Anyone have one of these or something similar? I got one for my birthday, and immediately plugged it into my laptop and created a directory and copied some pix of my daughter to it. I noticed it had a file structure already on it along with some Windows and Mac software. I brought it in to the office to see if I could read the directory and sure enough it worked. It did complain about a corrupt file system. I also ran the secure disk software on it to repartition the stick as half secure and half not. My question, would it be possible to reformat the stick with an encrypted Linux fs and is so how would I be able to access it from Windows and Macs? Also, by securing half the card, will I still be able to use the whole stick in Linux? Another question, the stick has an autorun script for Windows, if I were to wipe the Windows software off of the stick would Windows still autodetect the stick and mount it? Or is it only autodetecting because of the autorun. I have a W2K desktop.
Brian Densmore
On Mon, Dec 13, 2004 at 10:53:40AM -0600, Brian Densmore wrote:
My question, would it be possible to reformat the stick with an encrypted Linux fs
Absolutely! Your USB flash drive works just like a normal "hard drive" from the view that you can have an encrypted filesystem on it.
I've never done it, but google might help you out.
and is [if?] so how would I be able to access it from Windows and Macs?
That's a different question. I don't know how you'd be able to encrypt a filesystem and have it be readable in Windows.
Also, by securing half the card, will I still be able to use the whole stick in Linux?
Sure. It works just like any other hard drive device that has multiple partitions.
Another question, the stick has an autorun script for Windows, if I were to wipe the Windows software off of the stick would Windows still autodetect the stick and mount it?
I've got the same Lexar Secure drive, the 128 MB version. IIRC, the software included is only for the Windows driver/app for read/write to the secured partition. If you can't access the secured partition, then you run the app, which is saved on the non-secured partition.
I have not experimented with portable encrypted filesystems between Windows and Linux. I don't know if there are Windows drivers or user-space applications to read encrypted filesystems.
Jeremy
On Monday 13 December 2004 10:53, Brian Densmore wrote:
My question, would it be possible to reformat the stick with an encrypted Linux fs and is so how would I be able to access it from Windows and Macs? Also, by securing half the card, will I still be able to use the whole stick in Linux? Another question, the stick has an autorun script for Windows, if I were to wipe the Windows software off of the stick would Windows still autodetect the stick and mount it? Or is it only autodetecting because of the autorun. I have a W2K desktop.
Well, I put all the questions here together because my suggestion encompasses all of them. The Lexar encryption hardware is not compatible with Linux; it's done in hardware and, IIRC, it's extremely simple (easy to crack) but no device driver exists. Rather than worry about having enough size on either the encrypted partition or the non-encrypted partition, I suggest that you partition and format the whole thing in VFAT32 and place a copy of gnupg on the device. There's a number of ways that you can do it but here's one scenario that can vary in size and is compatible with Windows unlike the loopback file system method:
On your linux systems, you have a /usr/local/bin/mount script that you manually invoke that mounts the /dev/sd? device to /mnt/cf0. It then looks for /mnt/cf0/encrypted_archive.tar.gz and executes gnupg with your private key from your home directory and decompresses the archive to some place in /tmp or /home/~. You have another /usr/local/bin/umount script that reverses all of those steps: wrap up the changes in the directory, encrypt _against_your_public key_ on the device, unmount.
On your Windows systems, the exact same process takes place but it's all automatic via the autorun.inf file using MING32 compiled gnupg.exe, tar.exe and gzip.exe on the device. If you take your device to another person's system, you will need to explore some of the many ways that you can securely access your private key from remote locations (perhaps even a seperate, 8MB pen drive to store your private key -- they make watches that do that that have USB connectors). That way, if you lose the device, the person would need both the private key and the password to access the data.
Regarding the existing software on the device, there's no danger in losing any of it unless you want the Windows-only, weak encryption to work with Windows.
This all sounds rather complicated but in practice, good encryption is hard work and the cross-platform nature makes it even more complicated. Good encryption is not yet a commodity.
-
Brian Densmore -
Jason Clinton -
Jeremy Turner