Discussion:
[Grml] Missing mcrypt/mdecrypt
Stefan Weiss
2011-07-11 04:13:07 UTC
Permalink
Hi.

I just tried to create an encrypted disk image, like this -

dd if=/dev/sda bs=1M | gzip | mcrypt > /mnt/backup/blah.img.gz.nc

- but it seems mcrypt and mdecrypt are not included in the (full-size)
Grml ISO. Any chance of adding those to the next release?

I'm not set on using mcrypt; if there's a better way to do this, I'd be
interested in that, too. I never store unencrypted data on portable
devices (ever since I almost lost one), not even automated backups.

But more generally, mcrypt/mdecrypt might come in handy in recovery
situations, so it might make sense to include them anyway. Same goes for
TrueCrypt, come to think of it.
--
stefan
Ulrich Dangel
2011-07-11 09:03:04 UTC
Permalink
Post by Stefan Weiss
- but it seems mcrypt and mdecrypt are not included in the (full-size)
Grml ISO. Any chance of adding those to the next release?
I am not sure but according to the package description mcrypt is
deprecated:

Please note that this package is buggy and unmaintained by
the upstream authors. If you can, please look for other
implementations (openssl, gnutls, gnupg).

Therefore i don't think it is worthwhile to ship mcrypt.
Post by Stefan Weiss
I'm not set on using mcrypt; if there's a better way to do this, I'd be
interested in that, too. I never store unencrypted data on portable
devices (ever since I almost lost one), not even automated backups.
Use openssl/gnupg/gnutls.
Post by Stefan Weiss
But more generally, mcrypt/mdecrypt might come in handy in recovery
situations, so it might make sense to include them anyway. Same goes for
TrueCrypt, come to think of it.
Truecrypt can not be shipped with Grml as it has a propertary license.

Ulrich
--
twitter: @mr_ud | identica: @mru
IRCNet: mru | freenode: mrud
Stefan Weiss
2011-07-11 15:38:55 UTC
Permalink
Post by Ulrich Dangel
Please note that this package is buggy and unmaintained by
the upstream authors. If you can, please look for other
implementations (openssl, gnutls, gnupg).
Good to know, thanks.
Post by Ulrich Dangel
Therefore i don't think it is worthwhile to ship mcrypt.
Post by Stefan Weiss
I'm not set on using mcrypt; if there's a better way to do this, I'd be
interested in that, too. I never store unencrypted data on portable
devices (ever since I almost lost one), not even automated backups.
Use openssl/gnupg/gnutls.
I understand that you don't want to include deprecated packages.
Unfortunately, none of the mentioned alternatives are very useful for
simple symmetric stream encryption. I suppose I could set up an
assymetric scheme with private and public keys, but that feels like
overkill for a dd backup.

I'll think of a different way to do the backups. Encrypting the whole
external disk might be an option, perhaps with TrueCrypt for portability.
Post by Ulrich Dangel
Post by Stefan Weiss
But more generally, mcrypt/mdecrypt might come in handy in recovery
situations, so it might make sense to include them anyway. Same goes for
TrueCrypt, come to think of it.
Truecrypt can not be shipped with Grml as it has a propertary license.
I see. That's even explained in the FAQ.

I'm going to try and add TrueCrypt to my Grml USB stick myself. Up until
now, I've been a purely passive Grml user... I've never changed any of
the defaults, apart from --bootoptions. I guess I could just store the
.deb somewhere and install it when I need it. If there's a simple way to
make the installation "stick", could you point me to the relevant part
of the docs?

Thanks for your reply.
--
stefan
Ulrich Dangel
2011-07-11 15:52:09 UTC
Permalink
* Stefan Weiss wrote [11.07.11 17:38]:
Hi,
Post by Stefan Weiss
Post by Ulrich Dangel
Use openssl/gnupg/gnutls.
I understand that you don't want to include deprecated packages.
Unfortunately, none of the mentioned alternatives are very useful for
simple symmetric stream encryption. I suppose I could set up an
assymetric scheme with private and public keys, but that feels like
overkill for a dd backup.
I beg to differ.

dd ... | gpg -c > /tmp/output works

Use gpg -d /tmp/output to decrypt the file.

or

dd ... | openssl aes-256-cbc -salt -out /tmp/output

Use openssl aes-256-cbc -d -in /tmp/output to decrypt the file.
Post by Stefan Weiss
I'm going to try and add TrueCrypt to my Grml USB stick myself. Up until
now, I've been a purely passive Grml user... I've never changed any of
the defaults, apart from --bootoptions. I guess I could just store the
.deb somewhere and install it when I need it. If there's a simple way to
make the installation "stick", could you point me to the relevant part
of the docs?
There are multiple options, first use the persistent bootoption, see
http://wiki.grml.org/doku.php?id=persistency

OTOH you can place debs in a specific folder/partition and they will be
installed automatically. See
http://grml.org/config/grml-autoconfig.1.html for the list of
bootoptions.

Ulrich
--
twitter: @mr_ud | identica: @mru
IRCNet: mru | freenode: mrud
Ulrich Dangel
2011-07-11 15:52:09 UTC
Permalink
* Stefan Weiss wrote [11.07.11 17:38]:
Hi,
Post by Stefan Weiss
Post by Ulrich Dangel
Use openssl/gnupg/gnutls.
I understand that you don't want to include deprecated packages.
Unfortunately, none of the mentioned alternatives are very useful for
simple symmetric stream encryption. I suppose I could set up an
assymetric scheme with private and public keys, but that feels like
overkill for a dd backup.
I beg to differ.

dd ... | gpg -c > /tmp/output works

Use gpg -d /tmp/output to decrypt the file.

or

dd ... | openssl aes-256-cbc -salt -out /tmp/output

Use openssl aes-256-cbc -d -in /tmp/output to decrypt the file.
Post by Stefan Weiss
I'm going to try and add TrueCrypt to my Grml USB stick myself. Up until
now, I've been a purely passive Grml user... I've never changed any of
the defaults, apart from --bootoptions. I guess I could just store the
.deb somewhere and install it when I need it. If there's a simple way to
make the installation "stick", could you point me to the relevant part
of the docs?
There are multiple options, first use the persistent bootoption, see
http://wiki.grml.org/doku.php?id=persistency

OTOH you can place debs in a specific folder/partition and they will be
installed automatically. See
http://grml.org/config/grml-autoconfig.1.html for the list of
bootoptions.

Ulrich
--
twitter: @mr_ud | identica: @mru
IRCNet: mru | freenode: mrud
Ulrich Dangel
2011-07-11 15:52:09 UTC
Permalink
* Stefan Weiss wrote [11.07.11 17:38]:
Hi,
Post by Stefan Weiss
Post by Ulrich Dangel
Use openssl/gnupg/gnutls.
I understand that you don't want to include deprecated packages.
Unfortunately, none of the mentioned alternatives are very useful for
simple symmetric stream encryption. I suppose I could set up an
assymetric scheme with private and public keys, but that feels like
overkill for a dd backup.
I beg to differ.

dd ... | gpg -c > /tmp/output works

Use gpg -d /tmp/output to decrypt the file.

or

dd ... | openssl aes-256-cbc -salt -out /tmp/output

Use openssl aes-256-cbc -d -in /tmp/output to decrypt the file.
Post by Stefan Weiss
I'm going to try and add TrueCrypt to my Grml USB stick myself. Up until
now, I've been a purely passive Grml user... I've never changed any of
the defaults, apart from --bootoptions. I guess I could just store the
.deb somewhere and install it when I need it. If there's a simple way to
make the installation "stick", could you point me to the relevant part
of the docs?
There are multiple options, first use the persistent bootoption, see
http://wiki.grml.org/doku.php?id=persistency

OTOH you can place debs in a specific folder/partition and they will be
installed automatically. See
http://grml.org/config/grml-autoconfig.1.html for the list of
bootoptions.

Ulrich
--
twitter: @mr_ud | identica: @mru
IRCNet: mru | freenode: mrud
Stefan Weiss
2011-07-11 15:38:55 UTC
Permalink
Post by Ulrich Dangel
Please note that this package is buggy and unmaintained by
the upstream authors. If you can, please look for other
implementations (openssl, gnutls, gnupg).
Good to know, thanks.
Post by Ulrich Dangel
Therefore i don't think it is worthwhile to ship mcrypt.
Post by Stefan Weiss
I'm not set on using mcrypt; if there's a better way to do this, I'd be
interested in that, too. I never store unencrypted data on portable
devices (ever since I almost lost one), not even automated backups.
Use openssl/gnupg/gnutls.
I understand that you don't want to include deprecated packages.
Unfortunately, none of the mentioned alternatives are very useful for
simple symmetric stream encryption. I suppose I could set up an
assymetric scheme with private and public keys, but that feels like
overkill for a dd backup.

I'll think of a different way to do the backups. Encrypting the whole
external disk might be an option, perhaps with TrueCrypt for portability.
Post by Ulrich Dangel
Post by Stefan Weiss
But more generally, mcrypt/mdecrypt might come in handy in recovery
situations, so it might make sense to include them anyway. Same goes for
TrueCrypt, come to think of it.
Truecrypt can not be shipped with Grml as it has a propertary license.
I see. That's even explained in the FAQ.

I'm going to try and add TrueCrypt to my Grml USB stick myself. Up until
now, I've been a purely passive Grml user... I've never changed any of
the defaults, apart from --bootoptions. I guess I could just store the
.deb somewhere and install it when I need it. If there's a simple way to
make the installation "stick", could you point me to the relevant part
of the docs?

Thanks for your reply.
--
stefan
Stefan Weiss
2011-07-11 15:38:55 UTC
Permalink
Post by Ulrich Dangel
Please note that this package is buggy and unmaintained by
the upstream authors. If you can, please look for other
implementations (openssl, gnutls, gnupg).
Good to know, thanks.
Post by Ulrich Dangel
Therefore i don't think it is worthwhile to ship mcrypt.
Post by Stefan Weiss
I'm not set on using mcrypt; if there's a better way to do this, I'd be
interested in that, too. I never store unencrypted data on portable
devices (ever since I almost lost one), not even automated backups.
Use openssl/gnupg/gnutls.
I understand that you don't want to include deprecated packages.
Unfortunately, none of the mentioned alternatives are very useful for
simple symmetric stream encryption. I suppose I could set up an
assymetric scheme with private and public keys, but that feels like
overkill for a dd backup.

I'll think of a different way to do the backups. Encrypting the whole
external disk might be an option, perhaps with TrueCrypt for portability.
Post by Ulrich Dangel
Post by Stefan Weiss
But more generally, mcrypt/mdecrypt might come in handy in recovery
situations, so it might make sense to include them anyway. Same goes for
TrueCrypt, come to think of it.
Truecrypt can not be shipped with Grml as it has a propertary license.
I see. That's even explained in the FAQ.

I'm going to try and add TrueCrypt to my Grml USB stick myself. Up until
now, I've been a purely passive Grml user... I've never changed any of
the defaults, apart from --bootoptions. I guess I could just store the
.deb somewhere and install it when I need it. If there's a simple way to
make the installation "stick", could you point me to the relevant part
of the docs?

Thanks for your reply.
--
stefan
Stefan Weiss
2011-07-11 04:13:07 UTC
Permalink
Hi.

I just tried to create an encrypted disk image, like this -

dd if=/dev/sda bs=1M | gzip | mcrypt > /mnt/backup/blah.img.gz.nc

- but it seems mcrypt and mdecrypt are not included in the (full-size)
Grml ISO. Any chance of adding those to the next release?

I'm not set on using mcrypt; if there's a better way to do this, I'd be
interested in that, too. I never store unencrypted data on portable
devices (ever since I almost lost one), not even automated backups.

But more generally, mcrypt/mdecrypt might come in handy in recovery
situations, so it might make sense to include them anyway. Same goes for
TrueCrypt, come to think of it.
--
stefan
Ulrich Dangel
2011-07-11 09:03:04 UTC
Permalink
Post by Stefan Weiss
- but it seems mcrypt and mdecrypt are not included in the (full-size)
Grml ISO. Any chance of adding those to the next release?
I am not sure but according to the package description mcrypt is
deprecated:

Please note that this package is buggy and unmaintained by
the upstream authors. If you can, please look for other
implementations (openssl, gnutls, gnupg).

Therefore i don't think it is worthwhile to ship mcrypt.
Post by Stefan Weiss
I'm not set on using mcrypt; if there's a better way to do this, I'd be
interested in that, too. I never store unencrypted data on portable
devices (ever since I almost lost one), not even automated backups.
Use openssl/gnupg/gnutls.
Post by Stefan Weiss
But more generally, mcrypt/mdecrypt might come in handy in recovery
situations, so it might make sense to include them anyway. Same goes for
TrueCrypt, come to think of it.
Truecrypt can not be shipped with Grml as it has a propertary license.

Ulrich
--
twitter: @mr_ud | identica: @mru
IRCNet: mru | freenode: mrud
Stefan Weiss
2011-07-11 04:13:07 UTC
Permalink
Hi.

I just tried to create an encrypted disk image, like this -

dd if=/dev/sda bs=1M | gzip | mcrypt > /mnt/backup/blah.img.gz.nc

- but it seems mcrypt and mdecrypt are not included in the (full-size)
Grml ISO. Any chance of adding those to the next release?

I'm not set on using mcrypt; if there's a better way to do this, I'd be
interested in that, too. I never store unencrypted data on portable
devices (ever since I almost lost one), not even automated backups.

But more generally, mcrypt/mdecrypt might come in handy in recovery
situations, so it might make sense to include them anyway. Same goes for
TrueCrypt, come to think of it.
--
stefan
Ulrich Dangel
2011-07-11 09:03:04 UTC
Permalink
Post by Stefan Weiss
- but it seems mcrypt and mdecrypt are not included in the (full-size)
Grml ISO. Any chance of adding those to the next release?
I am not sure but according to the package description mcrypt is
deprecated:

Please note that this package is buggy and unmaintained by
the upstream authors. If you can, please look for other
implementations (openssl, gnutls, gnupg).

Therefore i don't think it is worthwhile to ship mcrypt.
Post by Stefan Weiss
I'm not set on using mcrypt; if there's a better way to do this, I'd be
interested in that, too. I never store unencrypted data on portable
devices (ever since I almost lost one), not even automated backups.
Use openssl/gnupg/gnutls.
Post by Stefan Weiss
But more generally, mcrypt/mdecrypt might come in handy in recovery
situations, so it might make sense to include them anyway. Same goes for
TrueCrypt, come to think of it.
Truecrypt can not be shipped with Grml as it has a propertary license.

Ulrich
--
twitter: @mr_ud | identica: @mru
IRCNet: mru | freenode: mrud
Loading...