by R.I. Pienaar | May 27, 2005 | Usefull Things
I recently got a LaCie 250Gb external drive to do some off-site backups of my data. I am a bit worried about security though since it is so easy to get these USB devices talking to just about anything.
I read up about disk encryption software commonly called On The Fly Encryption – OTFE for short. I use XP and OS X as my desktop Operating Systems but I think I’ll stick this drive mostly into my XP machines for now so I am focussing on software for that at the moment.
The amount of data I need to encrypt is probably much less than 5Gb, it is just things like mail, configuration files, a few database dumps and so forth, the rest could go in the plain onto the disk. However some of these tools allow encryption of full devices so that would be an ideal. I would for example not be too happy if my raw files of my photos gets stolen, this is the main chunk of data I need to arrange off-site backup for.
There are a number of free and commercial options, I tried a few in each catagory:
| Product Name |
Cost |
Comments |
| FileDisk |
Free (GPL) |
Command line only, though the FreeOTFE author wrote a GUI front end for it. It seems to be unmaintained though and certainly was the reason for quite a few hard resets of my box today. |
| FreeOTFE |
Free (GPL) |
Early days in developement but looks promising. I had it stop responding a couple of times when copying large files onto it. Lacks good progress indicators for things, so you think its crashed when its just taking its time. A big plus of this product though is that it has the ability to make Linux compatible crypted disks, this could be a big selling point. |
| TrueCrypt |
Open Source (Own License) |
Works flawlessly so far. I particularly like the nice progress bars on creating and formating of the data files. |
| CryptoExpert Lite |
Free but restricted |
Has maximum file size limitation so did not try it. |
| Softwinter Sentry |
$49.95 |
This product also worked flawlessly, not as nice progress bars but it works. |
From the above table it should be clear that amongst the products I tried TrueCrypt and Sentry are the winners, I’d consider buying Sentry if I needed very long term storage and need the kind of backing that a company tends to give, backwards compatibility and so forth.
My usage however as a off-site backup system means I will be overwriting the last backups – or perhaps rotate them for 2 or 3 months – so I most certainly do not need long term archival.
TrueCrypt can also encrypt a full partition so I also tested that and I must say it works great. The initial format over the USB2 of 200Gig would take about 5 hours – so I did a quick format for testing but this is not suggested for actual use. This works great so I will put all my data on the crypted partition and leave a 32Gig FAT32 on the drive to store the TrueCrypt software on etc. You do not need to install anything on the windows machine to run TrueCrypt so can even be run off a memory stick.
My choice therefore is TrueCrypt, kudo’s to them for a very professional looking product with a good UI and great documentation to go with it.
While researching this I came across this site that has a whole lot of useful encryption related information.
by R.I. Pienaar | May 25, 2005 | Code
I did some more testing with the code I posted yesterday and found it isn’t 100% compatible with some unzip programs. Works with unix unzip, Mac OS X default tool, WinZip, WinRAR but annoyingly not with the default XP zip folder thing.
The problem seem to be 4 rogue bytes that gets inserted somewhere. So back to Google, eventually I found a much better library at PHP Concept Library Zip. It works more or less the same, except you must pass it files to add instead of just data in variables, either works for me.
Some sample code:
require ("incl/pclzip.lib.php");
$zipfile = new PclZip('zipfile.zip');
$v_list = $zipfile->create('incl/pclzip.lib.php');
if ($v_list == 0) {
die ("Error: " . $zipfile->errorInfo(true));
}
header("Content-type: application/octet-stream");
header("Content-disposition: attachment; filename=zipfile.zip");
readfile("zipfile.zip");
This one works with every unzip tool I’ve tried, Windows, OS X, command line unzip etc. It also has decent error reporting etc.
by R.I. Pienaar | May 24, 2005 | Code
UPDATE: You are better off using the library mentioned in this post.
As part of my previously mentioned OpenVPN CA I want to deliver keys, certs and config files to users in a single zip file that they can just extract onto their computers. PHP’s own ZIP File Functions only supports reading zip files and not making them.
Some Googling discovered an article by John Coggeshall that can create zip files. It does this by creating the binary data on the fly and can output the zip files directly to the browser from memory or by writing it to disk.
I had some troubles getting hold of a usable version of this code since all these PHP code collection sites have this annoying habit of only showing the syntax highlighted versions of the code rather than give a download link. Eventually got one though and I figured I’ll host a mirror of it here to help people out.
Using it is very simple, this is a quick sample that will create a ZIP file and add one directory and one file into then send it directly to the client.
<?
require ("incl/zipfile.inc.php");
$zipfile = new zipfile();
$filedata = implode("", file("incl/zipfile.inc.php"));
$zipfile->add_dir("incl/");
$zipfile->add_file($filedata, "incl/zipfile.inc.php");
header("Content-type: application/octet-stream");
header("Content-disposition: attachment; filename=zipfile.zip");
echo $zipfile->file();
?>
by R.I. Pienaar | May 22, 2005 | Uncategorized
Quite a nice week in photoblogs, seems it’s another week of sunsets or sun warmed up photos.
At The Center of Things
17 May by Ryan Rahn
Wave Crashing
Space
The Icarus Syndrome
20 May by Ryan Rahn
I also subscribed to a few new photoblogs this week, one of the new comers features twice above – Ryan Rahn.
Other new subscriptions: A Walk Through Durham Township, The Darkside Photoblog, Pinhole Media and Shots Photography.
by R.I. Pienaar | May 20, 2005 | Code
I’ve been trying to write a web based certificate authority to help make signing up for my OpenVPN installation easier for the users. Till now we used OpenVPN GUI for WIndows that provides a frontend to SSL for creating the CSR’s. It’s all a pain and way beyond what our users can manage in general so a nice web front-end is called for.
I read that PHP has bindings to the OpenSSL libraries so I thought I’d try and use that. I had endless hassles with Apache though, it would just die the moment I call the openssl_* functions in PHP or things would just return FALSE without any useful errors. I tried this on 4 FreeBSD machines all with Apache 1.x on, eventually I found it worked fine on Apache 2 machines! Upgraded one of the systems and it’s all good now.
Writing the SSL stuff is very simple with PHP, I’ll soon have a full implementation of a Certificate Authority done that is fully web driven so if there are any interest in this I may clean it up and release it under some Open Source licence, will also put up some code samples later but for now just wanted to point out that to get this stuff going you need Apache 2 it seems, well at least on FreeBSD machines.
The full entry has some screenshots of where I am today with the CA so you can get an idea of what I am getting at.
(more…)
