Encrypted pup_save for 2.13

Under development: PCMCIA, wireless, etc.
Post Reply
Message
Author
kirk
Posts: 1553
Joined: Fri 11 Nov 2005, 19:04
Location: florida

Encrypted pup_save for 2.13

#1 Post by kirk »

I've updated the pup_save encryption for 213. Included in the package below is a modified initrd.gz which will prompt you for a password if your pup_save file has "crypt" in the name. Only ext2 encrypted files are supported and it's been updated to fsck the file on every boot.

Also there's a script in the package to create an encrypted pup_save file with an ext2 file system.

The initrd.gz is 42k bigger and has the following additions:

cryptoloop.ko.gz
aes.ko.gz
losetup (compiled with dietlibc to replace the busybox version)


The init script has these changes:

lines 263-270:

CRYPT=$( echo $PUPSAVE | grep crypt )
if [ "$CRYPT" != "" ] ; then
CRYPTO="-e aes"
zcat /lib/modules/${KERNVER}/aes.ko.gz | insmod -
zcat /lib/modules/${KERNVER}/cryptoloop.ko.gz | insmod -
else
CRYPTO=""
fi


lines 576-618 (mostly 593-609)

#v2.13 do a f.s. check at every boot...
# e2fsck -y -f $SMNTPT$SAVEFILE // moved to line 612 for crypto
#about to mount pup_save.3fs, but before that check if need to resize it...
if [ -f $SMNTPT/pupsaveresize.txt ];then #created by /usr/sbin/resizepfile.sh
KILOBIG=`cat $SMNTPT/pupsaveresize.txt`
rm -f $SMNTPT/pupsaveresize.txt
echo -n "Increasing $SAVEFILE by $KILOBIG Kbytes, please wait..." >/dev/console
# dd if=/dev/zero bs=1k count=$KILOBIG | tee -a $SMNTPT$SAVEFILE > /dev/null
dd if=/dev/zero bs=1024 count=$KILOBIG >> $SMNTPT$SAVEFILE
sync
#v2.13 see above e2fsck -y -f $SMNTPT$SAVEFILE
resize2fs -pf $SMNTPT$SAVEFILE;check_status $? #no size, will fill all of file.
sync
sleep 6 #so we can see result. v2.11 only see result in log file.
check_status 0 #v2.11 e2fsck gives an error even though it works.
fi

if [ "$CRYPTO" != "" ] ; then
echo -e "\\033[1;31m" >/dev/console
echo "Loading encrypted pup_save_crypt" >/dev/console
echo "" >/dev/console
while true; do
echo "Password: " >/dev/console
losetup $CRYPTO /dev/loop1 $SMNTPT$SAVEFILE
e2fsck -y -f /dev/loop1
mount -t ext2 -o noatime,rw /dev/loop1 $EFSMNT
if [ "$?" = "0" ] ; then
break
else
losetup -d /dev/loop1
echo "Can't mount file, Try password again." >/dev/console
fi
done
else

losetup /dev/loop1 $SMNTPT$SAVEFILE
e2fsck -y -f /dev/loop1
echo -n "Mounting ${SAVEFILE} on ${EFSMNT}..." >/dev/console
FILEFS="ext3"
[ ! "`echo -n "$SAVEFILE" | grep "2fs"`" = "" ] && FILEFS="ext2"
mount -t $FILEFS -o noatime,rw /dev/loop1 $EFSMNT;check_status $?
fi
}



The package is here:


http://www.mediafire.com/?2m3jmtnjzwi


If you test this out please post any problems / success in this thread. If you have comments about various encryption methods or other ideas on encryption please use one of our other threads or start a new one. I'd like to keep this one short and on topic. :D Thanks!
Last edited by kirk on Tue 09 Jan 2007, 22:42, edited 1 time in total.

al3x
Posts: 2
Joined: Thu 21 Dec 2006, 12:29
Location: here and there, mostly Ukraine

many be some other mirror?

#2 Post by al3x »

Tried to download the file the other day - upload2.net gave all kinds of errors. Could you please upload it somewhere else?
Thanks a lot.

kirk
Posts: 1553
Joined: Fri 11 Nov 2005, 19:04
Location: florida

#3 Post by kirk »

Try the new link, I updated the original post. Let me know how it works!

User avatar
mdd
Posts: 29
Joined: Fri 03 Jun 2005, 00:16

Re: Encrypted pup_save for 2.13

#4 Post by mdd »

kirk wrote:I've updated the pup_save encryption for 213. Included in the package below is a modified initrd.gz which will prompt you for a password if your pup_save file has "crypt" in the name. Only ext2 encrypted files are supported and it's been updated to fsck the file on every boot.

Also there's a script in the package to create an encrypted pup_save file with an ext2 file system.

The initrd.gz is 42k bigger and has the following additions ...
How do I install/use this? I'm assuming that I can only use this for a new save file, and can't apply it to an already existing one. Is this correct? Where do I put the files, etc.

If you have time, could you put together a brief "pup_save for Dummies" on how to employ this?

Thanks.

--MDD

User avatar
mdd
Posts: 29
Joined: Fri 03 Jun 2005, 00:16

Re: Encrypted pup_save for 2.13

#5 Post by mdd »

mdd wrote:If you have time, could you put together a brief "pup_save for Dummies" on how to employ this?
Hmm. After actually looking at the package files, it looks pretty self-explanatory.

When in doubt, rtfp. ;-)

--MDD

kirk
Posts: 1553
Joined: Fri 11 Nov 2005, 19:04
Location: florida

#6 Post by kirk »

To use this you'll have to replace the initrd.gz file with the one posted here. If you're booting from the live cd You'll have to remaster it. To remaster the cd do this:

1) Copy all the files off the Puppy 2.13 CD to a folder.

2) Replace initrd.gz with the one supplied here.

3) From a terminal window do this:
sh-3.00# mkisofs -o NEWpuppy2.13.iso -b isolinux.bin -c boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table /folder-created-in-step-1/
Then you should have a new iso file called NEWpuppy2.13.iso. Then just burn it.

If you have a frugal hard drive install, then just replace the initrd.gz.

The package contains two files, the new initrd.gz and a script called pup_save encryption. The pup_save_encryption script will created a encrypted pupsave file and give you the option to copy your current pup_save file to the new encrypted one.

User avatar
mdd
Posts: 29
Joined: Fri 03 Jun 2005, 00:16

Re: Encrypted pup_save for 2.13

#7 Post by mdd »

Works great. Thanks.

--MDD

User avatar
jam
Posts: 248
Joined: Fri 14 Jul 2006, 14:17

Encryption Option in Remaster Script

#8 Post by jam »

Kirk,

Perhaps you should get in touch with Dougal to see if he can add an option to the Puppy remaster script, incorporating the file and steps you list so that it is an option in the official Puppy remaster process going forward. Just a thought.

Jam
Jam

User avatar
mdd
Posts: 29
Joined: Fri 03 Jun 2005, 00:16

Any plans to update this for 2.14/2.15 ?

#9 Post by mdd »

Any plans to update this for 2.14/2.15, or to integrate it into the default distrib files ?

--MDD

kirk
Posts: 1553
Joined: Fri 11 Nov 2005, 19:04
Location: florida

#10 Post by kirk »

Did it for 2.14. Have to wait and see for 2.15.


http://www.murga-linux.com/puppy/viewtopic.php?t=15668

Post Reply