home | list info | list archive | date index | thread index

[OCLUG-Tech] safe viewing of encrypted file

Some of you may remember my OCLUG talk on tools for carrying encrypted files on USB. Still on this topic, I'm wondering the best way (for the moment just in Linux) to simply view the contents of an encrypted plain text file (my password list!) in a way that doesn't leave a backup file around, and clears memory etc.

The script below is a start. There are several notes at the end about things I don't like about it. Perhaps someone knows a better way. Ideally I want a set of cross-platform programs on my USB key with data that let me view safely on practically any machine, though I recognize that a machine that is compromised would be dangerous.

Suggest folk respond off-list and then I'll collect the answers in a few days and post them in summary form. I'm sure someone has done this before.


# v -- view contents of encrypted text file
#  first argument is name of file
# sudo mount -t tmpfs -o size=500k,nr_inodes=200,mode=0700 tmpfs /home/john/tspace
sudo mount -t tmpfs -o size=500k,nr_inodes=200 tmpfs /home/john/tspace
tpw=`date` # Use backquote to execute date
echo "$tpw\n" > tpass
echo "$tpw\n" >> tpass
cat tpass | encfs -S ~/tspace/ ~/etspace/
echo "Destroy this?\n"
cat tpass
rm tpass # for security
cp $1.cpt ~/etspace/$1.cpt
ccrypt -d ~/etspace/$1.cpt
less ~/etspace/$1
echo "Now scrub it\n"
scrub ~etspace/$1
echo "and unmount stuff\n"
sudo umount ~/etspace
sudo umount ~/tspace
echo "DONE\n"
mount # to check we have got rid of stuff

# This has a couple of problems:
## need sudo access for mounting
## need sudo access for unmounting
## need to sort out how to get file from subdir to correct location and extract root of name