BestCrypt: Cross-Platform Filesystem Encryption
March 2002 was a bad month for advocates of personal cryptography tools. Network Associates officially dropped support for its PGP Desktop products, easily the most popular, mature and useful suite of end-user cryptographic tools in common use. As much as I hate to admit the superiority of any commercial product over free tools, Commercial PGP, while far from perfect, seemed to have the best chance of bringing strong cryptography to the masses. The world needs good crypto, specifically user-friendly good crypto with a time- and brainpower-saving GUI, and nobody benefits from PGP Desktop's demise, particularly in the absence of compelling alternatives.
None of which is meant to in any way impugn the admirable work of Werner Koch and the GnuPG team, on whom I've heaped heartfelt accolades in earlier Paranoid Penguin columns. In fact, let me heap some more on now: GnuPG rocks [see Paranoid Penguin in the September and October 2001 issues of LJ]. It's evolved into a stable and mature application in an astoundingly short period of time and has already taken its rightful place among other essential Linux tools that are part of nearly every mainstream distribution. Geeks love GnuPG, and you should too.
Unfortunately, in a GUI-centric world, GnuPG's various front ends need to realize much more of their potential before we can realistically hope to get nontechnical users to embrace GnuPG. And without accommodating nontechnical users in this way, we can forget about bringing strong crypto to the masses, even if it's free. GnuPG has this usability issue in common with Linux as a whole (uh-oh, here comes the hate mail).
Furthermore, GnuPG addresses only part of PGP Desktop's functionality. Whereas GnuPG does match PGP Desktop's abilities in e-mail and file encryption, among other things, it doesn't do filesystem encryption, which was one of the very best things about PGP Desktop. PGPdisk (PGP's filesystem utility) made filesystem encryption simple, fast and transparent.
About the only thing it lacked was client software for Linux, which seriously impaired PGPdisk's usefulness on dual-boot systems. As a dual-boot laptop user, I always found this frustrating; any portable system must have filesystem encryption on all OSes it boots, period. Sure, I could set up an encrypted loopback filesystem on my Linux installation, but that isn't cross-platform either. It would be much better to share a single encrypted partition between both environments than to maintain two separate “vaults”.
That brings us, albeit obliquely, to the subject of this month's column, which is actually about neither PGP nor GnuPG. It's about BestCrypt, a commercial but open-source application that allows you to share encrypted volumes between Windows and Linux systems, with all the transparency, simplicity and speed of PGPdisk.
BestCrypt is a filesystem encryption utility that allows you to create, mount and manage “containers” (encrypted volumes) on your computer that look and behave like any other mounted volume but are stored as encrypted files when not in use. This protects your sensitive data from computer thieves or anyone else who achieves unauthorized access to your system.
Because BestCrypt containers are ordinary files, they can be stored on removable media, archived, e-mailed as attachments and in general, manipulated like any other file. BestCrypt containers even can be placed on network shares and mounted by remote clients (though of course only one client may mount a given container at one time).
In addition, a BestCrypt container may be mounted by either the Linux or Windows version of BestCrypt; the same file format is used by both versions, with no loss of functionality in either direction.
BestCrypt can be downloaded from Jetico, Inc.'s web site in Finland at www.jetico.com/download.htm. It's a fast site, and BestCrypt is fairly compact—the Linux version is only 160K! The Windows versions are bigger, due no doubt to the fact that they're binary distributions, whereas the Linux version is distributed as source code. (For now I'm going to focus on the Linux version, but will talk about the Windows version shortly.)
Before you attempt to install BestCrypt, make sure that you've got the source code to your kernel installed under /usr/src/linux, where /usr/src/linux is either a symbolic link to or the actual root directory of your kernel source code. If you use a stock kernel from your distribution, simply install the corresponding kernel source package (just make sure the version is the same and that /usr/src/linux points to its root). If you've never built a kernel on your system, you then need to change your working directory to /usr/src/linux and execute these commands:
make mrproper make menuconfig # configure the source to match # your kernel make dep
You don't actually need to build the kernel (unless you want to) by then doing make bzImage modules modules_install; the point is to build your kernel source's dependencies so that BestCrypt can compile additional kernel modules that match. (The first time I built BestCrypt on my SuSE 7.1 laptop, I forgot that I'd never compiled a kernel on that system, so BestCrypt wouldn't compile. Following the above procedure and then trying again did the trick, though.)
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?
|Designing Electronics with Linux||May 22, 2013|
|Dynamic DNS—an Object Lesson in Problem Solving||May 21, 2013|
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
- Designing Electronics with Linux
- New Products
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Dynamic DNS—an Object Lesson in Problem Solving
- Using Salt Stack and Vagrant for Drupal Development
- Validate an E-Mail Address with PHP, the Right Way
- Why Python?
- Linux Systems Administrator
- Tech Tip: Really Simple HTTP Server with Python
- Build a Skype Server for Your Home Phone System
- Dynamic DNS
26 min 56 sec ago
- Reply to comment | Linux Journal
1 hour 25 min ago
- Reply to comment | Linux Journal
2 hours 15 min ago
- Not free anymore
6 hours 17 min ago
10 hours 4 min ago
- Reply to comment | Linux Journal
10 hours 12 min ago
- Understanding the Linux Kernel
12 hours 27 min ago
14 hours 57 min ago
- Kernel Problem
1 day 59 min ago
- BASH script to log IPs on public web server
1 day 5 hours ago