Crypto

GUI for linux kernel CryptoAPI - version 0.1.5



Why?

Work in graphics user interface I found to be more confortable and faster. Besides, I allways forget the right command line format if I don't use it for every day.
So, I have tried to resolve this problem.


Short Description

The application is a simple user interface for the Linux Kernel CryptoAPI.
It is possible to use it for creating a new container with crypted file system and for work with existing containers too.

Up today you can do:


The Program is mainly GUI over command lines (with sudo using):

The API Initialization
sudo /sbin/modprobe cryptoloop
sudo /sbin/modprobe CIPHERMODUL


Container Creation:
echo PASSWORD | sudo /sbin/losetup \
-e CIPHER -k BITS \
-p 0 LOOPDEVICE CONTAINER

sudo /sbin/mkfs -t FSTYPE LOOPDEVICE
sudo mount -t FSTYPE LOOPDEVICE tmpMountDir
cd tmpMountDir
chmod a+rw ./
sudo umount tmpMountDir
sudo /sbin/losetup -d LOOPDEVICE


Container Mounting:
echo PASSWORD | sudo /sbin/losetup \
-e CIPHER -k BITS \
-p 0 LOOPDEVICE CONTAINER

sudo /sbin/mount -t FSTYPE LOOPDEVICE TARGETDIR


Container Unmounting:
sudo /sbin/umount TARGETDIR
sudo /sbin/losetup -d LOOPDEVICE;



The application is writed in the Kylix 3 Open Edition.

The main language is English.
However, there is a simple system for translation into other languages. Only you need is translate the language file and choose this language in the configuration dialog.

The application is still in development, so its functionality may be limited or a little unpredictable.

You can use it but on your own responsibility only. I cannot give you whichever guaranty for functionality, security, stability etc.


Licence

GNU GPL, v 2.0 and later.
The licence is enclosed as the COPYING file.


Work With

A short application manual:

Create new container
  1. select menu item File/New Container (key shortcut Ctrl+N) or click on the main panel button with description "New"
  2. enter full path name to the new creating file
  3. enter required file size
  4. choose cipher algorithm and key bits size
  5. choose file system type
  6. permit / forbid attribute 'a+rw' setting for the new filesystem (permit = everyone can write to the filesystem; forbid = ONLY superuser can write something to the filesystem)
  7. choose and write a password for container (2x for typing error correction)
  8. choose if you will need use sudo (the best is ask your system administrator)
  9. with the "OK" button start the container creating

Mount existed container
  1. open connect dialog - with the menu item File/Mount Container (key shortcut Ctrl + M) or with the main panel button "Mount"
  2. choose file with crypted file system inside
  3. choose directory for mount to
  4. choose used cipher and key bits
  5. enter password for container (2x for typing error correction)
  6. if needed, select using sudo
  7. with the "OK" button mount the crypted file system

Disconnect mounted crypted file system
  1. finish all application and processes using the directory and the filesystem witch we want to unmount
  2. open disconnect dialog - with the menu item File/UnMount (key shortcut Ctrl + U) or with the main panel button "UnMount"
  3. select root directory with the crypted file system
  4. if needed, select using sudo
  5. with the "OK" button unmount crypted file system


Screenshots


main window
Main Application Window (Linux RH7.3, IceWM)

create container
New Container Dialog.

mount container
Mount Container Dialog.

umount filesystem
UnMount Container Dialog.

configuration - language
Application Language Selection.

configuration - initialization
Initialization CryptoAPI.


Download

Actual application version is 0.1.5 (09/19/2003) - see ChangeLog.

You can download compiled binary (RedHat 7.3), language files (up to now czech and slovak languages only, both in encoding iso-8859-2) and finally source files.


Installation and Configuration

  1. download and install Kylix3 OE runtime libraries first (cca 2,6 MB).

    Unpack libraries to the one of directories in the /etc/ld.so.conf file (e.g. to the directory /lib) and then enter in the terminal window command ldconfig. Probably, you will need administrator privilege for this operation.

    This operation you can omit ONLY if you have correctly installed Kylix3 development environment or if you have theses libraries yet installed.

    Without theses libraries you probably can't be able to run the application.


  2. download compiled binary application (see "binary" link in the "Download" section) as the package "binary.tgz" and unpack it. Files "Crypto" and "Crypto.sh" is needed to be placed somewhere to the PATH variable, or create a links for them.

    The file "Crypto.sh" is a run script only for starting "Crypto" without showing Kylix initialization window.
So, with the "Crypto" or "Crypto.sh" command you can run the apllication.

After first run and finishing will be in the user home directory created configuration directory ".CryptoAPI" to store configuration file and language files.

If you want the "localised" version of application, you can download language files (package "languages.tgz"). Unpack this package to the mentioned configuration directory (or anywhere you want and create links for files instead the copying). Now you can run the Crypto and in the configuration dialog choose your language if available. After corrected finishing will be your choice stored in the configuration file.

If you want install language files BEFORE first application run and configuration directory not exists, you must create it by hand. The best way is to use your favourite file manager or write in the terminal window the command:

mkdir ~/.CryptoAPI

and after that unpack/copy files.

Except the language files in the configuration directory there is stored the main configuration file "Crypto.ini", which is created and actualised automatically.


I you want to use application as a normal user and not the administrator only, you will need the SUDO properly installed and configured.

In the sudo configuration file /etc/sudoers is necessary have permited using commands modprobe, losetup, mount, umount, mkfs, chmod WITHOUT entering the login password.

So, you mast there lines:

ALL     ALL=NOPASSWD:/sbin/modprobe
ALL     ALL=NOPASSWD:/sbin/losetup
ALL     ALL=NOPASSWD:/bin/mount
ALL     ALL=NOPASSWD:/bin/umount
ALL     ALL=NOPASSWD:/sbin/mkfs
ALL     ALL=NOPASSWD:/bin/chmod


May be it looks like a hole to the operation system security, but up to now I don't know how to allow to use linux Crypto API for normal user, nor how to create a command line and pass two different commands with different parameters (sudo with sudo password followed with the command for container password).


Next Work

I would like to add the sudo password using - if I will know how to. May be, this will a little improve system security.
The main problem of CryptoAPI using is that drive mounting, module loading, file system creating etc. is permited for the system administrator only.
If anybody have an idea to solve theses problems, I hope he (or she) will be helpfull to share it and the result may be better application.

Welcomed are all language corrections too and of course, translations laguage files to other languages.


Contact

All comments and suggestions are welcomed at the E-mail : pcernoch at volny.cz


Updated: 09/19/2003, © Peter Cernoch