Missing mcrypt/mdecrypt
Hi.
I just tried to create an encrypted disk image, like this -
dd if=/dev/sda bs=1M | gzip | mcrypt > /mnt/backup/blah.img.gz.nc
- but it seems mcrypt and mdecrypt are not included in the (full-size) Grml ISO. Any chance of adding those to the next release?
I'm not set on using mcrypt; if there's a better way to do this, I'd be interested in that, too. I never store unencrypted data on portable devices (ever since I almost lost one), not even automated backups.
But more generally, mcrypt/mdecrypt might come in handy in recovery situations, so it might make sense to include them anyway. Same goes for TrueCrypt, come to think of it.
* Stefan Weiss wrote [11.07.11 06:13]:
- but it seems mcrypt and mdecrypt are not included in the (full-size)
Grml ISO. Any chance of adding those to the next release?
I am not sure but according to the package description mcrypt is deprecated:
Please note that this package is buggy and unmaintained by the upstream authors. If you can, please look for other implementations (openssl, gnutls, gnupg).
Therefore i don't think it is worthwhile to ship mcrypt.
I'm not set on using mcrypt; if there's a better way to do this, I'd be interested in that, too. I never store unencrypted data on portable devices (ever since I almost lost one), not even automated backups.
Use openssl/gnupg/gnutls.
But more generally, mcrypt/mdecrypt might come in handy in recovery situations, so it might make sense to include them anyway. Same goes for TrueCrypt, come to think of it.
Truecrypt can not be shipped with Grml as it has a propertary license.
Ulrich
vOn 11.07.2011 11:03, Ulrich Dangel wrote:
Please note that this package is buggy and unmaintained by the upstream authors. If you can, please look for other implementations (openssl, gnutls, gnupg).
Good to know, thanks.
Therefore i don't think it is worthwhile to ship mcrypt.
I'm not set on using mcrypt; if there's a better way to do this, I'd be interested in that, too. I never store unencrypted data on portable devices (ever since I almost lost one), not even automated backups.
Use openssl/gnupg/gnutls.
I understand that you don't want to include deprecated packages. Unfortunately, none of the mentioned alternatives are very useful for simple symmetric stream encryption. I suppose I could set up an assymetric scheme with private and public keys, but that feels like overkill for a dd backup.
I'll think of a different way to do the backups. Encrypting the whole external disk might be an option, perhaps with TrueCrypt for portability.
But more generally, mcrypt/mdecrypt might come in handy in recovery situations, so it might make sense to include them anyway. Same goes for TrueCrypt, come to think of it.
Truecrypt can not be shipped with Grml as it has a propertary license.
I see. That's even explained in the FAQ.
I'm going to try and add TrueCrypt to my Grml USB stick myself. Up until now, I've been a purely passive Grml user... I've never changed any of the defaults, apart from --bootoptions. I guess I could just store the .deb somewhere and install it when I need it. If there's a simple way to make the installation "stick", could you point me to the relevant part of the docs?
Thanks for your reply.
* Stefan Weiss wrote [11.07.11 17:38]: Hi,
Use openssl/gnupg/gnutls.
I understand that you don't want to include deprecated packages. Unfortunately, none of the mentioned alternatives are very useful for simple symmetric stream encryption. I suppose I could set up an assymetric scheme with private and public keys, but that feels like overkill for a dd backup.
I beg to differ.
dd ... | gpg -c > /tmp/output works
Use gpg -d /tmp/output to decrypt the file.
or
dd ... | openssl aes-256-cbc -salt -out /tmp/output
Use openssl aes-256-cbc -d -in /tmp/output to decrypt the file.
I'm going to try and add TrueCrypt to my Grml USB stick myself. Up until now, I've been a purely passive Grml user... I've never changed any of the defaults, apart from --bootoptions. I guess I could just store the .deb somewhere and install it when I need it. If there's a simple way to make the installation "stick", could you point me to the relevant part of the docs?
There are multiple options, first use the persistent bootoption, see http://wiki.grml.org/doku.php?id=persistency
OTOH you can place debs in a specific folder/partition and they will be installed automatically. See http://grml.org/config/grml-autoconfig.1.html for the list of bootoptions.
Ulrich
Teilnehmer (2)
-
Stefan Weiss -
Ulrich Dangel