Ceci est une ancienne révision du document !
With the possible demise of Truecrypt, it seemed like a good time to cast around for a similar encryption application. After a little time, it became clear that Truecrypt is unusual in that it is, as far as I can see, the only cross platform application which is able to encrypt containers and drives or partitions. I have settled on using the following methods of encrypting which may look difficult but I promise are really quite simple. I am not very good at scripting, and am probably lazy, so this stuff will work for anyone. Ubuntu is very good at encrypting drives and partitions with built-in encryption tools. ENCFS is useful for encrypting folders and files. AESCrypt makes encrypting a file for sending to someone else very easy, and Tomb creates encrypted containers as you could do easily with Truecrypt. The downside to all of these applications is that they are command-line tools. Please don't move to the next article just yet. They are quite simple to master – I am not a lover of the command-line really, and managed to use all of them successfully in an afternoon. I should also mention that not all of these are open source, but all are free to use.
Avec le probable arrêt de Truecrypt, c'était le bon moment, semblait-t-il, pour jeter un coup d’œil aux applications similaires de chiffrement. Après un moment, il est devenu clair que Truecrypt est inhabituel car, aussi loin que je puisse voir, il apparaît qu'il est la seule application multi-plateforme à avoir la capacité à chiffrer des conteneurs, des disques ou des partitions. Je l'ai établi en utilisant les règles de chiffrement suivantes qui peuvent paraître difficiles mais, je vous l'assure, sont en réalité très simples. Je ne suis pas très bon en chiffrement et un peu paresseux, aussi ce matériau fonctionnera pour chacun.
Ubuntu est très bon pour chiffrer les disques et les partitions avec les outils intégrés de chiffrement. ENCFS est utile pour chiffrer les dossiers et les fichiers. AESCrypt facilite le chiffrement d'un fichier à transmettre à quelqu'un et Tomb créé des conteneurs chiffrés aussi facilement que Truecrypt. Leur défaut commun : toutes ces applications sont en ligne de commande. Non, ne pas passez à l'article suivant dès maintenant. Elles sont vraiment simples à maîtriser - je ne suis pas un amoureux de la ligne de commande et je les ai toutes gérées avec succès en un après-midi.
Je dois aussi vous dire qu'aucune n'est open source, mais elles sont toutes à utilisation libre.
AESCrypt AESCrypt requires you to go to www.aescrypt.com/download, scroll down to Linux, and download the 32-bit or 64-bit version you need. Although it is called AES Crypt – Gui, and the description says that it is a GUI Application, I have not been able to find one in Xubuntu. Anyway, download the file, and unzip it to your chosen folder. Make the file executable (right mouse click, select properties, and on the permissions tab check “Allow this file to run as a program” and click OK). Run the program either from the command-line or right mouse click, and select Execute. You will immediately be asked for a password. This is the password you would provide for a sudo command. Select your language, and if you wish to proceed, select Yes. Click Next, accept the default folder selections if you wish (I did) by clicking Next, and then click Finished.
AESCrypt
I have pretty much copied the commands and description from the relevant part of the manual on the website. Suppose you have a file called “passwords.txt” that you would like to encrypt using the password “apples”. You would enter the following command: aescrypt -e -p apples passwords.txt That's it! The program will create a file with the name “passwords.txt.aes”. When you want to later decrypt the file “passwords.txt.aes”, you would enter the following command: aescrypt -d -p apples passwords.txt.aes What if you want to decrypt a file, but just want to have it displayed on the screen and not stored in a plain-text file? You can do that using this syntax: aescrypt -d -o - passwords.txt.aes You can do all sorts of whizzy things with piping and scripts but there are other tools which, it seems to me me, are better at encrypting multiple files. I should also mention that when you encrypt a file using AESCrypt, it does not delete the original but creates an encrypted file of the same name. If you would like more information then please do go to the above website where there is more information than you can shake a stick at.
ENCFS ENCFS is in the Ubuntu repositories so “sudo apt-get install ENCFS” gets it installed in short order. This works differently in that it uses two folders. One folder is the source folder where the encrypted files are stored. The other folder is the mount point. The mount point provides the unencrypted view of the files and folders in the source directory. Folder and file names in the source are encrypted, so, although the folder structure is visible, the types of files and their names are obscured. The best thing about ENCFS is that you do not have to create an encrypted container; so you are constrained only by the size of the hard drive your source folder is on. There are very good user instructions at http://www.howtoforge.com/encrypt-your-data-with-encfs-ubuntu-13.04. I could type all of that out again but it really is quite self explanatory. Once the folders are set up, all that you ever need to do is run the encfs command below. Oh yes and make sure you remember the key or you have locked yourself out of the data. I guess this is true for all of the tools mentioned here. Simple example follows; change the file path names as required: $ mkdir /home/username/sourcefolder
$ mkdir /home/username/mountpoint $ encfs /home/username/sourcefolder /home/username/mountpoint Volume key not found, creating new encrypted volume. Password: [password entered here] Verify: [password entered here] The mount point folder may be used through your file manager in the normal way. To lock down the mount point when you are done with it, the following command should be used; $ fusermount -u /home/username/mountpoint
Tomb Tomb can be downloaded from www.dyne.org/software/tomb. Tomb is a bit funny and probably is closest to Truecrypt in that it creates an encrypted container into which you put files. It has a quirk to it in that you have to open a file-manager from the terminal as superuser. I guess because the commands are all run prefixed by “sudo”. Other than that, it does work well. To business. Once you have downloaded the compressed file, you need to unzip the contents somewhere. I keep my applications like this in a folder called applications. Imaginative or what? Open a terminal window and cd to where you decompressed the folder Tomb-x.x.x. I have cribbed the following instructions from the Tomb website as I cannot simplify them any more than this. To create a 100MB tomb called “secret” do: cd to the Tomb directory sudo tomb dig -s 100 secret.tomb
sudo tomb forge secret.tomb.key sudo tomb lock secret.tomb -k secret.tomb.key To open it, do: sudo tomb open secret.tomb -k secret.tomb.key and after you are done: sudo tomb close or, if you are in a hurry: sudo tomb slam all
I have found that if you want to have secret.tomb in another location you have to use the full file path. The same goes for the key. For example; If you are using Office365 (Outlook 2013), click on the three blue dots at bottom left of the window. Click on Folders. You will now see everything in the left-hand pane in a folder view. If you expand the folder which your Inbox was recovered into, you will see your old calendar and contacts there. Drag contacts from this contacts folder and drop them into your current contacts folder. If you are still using Outlook 2010, the folders view icon is a little yellow folder at the bottom of the left hand window. tomb open /home/username/private/secret.tomb -k /home/username/private/secret.tomb.key There is much more on the website about Tomb which I recommend anyone interested to read: www.dyne.org/software/tomb.
This next bit is not really anything to do with encryption. As I said at the outset, I am quite lazy, I do not remember long commands very well and am always looking to find easy ways to do things. So I found a really useful utility called pdmenu. You can use it to create a menu of commands in a terminal window. Scroll up and down the menu using the cursor keys and the Enter key to run a command. It is available in the repositories and: sudo apt-get-install pdmenu will have it for you in a minute or two. It generates a default pdmenurc file called /etc/pdmenu. Create a file in your favourite text editor called .pdmenurc, modify it to your taste, and save in your home directory. When you run pdmenu in a terminal window it will find this file first and use it. I will show you (top) what the file would look like if it contained the commands to open and close the tomb file above. The first four lines set up how the window will look.
exec – tells pdmenu that it is going to run a command : are spacers between parts of the instruction open tomb is the name that will be displayed p tells pdmenu to wait for the user to input something the command is the last part of the instruction. exec:_Tetris for Terminals::/usr/games/tt exec:_Adventure:pause:/usr/games/adventure
The two above commands will display Tetris for Terminals with no flag so /usr/games/tt will launch when it is selected. The underscore makes the following letter a hotkey. So pressing t will take you to that selection in the menu. Adventure has a pause flag where you could be required to enter some information before being returned to the menu. The man pdmenu command will give you lots of useful information, and if you really want to get into it, there is quite a lot of information on the Internet. I have found that pdmenu is versatile; it will run nested menus, and it removes the tedium of remembering long command syntax. The foregoing is not an exhaustive list of encryption methods but the uncertainty surrounding Truecrypt made me revisit what was available. I am certain that my computer is not impregnable but I am also certain that I have made the data on my computer available to only a very few people who might have some specialised skills. If my computer were to be stolen or lost, although someone may use the hardware, I can be relatively sure that they will not use the data stored on it.
