Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

RC5 itches forward. Great strides were taken today. Only complete tes…

…ting remains
  • Loading branch information...
commit 9e29b3d11a7514db73756c3af6edfd608826e2da 1 parent 0e54c55
@thomasfrivold authored
Showing with 64 additions and 34 deletions.
  1. +3 −10 LUKSUS.checks
  2. +2 −2 LUKSUS.functions
  3. +7 −8 LUKSUS.usage
  4. +52 −14 README
View
13 LUKSUS.checks
@@ -1,15 +1,8 @@
# DOING CONDITIONAL CHECKING
# CHECKING IF RUNTIME ARGUMENTS ARE COOL
-# These checks do not check if the 3rd and 4th runtime arguments
-# are provided or correct. In the future, this be necessary, just
-# for consistency and correctness sake. It only checks the first $1
-# and second $2 argument.
-
-
## Testing if the user has any options for LUKSUS. These should
# probably be ported to GETOPTS code, but it has to stay like this for
-# now. Also this is lame, I should be able to catch both arguments in
-# one test. Will fix later.
+# now. Will fix later, maybe, one day.
if [ -z "$1" ]
then
cat LUKSUS.usage
@@ -25,8 +18,7 @@ fi
# Runtime Arguments Checking
# I should use getops. Instead I make use of a crude but efficient
# test to see if the user wants truecrypt.
-#if [ $3="truecrypt" ] || [ $4="truecrypt" ] || [$5="truecrypt"]
-if [[ "$3" = "truecrypt" ]] || [[ "$4" = "truecrypt" ]] || [[ "$5" = "truecrypt" ]]
+if [[ "$3" = "truecrypt" ]] || [[ "$4" = "truecrypt" ]] || [[ "$5" = "truecrypt" ]] || [[ "$6" = "truecrypt" ]]
then
echo "Using Truecrypt"
ENCRYPTION=TRUECRYPT
@@ -36,6 +28,7 @@ echo Using DM-LUKS Cryptsetup
ENCRYPTION=LUKS
fi
+# user wants to use a keyfile
if [[ "$3" = "usekey" ]] || [[ "$4" = "usekey" ]] || [[ "$5" = "usekey" ]] || [[ "$6" = "usekey" ]]
then
echo "Using key"
View
4 LUKSUS.functions
@@ -19,7 +19,7 @@ LOOPBACKMETHOD()
echo Okay we are using $device ... Beginning loopbackmethod
head -c $luksfilesize /dev/zero > $luksfile
# block device housekeeping
- losetup -f
+ losetup -f 1>/dev/null 2>/dev/null
losetup $device $luksfile
elif [[ $device = *vn* ]]
then
@@ -62,7 +62,7 @@ DONTSHREDIFLOOPBACK()
ASKUSERVERIFY()
{
dialog --title "WELCOME TO $programname" \
---msgbox "\n$programname $version $date \n\n
+--msgbox "\n$programname $version $date on $UNAME\n\n
Written by \n
$author
" 10 30
View
15 LUKSUS.usage
@@ -6,16 +6,15 @@
./LUKSUS DEVICENAME NICKNAME-of-luks-container
USAGE: File container
- ./LUKSUS loopback-DEVICENAME nickname-of-lukscontainer filename filesize-in-megabytes
+ ./LUKSUS loopback-DEVICENAME nickname-of-lukscontainer filename filesize-in-mb
EXAMPLES:
- DISK DRIVES, MEMORY CARDS, USB STICK, ETC
./LUKSUS /dev/sdb1 rambo1
+ ./LUKSUS /dev/sdb1 rambo1 usekey
+ ./LUKSUS /dev/loop0 ENCRYPTEDVOLUME /encryptedvolume.encrypted 300M
+ ./LUKSUS /dev/loop0 ENCRYPTEDVOLUME /encryptedvolume.encrypted 100M usekey
+ ./LUKSUS /dev/loop0 ENCRYPTEDVOLUME /encryptedvolume.encrypted 300M truecrypt
- CREATING AN ENCRYPTED FILECONTAINER (Linux and DragonFlyBSD)
- ./LUKSUS /dev/loop0 MY-SECRET-LIBRARY /mysecretlibrary.encrypted 300M
- ./LUKSUS /dev/vn0 MY-SECRET-LIBRARY /mysecretlibrary.encrypted 300M
+ Please refer to README for a further explanation of commandline options
+ and examples.
- To enable the use of TrueCrypt instead of DM-LUKS append the option: truecrypt
- ./LUKSUS /dev/sdc1 library truecrypt
- ./LUKSUS /dev/loop0 MY-SECRET-LIBRARY /mysecretlibrary.encrypted 300M truecrypt
View
66 README
@@ -38,6 +38,7 @@
# DISCLAIMER
#
+# As with all securit measures: Use with caution.
# I, the author, take no responsibility if a black hole appears,
# and implodes your house, your town and the entire planet earth as an
# effect of using this script.
@@ -49,19 +50,53 @@
# liable for any damages, as of this disclaimer.
# Furthermore you are responsible for the content you encrypt.
# END DISCLAIMER
+
+# USAGE
+# The usage of LUKSUS can take two different forms,
+# mainly whether you are using LUKSUS on a physical device or a
+# virtual file. These two requires somewhat different commandline
+# arguments.
+# As of version 1.0, LUKSUS defaults to passphrase
+# for securing the volume. Using a keyfile is optional
+# and can be activated by using the commandline option: usekey
#
+#Command line arguments are: devicename volumename size truecrypt usekey
+# AT LEAST TWO FIRST COMMAND LINE ARGUMENTS ARE REQUIRED
+# IF CREATING A FILECONTAINER SIZE IS REQUIRED (examples: 1000M 5G)
+
+# ./LUKSUS DEVICENAME VOLUMENAME optional options
+# ./LUKSUS DEVICENAME VOLUMENAME LOCATION-OF-ENCRYTED-VOLUME-CONTAINER SIZE[M] truecrypt usekey
+
+# USAGE: Physical drive
# ./LUKSUS DEVICENAME NICKNAME-of-luks-container
-#
-# EXAMPLE:
+# ./LUKSUS DEVICENAME VOLUMENAME truecrypt
+
+# USAGE: File container
+# ./LUKSUS loopback-DEVICENAME nickname-of-lukscontainer filename filesize-in-megabytes
+
+# EXAMPLES:
+# ENCRYPT PHYSICAL MEDIA: Using password
# ./LUKSUS /dev/sdb1 rambo1
-#
-# if running remotely, for instance via ssh, it makes a lot of sense
-# to run this in screen, just append screen to the command
-#
-# EXAMPLE:
-# screen ./LUKSUS /dev/sdb1 rambo
+
+# ENCRYPT PHYSICAL MEDIA: Using keyfile
+# ./LUKSUS /dev/sdb1 rambo1 usekey
+
+# CREATING AN ENCRYPTED FILECONTAINER (LUKS on Linux and DragonFlyBSD)
+# ./LUKSUS /dev/loop0 ENCRYPTEDVOLUME /encryptedvolume.encrypted 300M
+# ./LUKSUS /dev/vn0 ENCRYPTEDVOLUME /encryptedvolume.encrypted 300M
+
+# To enable the use of TrueCrypt instead of LUKS append the option: truecrypt
+# ./LUKSUS /dev/sdc1 library truecrypt
+# ./LUKSUS /dev/loop0 ENCRYPTEDVOLUME /encryptedvolume.encrypted 300M truecrypt
-# It is also possible to create an encrypted file container
+# This last example is a corner case. This would create an encrypted
+# filecontainer using truecrypt with a passphrase as well as with a keyfile.
+# That keyfile would then work as a backdoor or an extra way into the archive, in case the password gets lost.
+# ./LUKSUS /dev/loop0 ENCRYPTEDVOLUME /encryptedvolume.encrypted 300M truecrypt usekey
+
+
+# ENCRYPTED FILECONTAINER
+# It is possible to create an encrypted file container
# The usage then changes a little as the script then needs to
# know which loopbackdevice you wish to use, where the encrypted
# filecontainer should be located, and how large it should be.
@@ -79,6 +114,9 @@
# DRAGONFLYBSD NOTES:
# There are a few things to note about running this on DragonflyBSD...
#
+# DragonFlyBSD does not ship with bash by default, so you have to install it
+# from the repositories. "pkg_radd bash" will do the trick
+#
# NO EXT4, UFS IS USED
# The scripts does the same things as under Linux, but with one major
# exception.
@@ -87,9 +125,12 @@
# loopback device, and I have not yet managed to get it to work.
# Therefore the user will get a UFS filesystem instead.
#
-# SLOW LOOPBACK BLOCK DEVICE
+# TRUECRYPT NOTES:
#
-# On Linux
+# Truecrypt defaults to using passphrase for volume security.
+# A keyfile can be added by using the commandline argument: usekey
+#
+# Applies to both on Linux and DragonflyBSD
# Truecrypt / tcplay is slow when it is creating encrypted
# filecontainers on Linux. Once the volume has been created
# speeds are nominal. This has at least been the case in my
@@ -103,9 +144,6 @@
# an encrypted filecontainer. Just have patience when creating encrypted filecontainers with
# loopback devices:)
#
-# DragonFlyBSD does not ship with bash by default, so you have to install it
-# from the repositories. "pkg_radd bash" will do the trick
-
# ON KEYFILES - ARE THEY BETTER THAN PASSWORDS?
-
(Passphrase-protected) Keyfiles are two-factor (something you have,
Please sign in to comment.
Something went wrong with that request. Please try again.