies/duplicates received file removing 'png' and adding 'pea'
Step 2: Right-Click copy-to copies to recipients peazip-temp folder from Download folder.
Step 3: Script opens peazip to the peazip-temp folder.
Step 4. Recipient selects the Rose.pea file and enters password. Output is unencrypted file/folder within the peazip-temp folder.
Peazip can be run from the command line. https://peazip.github.io/peazip-command-line.html So, most of the above might be able to be automated in two applications, mask & unmask.
Don't know anything about programming under Windows.
My 'ToDo' folder keeps growing. 
Feel free to write your own scripts. 