scp encrypt disk file

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Can scp encrypt/decrypt a file on disk like the 'crypt' command?
We have a requirement to store sensitive data encypted on disk
and we're using OpenSSH.

If not, we can try a Perl library.

Re: scp encrypt disk file

Quoted text here. Click to load it

'crypt' is one-way (if you mean the C routine).  You cannot decrypt it.
I've had success encrypting a file with ... well, I can't find it
(obviously I don't use it now), but I'm pretty sure it was implemented as
a kernel module, probably one in which you had to patch the kernel source.
As I recall, it did not get along with another patch I had to use (support
for UDMA on a previous motherboard), so I stopped using it.

Quoted text here. Click to load it

What I did with that was, create a file via "dd if=/dev/zero of=bigfile bs=1k
count=however_big_you_want", partway mount it with "losetup -e
encryption_method /dev/loop0 bigfile", mkfs /dev/loop0 , "mount /dev/loop0
mount_dir".  You can mount it thereafter with "mount bigfile mount_dir -o
loop,encryption=encryption_method", or you can enter appropriate options in
/etc/fstab .  The disk image is stored encrypted, and you can use normal
tools for reads and writes.

-eben    ebQenW1@EtaRmpTabYayU.rIr.OcoPm

          Q: What kind of modem did Jimi Hendrix use?
          A: A purple Hayes.

Re: scp encrypt disk file wrote:

Quoted text here. Click to load it

Not really. Welcome to PGP/GPG, which I think would be far more useful
to you.

Also, the UNIX-style "crypt" is a one-way encryption function. You can
compare two strings and see if they both encrypt to the same result,
which is how it's normally used, but there is no decrypt function.

Re: scp encrypt disk file

Quoted text here. Click to load it

No, you're thinking of crypt(3). crypt(1), which exists on some
systems, is completely different - a command-line utility to
symmetrically encrypt (or decrypt) a file given a passphrase.

Stupid to give them the same name, of course, but there we are...
Simon Tatham         "infinite loop _see_ loop, infinite"

Site Timeline