Geekblok

Today a co-worker came to my desk with a rather simple but interesting question: “What software do you know that can encrypt a file or directory? The encrypted result needs to be sent abroad on a USB-disk.“

Without hesitating I answered that TrueCrypt could do the job, but then he replied: “Does that work on both Linux and IBM AIX?” (FYI: the data had to come from AIX and had to end-up on Linux). Ehr… Linux yes, AIX no. So I had to re-think…

Then I remembered OpenSSL is installed by default on (almost) all Unix-computers and this opened a new solution. In fact, it’s very simple.

First create a gzipped tar-file of the directory (where “/foo” is the directory containing all files to be encrypted):

# tar zcvfp /root/foo.tar.gz /foo

Next change the ownership to make it a little more secure by default:

# chown 600 /root/foo.tar.gz

Now we start encrypting the created tar-file using OpenSSL with the Blowfish-algorithm. When you press enter after the openssl-command you will be asked for a password. Keep this in mind and keep it secret. If lost there’s no way to recover your precious data!

# openssl enc -blowfish -in /root/foo.tar.gz -out /root/foo.tgz.bf</p> <p>enter bf-cbc encryption password:</p> <p>Verifying - enter bf-cbc encryption password:

You’ll end up with a file named “foo.tgz.bf” in root’s home-directory that is impossible to read and understand.

To decrypt this file one goes the other way around like this:

# openssl enc -d -blowfish &lt; /root/foo.tgz.bf | tar zxvf -</p> <p>enter bf-cbc decryption password:

Enter the password and tada, there’s your data!

Oh and my co-worker returned ten minutes later with a smile on his face.

Many people use Google’s email service Gmail nowadays. But, like with any webmail service, how is your privacy guaranteed? According to GoogleWatch, Gmail is too creepy. Luckily, you can do at least something to gain some privacy back by encrypting your emails.

The geeks who use mutt or pine (or thunderbird for the matter) as their mail client probably have seen that you can easily add gpg plugins to encrypt (and decrypt) emails, yet with web based solutions, this gets a little harder. FireGPG, a Firefox extension, makes it possible to use GnuPG (gpg) for Gmail aswell. You do need to have gpg installed on your system (and of course you need Firefox), but after that, it works fairly easy.

The plugin basically works for all web based mail clients (Yahoo! Mail, Hotmail, etc.) yet with Gmail, you’ll get a set of extra buttons, making it yet a little easier to use. Just select the text when of your email and hit the “Crypt” button from your right-click menu (under FireGPG). Select the recipient’s public key and hit the Ok-button. Now you’ll get the encrypted text that you can copy and paste into the email.

Too bad not many people see the need for email encryption and will throw the non-argument “if you have nothing to hide, you don’t need encryption” right back at you. Please do try to explain the need for encryption to them and start using it for everything!