Slashdot Mirror

← Back to Stories (view on slashdot.org)

Multi-Platform Encrypted Disk Image Formats?

Posted by Cliff on from the secure-and-portable-data-transportation dept.

LockedDisk asks: I'm looking at an application that will use USB flash devices to distribute information that, while not "top-secret", is sensitive enough that I'd prefer not to distribute it in plaintext. It'll be accessed from multiple platforms by the users who get them. What I'm hoping to find is a tool to build encrypted disk images that can be mounted on Windows, MacOS X, and hopefully Linux as well. What I'd do in distributing these is put the encrypted image on the device, with mounters already on the thumb drive. Users would be able to simply use the right mounter for their platform. For instance, I know PGPdisk would support the multi-platform part, but the mounter doesn't look like it's very well-suited to what I'm looking for. Mac .DMG files can be encrypted, but I know of no way to mount them on any other platform. Any ideas, folks?"

3 of 29 comments (clear)

  1. BestCrypt by BalkanBoy · · Score: 3, Informative

    has the ability to create encrypted images with any given cipher and mount them. They've made a version for both, Windows and Linux (not sure if they have a Mac though). It creates a .jbc file that you can copy and manipulate to your heart's content. Here's their site.

    --
    'A lie if repeated often enough, becomes the truth.' - Goebbels
  2. Re:why an encrypted filesystem? by phyxeld · · Score: 5, Informative
    why not just use a standard filesystem (msdos/vfat) and leave an encrypted zip or gpg encrypted tar file in the root directory? How is this any less secure?

    Because modifying and re-encrypting your data that way isn't automatic. I can't speak for the person who submitted the question, but I can tell you why I use encrypted disks in Mac OS X: My home directory is filled with symlinks. .ssh, .gnupg, .fetchmailrc, etc... All of these things are links to a given directory. Like so:
    .ssh -> .encrypted/.ssh
    .gnupg -> .encrypted/.gnupg
    .encrypted -> /Volumes/EncryptedDisk
    Since all the symlinks are pointing to another symlink which itself points to the actual mount point of the encrypted volume, I can easily swap in a different volume there, to use the encrypted dmg on my usb thumb drive, or on a remote webdav volume, or whatever. And I have a lot more than just ssh and gnupg stored on there, stuff like bookmarks and cookies for various browsers, my actual apple Keychain files, mail, etc... All of this can my symlinked to an encrypted volume. It's much more convienent than encrypting your whole home directory (as has been discussed on slashdot previously) because you don't need another account to mount and unmount the image. And without the dmg mounted, you still have access to the unencrypted parts of your user account (ie I don't keep my mailing list directories on there, but I do keep my inbox and personal mail there).

    Using .tgz.gpg files, something I've also played with, simply cannot provide this kind of functionality.

    At first, I was regularly copying the entire .dmg file onto my slow-as-all-fuck thumbdrive, but then I got wise and made a second image there of the same size and use a script to mount both images, rsync, and unmount (so I run my script, insert the usb thumb drive, wait, and remove it. Rsync makes the backup quite fast, compared with copying the entire dmg every time). Beause of all this, creating an account on a new mac and getting my personal settings is as simple as plugging in the thumbdrive and running a (different) script to create the symlinks. On machines that aren't mine, the ~/.encrypted symlink just points to the mount point of the dmg on the usb key drive though, instead of a local copy.

    FWIW, I'm planning on writing a howto describing how I use crypto in OS X, covering topics from ssh (keys, tunnels, socks proxy, scp) to gpg to Apple's AES dmg files (and my backup script). Hopefully I'll find the time soon, and post it on my website. If anyone has any input on this subject, I'm available on aim and would be interested in hearing pre-feedback. I'd really like to hear an answer to the Multi-Platform part of the submitters question, as currently my aes dmg encrypted data is only available in mac os x.
    --
    __
    Choose mnemonic identifiers. If you can't remember what mnemonic means, you've got a problem. - Larry Wall
  3. Issues by Zaffle · · Score: 2, Informative

    The biggest issue with this idea is cross-platform. So far a few suggestions have been raised, and I like the idea of a samba frontend, though it seems a little extreme.

    BestCrypt is the only cross-platfrom encrypted drive/volume software I know of, its only free for Linux though. :(

    Scramdisk/ e4m are options. Though Scramdisk doesn't run on w2k or XP, nor Linux. E4M doesn't run on linux either. The source for Scramdisk and E4M is available, but I've forgotten what the license is. I *think* its GPL, but don't count on it.

    DriveCrypt is made by the same people as ScramDisk, but DC is closed source. Though they are promising a Linux release (as well as the current XP/2K/etc clients).

    You may also like to try The Linux crypto mailing list to search for answers there.

    Developing On-The-Fly encrypted drives for linux isn't all that hard, afterall, its been done before a few times. Doing so for Windows 95 though to XP is a lot harder.

    As for the Mac side, I have no idea. I think the most portable option would be the Samba idea mentioned before. It shows the most promise, you are esentially piggybacking off a known and support product.

    --

    I use to have a funny sig, but slash cut it off, and I forgot what the punchline was.