You are here

Portable Secure Container

12 posts / 0 new
Last post
rbotte
Offline
Last seen: 16 years 1 day ago
Joined: 2009-04-16 18:38
Portable Secure Container

After some research in the forums and in the rest of the internet. I couldn't find any specific information about this topic. So I'm trying to get some help from the community's know-how.

The point is:
I'm trying to develop a portable application to, lets say ,store information in a secure way in the pen drive, To be more simple to understand i will describe it using images as the information example.

The main goal is to have a secure container inside the portable storage like a fort and the only door in is the application. So if i want to store, view, delete, etc any image the only way is by the application GUI, and all the images will be stored inside that container in a way (encryption maybe) that only the application itself can access it.

It seems like a nice project, i know a can encrypt the whole drive or a folder but the only way to access its decrypting it.. And the objective here is to have a GUI to access specific information without compromising the other.

Any help or any similar project you might know please report it here, who knows maybe some of you will actually give an use to an application of this kind.

Thank You All
Rui Botte

rab040ma
Offline
Last seen: 10 months 1 week ago
Joined: 2007-08-27 13:35
Two programs that can encrypt

Two programs that can encrypt reasonably well are Toucan and 7-Zip. I assume you've looked at them. OpenOffice.org can make encrypted documents, I believe. You're right that the encrypted files need to be decrypted before use, which leads to questions like: how do I remember to re-encrypt when I'm done or how do I make sure temporary files cannot be recovered.

It sounds like you are suggesting a program that acts as both encrypt/decrypt engine and viewer/editor. (Locknote may be an example of the kind of thing you are talking about.) That might be okay for one or two kinds of files (e.g. a viewer to look at JPG pictures) but it starts to get complicated if you want to edit a text file or make a spreadsheet or view a presentation or edit a video as well.

MC

rbotte
Offline
Last seen: 16 years 1 day ago
Joined: 2009-04-16 18:38
Thanks

Yes i've looked all of that first ones. going to give a look at locknote And you are right i want something like on the fly de/encrypption because of not leaving all my images (let's use the example i gave) unprotected while i only need to view one.

The viewer and editor is not the problem because its from my own developing (clarifying that what i need to view is more than simple images).

The thing is more like a application or source code "in-the-middle" that when i open or save some of that files in my application it becomes auto-encrypted or de-encrypted. Making the program interface the only way to acess information.

Leading to the main question is there anyway to make it? any open-source material that can be used as a base code or not?
I don't have the correct know-how to answer it so i ask you all experts!

Thanks for your reply!

ottosykora
Offline
Last seen: 1 day 23 hours ago
Joined: 2007-10-11 17:48
if you need something simple

>The thing is more like a application or source code "in-the-middle" that when i open or save some of that files in my application it becomes auto-encrypted or de-encrypted. Making the program interface the only way to acess information.

Otto Sykora
Basel, Switzerland

ZachHudock
ZachHudock's picture
Offline
Last seen: 2 years 4 months ago
Developer
Joined: 2006-12-06 18:07
Sounds like you are

Sounds like you are describing something similar to FreeOTFE and their new Explorer version.

The developer formerly known as ZGitRDun8705

rbotte
Offline
Last seen: 16 years 1 day ago
Joined: 2009-04-16 18:38
Thanks

I've been taking a look at FreeOTFE, didn't know that Explorer version, seems like something similar to a ms explorer encrypted in a box, you can browse everything like a normal explorer after decryption. But like i said in the reply to the above post, i want my application to do that job, list, access and edit information.

What i need is something that certifies me that after i close my application all the data is protected and after opening it and entering the password the interface can interact freely with the protected data.

The best analogy is that one i gave, the fort (container), whats inside the walls is only accessible by the gate (the application) opening and closing it.

The fort can be something like an encrypted folder that contains information only accessible by the application outside it.

Thanks for the link and the reply!

rab040ma
Offline
Last seen: 10 months 1 week ago
Joined: 2007-08-27 13:35
Avoid the obscurity trick

Truecrypt (or a OFTE container) is the closest I can think of to what you are talking about. As you probably know, it needs Admin privileges to install a driver (at least the first time it is used) so its filesystem appears mounted at a normal drive letter. But it keeps things encrypted the way you describe.

I've seen a viewer that decrypts on the fly, and only to memory, so the original files are not decrypted (unless you ask for that). I think what you describe is doable, given enough RAM (you'd need to lock RAM so it doesn't get swapped to disk while unencrypted).

A Truecrypt or OFTE container (without the system driver) might be a well-enough known format for you. It would conceal its contents to anyone who didn't have the passphrase. while allowing your gateway program to read its directory, find the files, and present them.

I wouldn't put too high a value on the "only through the gate" criteria. I'd rather have a thoroughly studied encryption algorithm (e.g. AES), and rely on the passphrase. While you could then use the passphrase in any program that handles AES, your official gateway program would be more convenient and thus the way you would access your data. But you'd want to be able to use standard tools to confirm that the encryption really is AES (or whatever), in order to have confidence in it. I think that would be much preferable to doing some "trick" to make the gateway the only access point, and risking making a silly mistake that would give a hacker access, or making it rely on a secret process that might turn out to be not so secret to a cryptologist with decent tools.

(In addition to locking RAM so it doesn't get swapped out, you'd want to protect against other malware, such as keyloggers watching to capture your passphrase, or system level drivers capable of injecting themselves into your gateway program to intercept, monitor, or copy the data you are using.)

MC

ottosykora
Offline
Last seen: 1 day 23 hours ago
Joined: 2007-10-11 17:48
hardware encryption?

as rab040ma did tell you, there are products for that eg treucrypt or others, some are free other cost something, lot of such things around.

But one thing you should consider: all the software solutions as you are also describing are bound to be tricky. To be really useful one needs admin rights on the host machine and so it is not considered portable. There exist a viewer to some of the utils, it used to exist even for the truecrypt, but I think only for version 4 or so, not later.

Real alternative is hardware encryption. If it done properly, then there can be very universal ways to enter the passphraze to the controller of the usb stick, and here then the whole encryption/decryption takes place(Not on the computer!)
Such devices are Ironkey, or Kingstone has also some. Not cheap, but it seems to be the only realistic solution.
If the hardware encryption is done not properly as on one of my sticks, then one needs also admin rights to send the passphraze to the sticks controller making the whole quite useless.
But I agree, to have something like a password to be transfered under current operating systems to an external hardware is very difficult task, since such communication is strictly disabled under any of the currently used operating systems.

Otto Sykora
Basel, Switzerland

paulbodine
paulbodine's picture
Offline
Last seen: 12 years 5 months ago
Joined: 2012-11-28 19:44
Multiple days to encrypt a thumbdrive

If it helps,

I wanted to take my 40G of files with me as a reference on consulting gigs. Since the files contain valuable IP, I wanted to protect the files should the thumbdrive be lost or stolen.

Bought a Lexar 64G thumbdrive (USB3.0), changed the filsystem to NTFS (so it would handle a folder larger than 4G), downloaded FreeOTFE Explorer 3.51 onto my 64-bit Windows 7 PC (USB2.0), created a 50G file on the thumbdrive, and attempted to copy the 40G folder with the files onto the drive.

It ran and ran. Two days later I stopped the transfer. Less than half had been copied. I felt if it took this long to copy things on and off the drive, it just wasn't going to work. (In addition, I plugged the thumbdrive into another PC and it required me to load FreeOTFE Explorer onto that PC before it would open the folder. I don't think I will be able to load FreeOTFE Explorer onto the PC at work, since I don't have administrator rights.)

When I deleted the folder from the thumbdrive, it took another two days to complete this task.

Obviously I'm going down the wrong path...

Ed_P
Offline
Last seen: 6 years 6 months ago
Joined: 2007-02-19 09:09
IronKey

Software encryption requires a fast pc. USB software versions require standalone execution be on the USB device.

An IronKey device may be a better fit for you.

http://www.pcmag.com/article2/0,2817,2304777,00.asp

Ed

ottosykora
Offline
Last seen: 1 day 23 hours ago
Joined: 2007-10-11 17:48
try smaller

to where something went wrong, try smaller container first.

It is also possible to create number of smaller containers if the software does not handle the size properly.

Remember: the container is simply one single big file and when new data (new file) is added to it, it has to be recreated kind of, the encryption and checksums done etc. However once done it should work without big problems.

The OTFE Explorer can also be placed on the usb device and run from there, it doe not need to be on the local computer.
The explorer will allow you to pick and copy single files out of the container, it will not allow you to mount the container as virtual drive however.

Otto Sykora
Basel, Switzerland

KevinM
Offline
Last seen: 16 hours 35 min ago
Joined: 2010-09-03 09:36
copying slow too?

Is it multiple days of encrypting, or multiple days of file copying?

If you're copying 40 GB of small files, I expect you'd see the same performance problems writing the files directly to the thumb drive without any encryption. Many thumb drives have appalling small file write performance.

Log in or register to post comments