Arch Linux

rine

Member

From: Germany

Registered: 2008-03-04

Posts: 217

Automatically encrypt files in a directory

This isn't really arch related and I couldn't think of a better title but I'm still posting here . I'll describe the situation and what I want to do.
I'm a sysadmin for a small company. I have root access to every system. At the moment, this is not a big issue because my bosses trust me and the other people with access. But in the near future there are going to be more admins here. Most of the workstations run Windows XP, so files are stored on a server and shared via samba. The files are just protected by standard permissions and ACLs. Obviously I (and future admins) can look into the private directories of my bosses through shell access. What I'm looking for is a way to encrypt data seemlessly without my bosses and other employees having to change what they are used to (at least not much). So it would be nice to have some directories that can be mounted as shared drives on the Windows machines where files are automatically encrypted. I cannot encrypt a partition for then I could still see the data when the partition is mounted. I don't know if this is even possible (or it's super easy and I'm too stupid for google ) and I hope I explained properly what I'm trying to do.
Thanks for any advice.

JF

Member

From: France

Registered: 2009-03-27

Posts: 39

Re: Automatically encrypt files in a directory

Hi rine,

Tough I don't know much about it, XP has a built-in encryption support. AFAIK:

- it has to be enabled somehow
- it's called "cryptographic service"
- you can encrypt a folder and the (new) content of the folder will be encrypted automatically
- the session password is used as a part of the key so data get private to each user but you have to be carefull when changing a user's password
- there is also the question about access encrypted data copied from a office pc to a home pc
- to encrypt something you just have to right-clic on it
- encrypted things have another colourin explorer, don't remember which one

I just used that a couple of times so I'm a bit vague, hope this helps anyway

alun

Member

Registered: 2009-05-24

Posts: 8

Re: Automatically encrypt files in a directory

What about mounting those shared folders as truecrypt volumes? You could probably just share a regular folder that has a .tc file (truecrypt volume) in it, and then have the client computers mount that. Truecrypt runs on both linux and windows (32 and 64).

Last edited by alun (2009-06-05 09:48:38)

rine

Member

From: Germany

Registered: 2008-03-04

Posts: 217

Re: Automatically encrypt files in a directory

Hi rine,

Tough I don't know much about it, XP has a built-in encryption support. AFAIK:

- it has to be enabled somehow
- it's called "cryptographic service"
- you can encrypt a folder and the (new) content of the folder will be encrypted automatically
- the session password is used as a part of the key so data get private to each user but you have to be carefull when changing a user's password
- there is also the question about access encrypted data copied from a office pc to a home pc
- to encrypt something you just have to right-clic on it
- encrypted things have another colourin explorer, don't remember which one

I just used that a couple of times so I'm a bit vague, hope this helps anyway

I read a little about it on wikipedia. After something about signatures from Microsoft and restrictions, I closed the tab Also I hope to install linux on all the workstations in the future (waiting for just one program to be ported), so I need something OS independent. But thanks for the reply.

What about mounting those shared folders as truecrypt volumes? You could probably just share a regular folder that has a .tc file (truecrypt volume) in it, and then have the client computers mount that. Truecrypt runs on both linux and windows (32 and 64).

That was my first thought. Unfortunately it must be possible for more than one person to access the files at a time. I think I forgot to say that in my initial post.
If there really is no solution I guess I'll have to resort to gpg-keys or something. A little more effor on the user side, but well, should be possible.

Last edited by rine (2009-06-05 14:05:48)

rine

Member

From: Germany

Registered: 2008-03-04

Posts: 217

Re: Automatically encrypt files in a directory

Hi rine,

Tough I don't know much about it, XP has a built-in encryption support. AFAIK:

- it has to be enabled somehow
- it's called "cryptographic service"
- you can encrypt a folder and the (new) content of the folder will be encrypted automatically
- the session password is used as a part of the key so data get private to each user but you have to be carefull when changing a user's password
- there is also the question about access encrypted data copied from a office pc to a home pc
- to encrypt something you just have to right-clic on it
- encrypted things have another colourin explorer, don't remember which one

I just used that a couple of times so I'm a bit vague, hope this helps anyway

I read a little about it on wikipedia. After something about signatures from Microsoft and restrictions, I closed the tab Also I hope to install linux on all the workstations in the future (waiting for just one program to be ported), so I need something OS independent. But thanks for the reply.

What about mounting those shared folders as truecrypt volumes? You could probably just share a regular folder that has a .tc file (truecrypt volume) in it, and then have the client computers mount that. Truecrypt runs on both linux and windows (32 and 64).

That was my first thought. Unfortunately it must be possible for more than one person to access the files at a time. I think I forgot to say that in my initial post.
If there really is no solution I guess I'll have to resort to gpg-keys or something. A little more effort on the user side, but well, should be possible.