BestCrypt: Cross-Platform Filesystem Encryption
Once your kernel source is in place and its dependencies built, you can build and install BestCrypt. If you use an RPM-based Linux distribution, get the source RPM (as of this writing the current one is BestCrypt-1.0b-5.src.rpm) and build it with the --rebuild flag:
rpm --rebuild ./BestCrypt-1.0b-5.src.rpm
This will build a binary package of BestCrypt in either /usr/src/redhat/RPMS/i386 (on Red Hat systems) or /usr/src/packages/RPMS/i386 (on SuSE and probably others too). You can then install that package like you would any other, for example:
rpm -Uvh /usr/src/packages/RPMS/i386/ BestCrypt-1.0b-5.i386.rpmAfter BestCrypt's binaries and READMEs are in place, the RPM's post-installation script will load BestCrypt's kernel modules. You're now ready to use BestCrypt.
If you use a non-RPM-based distribution such as Debian or Slackware, download the tarball instead of the source RPM (the most current one at the time of this writing is BestCrypt-1.0b-5.tar.gz). Unpack it in /usr/src, change your working directory to /usr/src/bcrypt and do a make && make install. If your kernel source is set up correctly, BestCrypt should compile and install without errors.
The tarball's Makefile, however, isn't quite as sophisticated as the RPM installation scripts. You'll need to load BestCrypt's modules manually before using BestCrypt for the first time. The simple way to do this is with BestCrypt's startup script, e.g., /etc/init.d/bcrypt start.
In addition to BestCrypt itself, you should download the documentation tarball too. This contains a directory providing BestCrypt's documentation in the form of HTML pages (Figure 1).
Another thing you may want is BC_Panel, the BestCrypt Control Panel. This is available only in the form of a binary RPM (though it may be installable under Debian using alien). BC_Panel provides a GUI for BestCrypt that very closely resembles BestCrypt's Windows GUI.
Since the current version of BC_Panel as of this writing is 0.2-1, and since it doesn't appear to support all the features of the command-line version (or of the Windows GUI), BC_Panel appears to be a work-in-progress. Still, it's useful for some things and appears to be stable.
Creating a BestCrypt container is quick and easy. Here is a sample session:
bctool new myvault.jbc -s 150M -a twofish -d "my test vault" Enter password: Verify password:
BestCrypt has one main command-line tool, bctool. To create a new container you simply send bctool the command new followed by the container's filename, size, encryption algorithm and description. BestCrypt then prompts you for a password.
Make sure to use a strong password. Although all of BestCrypt's supported algorithms except DES use 128-bit or greater keys to encrypt containers, a container's key is itself hashed with your password. An easily guessed password means an easily decrypted container, no matter how big of a key it was encrypted with.
Make sure also to write down your password and keep it in a safe place, or choose a password you're positive you won't forget; according to Jetico, passwords are absolutely nonrecoverable, and there are no backdoors in BestCrypt for password recovery. This is very much a positive thing: while it means you will lose data irretrievably should you forget or lose your password, it also means the only way for an attacker to decrypt your container is to guess or brute-force your password.
After creating a container, you need to create a filesystem in it. This is done with bctool's format command:
bctool format -t msdos ./myvault.jbc
Use the -t flag to specify a filesystem format supported by your system. If you're going to share this container with the Windows version of BestCrypt, be sure to specify msdos (if you actually use the vfat long filename extensions, aka Windows 95 long filenames, you should still format the container as msdos, and then mount it as vfat). BestCrypt can format containers in all file formats supported by your system.
Once a BestCrypt container has been created and formatted, it can be mounted. The command syntax to do so is very similar to that of the familiar mount command:
bctool mount -t vfat ./myvault.jbc ./mnt/kraunj00lz
From this point on (until you dismount the volume) the volume may be accessed like any other directory. By default, the volume's user and group will be set to those of the user who mounted it, with permissions set to 0700 (drwx------). In other words, other (non-root) users won't be able to access your volume unless you intentionally mount it with different ownership or permissions. You can specify a different user, group and permission mode at mount time with bctool's -o, -g and -m flags, respectively. See the bctool(8) man page for details and examples.
When you're done using the BestCrypt container, you can unmount it like this:
bctool umount ./mnt/kraunj00lz
While a BestCrypt container is unmounted, it can be backed up, copied and otherwise treated like any other file. While it's mounted, though, it can't be changed or manipulated (except by bctool).
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
|Secure Desktops with Qubes: Introduction||May 27, 2016|
|Chris Birchall's Re-Engineering Legacy Software (Manning Publications)||May 26, 2016|
|ServersCheck's Thermal Imaging Camera Sensor||May 25, 2016|
|Petros Koutoupis' RapidDisk||May 24, 2016|
|The Italian Army Switches to LibreOffice||May 23, 2016|
|PeaZip||May 20, 2016|
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Secure Desktops with Qubes: Introduction
- Chris Birchall's Re-Engineering Legacy Software (Manning Publications)
- The Italian Army Switches to LibreOffice
- Linux Mint 18
- Petros Koutoupis' RapidDisk
- ServersCheck's Thermal Imaging Camera Sensor
- Oracle vs. Google: Round 2
- The FBI and the Mozilla Foundation Lock Horns over Known Security Hole
Until recently, IBM’s Power Platform was looked upon as being the system that hosted IBM’s flavor of UNIX and proprietary operating system called IBM i. These servers often are found in medium-size businesses running ERP, CRM and financials for on-premise customers. By enabling the Power platform to run the Linux OS, IBM now has positioned Power to be the platform of choice for those already running Linux that are facing scalability issues, especially customers looking at analytics, big data or cloud computing.
￼Running Linux on IBM’s Power hardware offers some obvious benefits, including improved processing speed and memory bandwidth, inherent security, and simpler deployment and management. But if you look beyond the impressive architecture, you’ll also find an open ecosystem that has given rise to a strong, innovative community, as well as an inventory of system and network management applications that really help leverage the benefits offered by running Linux on Power.Get the Guide