G+_Ben Yanke Posted August 27, 2016 Share Posted August 27, 2016 I want to carry around a core suite of applications and ssh keys on a flashdrive at school, but there's no way I'm leaving keys on an unencrypted drive. I have a pretty firm grasp of the concepts and even the math of crypt (I've even taken classes that covered it), but outside of TLS, I haven't used it "in the real world." Anyone know of a good solution that can encrypt/decrypt a folder on a drive that runs on both windows and linux? Link to comment Share on other sites More sharing options...
G+_Steve Labbe Posted August 27, 2016 Share Posted August 27, 2016 I personally use ironkey. It is very expensive, but the security is amazing. Link to comment Share on other sites More sharing options...
G+_Ben Reese Posted August 27, 2016 Share Posted August 27, 2016 KeePass is the only thing that comes to mind, but it doesn't do file encryption outside it's own database. I think it should be able to hold your SSH keys though. Link to comment Share on other sites More sharing options...
G+_Eddie Foy Posted August 27, 2016 Share Posted August 27, 2016 True Crypt (an I guess now versacrypt) will encrypt a folder. Well make a volume on the drive. (Consider it a container) Once mounted works like a folder. You can put the TC/VC on the drive as a portable app, with the apps then have the encrypted there too. Link to comment Share on other sites More sharing options...
G+_David Wiggins Posted August 27, 2016 Share Posted August 27, 2016 Not only that, ssh private keys can be password protected. For instance, PuTTYgen can generate a key pair, and saving the private will let you set a password. When authenticating, you have to enter the password to use the private key. That adds a little more security to the setup. Link to comment Share on other sites More sharing options...
G+_Ben Yanke Posted August 28, 2016 Author Share Posted August 28, 2016 While the SSH keys are one part, I really need an entire folder password protected as I'd have other things like VPN certificates and RDP files. Link to comment Share on other sites More sharing options...
G+_Ben Yanke Posted August 28, 2016 Author Share Posted August 28, 2016 But thank you to those who had ideas! I'll be digging more into these... Link to comment Share on other sites More sharing options...
G+_Ben Reese Posted August 28, 2016 Share Posted August 28, 2016 Not sure what options there really are. Best thing I can think of is a password-protected zip file. And it could really have the compression set low for faster access. Pretty sure 7-Zip will do AES256 - I know it will with a 7z archive. Beyond that, perhaps there's something you could to with Python to encrypt each file individually? I'm not sure without trying it... Link to comment Share on other sites More sharing options...
G+_Eddie Foy Posted August 28, 2016 Share Posted August 28, 2016 Don't like the zip file idea. You are unzipping, then deleting. Leaving bread crumbs behind. Doing a secure delete will wear the flash down prematurely. Not encrypted, but interestingly obfuscated: format NTFS and use alternate streams. Link to comment Share on other sites More sharing options...
G+_Ben Reese Posted August 28, 2016 Share Posted August 28, 2016 Eddie Foy unless the encryption is built into the OS or the application, the decrypted files will have to be copied somewhere to be used. This doesn't matter if you're extracting a single file from a zip or handling encryption with 3rd party tools. I suppose you could carry one large thumbdrive with all the good stuff then a few smaller and decrypt to those. The smaller drives could be fully erased periodically. Security is hard. Perfect security is nearly impossible. Link to comment Share on other sites More sharing options...
G+_Eddie Foy Posted August 28, 2016 Share Posted August 28, 2016 Not really. If the folder is mounted, its not writing to disk, its reading whats already there. With a zip, you need to extract it somewhere. Link to comment Share on other sites More sharing options...
G+_Jason Marsh Posted August 28, 2016 Share Posted August 28, 2016 +1 for truecrypt. I used it for encrypting my EDC usb key. I would still use TrueCrypt today. Perhaps if you're really paranoid just store the keys/creds in your favorite password manager inside the truecrypt volume. Cryptcession! Link to comment Share on other sites More sharing options...
Recommended Posts