Discussion and development of BusyBox

Mike Frysinger | 1 Mar 2008 08:10

Picon

Re: Encryption

On Friday 29 February 2008, Kevin Holland wrote:
> Is there a quick and dirty way to encrypt and decrypt a tar with the
> current busybox utilities?

there are no encrypt/decrypt utils in busybox

> I'm pulling updates from a public FTP and I would like to secure it.

that doesnt really make sense.  if it's public ftp, then anyone can fetch it, 
therefore protecting the content by encryption is pointless.
-mike

_______________________________________________
busybox mailing list
busybox <at> busybox.net
http://busybox.net/cgi-bin/mailman/listinfo/busybox

Goetz Bock | 1 Mar 2008 21:36

Picon

Re: Encryption


On Sat, Mar 01 '08 at 02:10, Mike Frysinger wrote:
> On Friday 29 February 2008, Kevin Holland wrote:
> > Is there a quick and dirty way to encrypt and decrypt a tar with the
> > current busybox utilities?
> 
> there are no encrypt/decrypt utils in busybox

to bad.

> > I'm pulling updates from a public FTP and I would like to secure it.
> 
> that doesnt really make sense.  if it's public ftp, then anyone can fetch it, 
> therefore protecting the content by encryption is pointless.

that made about as much sence as saying: AIDS is a sexualy transmitted
desease. everyoe is having sexi, so using a condom is pointless.

Encryption is probably the only way to secure Kevins data.
--
/"\ Goetz Bock at blacknet dot de  --  secure mobile Linux everNETting
\ /       (c) 2008 Creative Commons, Attribution-ShareAlike 2.0 de
 X   [ 1. Use descriptive subjects - 2. Edit a reply for brevity -  ]
/ \  [ 3. Reply to the list - 4. Read the archive *before* you post ]

Alexander Kriegisch | 2 Mar 2008 00:51

Re: Encryption

Instead of going polemic you could have opted for explaining to us what
you seem to have understood, while have obviously have not (otherwise we
would not have asked).
--
Alexander Kriegisch

> that made about as much sence as saying: AIDS is a sexualy transmitted
> desease. everyoe is having sexi, so using a condom is pointless.
> 
> Encryption is probably the only way to secure Kevins data.

Mike Frysinger | 1 Mar 2008 22:50

Picon

Re: Encryption

On Saturday 01 March 2008, Goetz Bock wrote:
> On Sat, Mar 01 '08 at 02:10, Mike Frysinger wrote:
> > On Friday 29 February 2008, Kevin Holland wrote:
> > > Is there a quick and dirty way to encrypt and decrypt a tar with the
> > > current busybox utilities?
> >
> > there are no encrypt/decrypt utils in busybox
>
> to bad.
>
> > > I'm pulling updates from a public FTP and I would like to secure it.
> >
> > that doesnt really make sense.  if it's public ftp, then anyone can fetch
> > it, therefore protecting the content by encryption is pointless.
>
> that made about as much sence as saying: AIDS is a sexualy transmitted
> desease. everyoe is having sexi, so using a condom is pointless.

that's a stupid (and incorrect) analogy

> Encryption is probably the only way to secure Kevins data.

if it's a public FTP, then there's nothing to be secured.  if someone is 
sniffing traffic and the traffic is encrypted, then the attacker merely needs 
to go to the public FTP and fetch the files themselves.
-mike

_______________________________________________
busybox mailing list

(Continue reading)

Goetz Bock | 3 Mar 2008 09:24

Picon

Re: Encryption


On Sat, Mar 01 '08 at 16:50, Mike Frysinger wrote:
> that's a stupid (and incorrect) analogy

yes, it is a stupid analogy, but it's not incorrect.

> if it's a public FTP, then there's nothing to be secured.  if someone is 
> sniffing traffic and the traffic is encrypted, then the attacker merely needs 
> to go to the public FTP and fetch the files themselves.

For me it was so very obviose that OP did not want to encrypt the
traffic but the file.

OP has a public ftp server (ftp.company.com) where he would like to
place the update files. While there everyone can get the file, they
should not be able to _USE_ them. So encryption is what he asked for. 
--
/"\ Goetz Bock at blacknet dot de  --  secure mobile Linux everNETting
\ /       (c) 2007 Creative Commons, Attribution-ShareAlike 2.0 de
 X   [ 1. Use descriptive subjects - 2. Edit a reply for brevity -  ]
/ \  [ 3. Reply to the list - 4. Read the archive *before* you post ]

Kevin Holland | 3 Mar 2008 17:26

Re: Encryption

Sorry I was gone this weekend,
But this is statement is correct.  I don't want to encrypt the traffic
just the contents of a tar archive.  The archive is on an ftp server
where an anonymous person can log in and download anything.  I just want
to keep people from snooping around in the update files.  I understand
that someone determined to get into them probably will, I just want to
keep out the less determined people. 
 I want something where I can create the archive run it through an
encryption utility, then upload it to the ftp server.  Then my embedded
board will download it and run it through its decryption utility and
make the needed updates.

I hope this is clearer to everyone.

Kevin

On Mon, 2008-03-03 at 09:24 +0100, Goetz Bock wrote:
> On Sat, Mar 01 '08 at 16:50, Mike Frysinger wrote:
> > that's a stupid (and incorrect) analogy
> 
> yes, it is a stupid analogy, but it's not incorrect.
> 
> > if it's a public FTP, then there's nothing to be secured.  if someone is 
> > sniffing traffic and the traffic is encrypted, then the attacker merely needs 
> > to go to the public FTP and fetch the files themselves.
> 
> For me it was so very obviose that OP did not want to encrypt the
> traffic but the file.
> 
> OP has a public ftp server (ftp.company.com) where he would like to

(Continue reading)

Alexander Kriegisch | 3 Mar 2008 18:30

Re: Encryption

Well, Kevin,

now that you have answered yourself, we can stop speculating ans start
offering suggestions.  If this is not too simple for your purpose,
you can quite cheaply en-/decrypt files using 'tr' by scrambling
arbitrary characters with a fixed key. This way you can either achieve a
Caesar cipher or something more complicated, but definitely not strong
encryption. Anyway, it would work. In case you are interested, I might
hack a little sample for you. It should be enough to keep the lamers out.

Regards
--
Alexander Kriegisch
Certified ScrumMaster
http://scrum-master.de

Kevin Holland:
> I want something where I can create the archive run it through an 
> encryption utility, then upload it to the ftp server.  Then my
> embedded board will download it and run it through its decryption
> utility and make the needed updates.

Kevin Holland | 3 Mar 2008 19:17

Re: Encryption

That sounds good,
I'd like to see that as long as you think it will work on gziped
archives.
Thanks

Kevin

On Mon, 2008-03-03 at 18:30 +0100, Alexander Kriegisch wrote:
> Well, Kevin,
> 
> now that you have answered yourself, we can stop speculating ans start
> offering suggestions.  If this is not too simple for your purpose,
> you can quite cheaply en-/decrypt files using 'tr' by scrambling
> arbitrary characters with a fixed key. This way you can either achieve a
> Caesar cipher or something more complicated, but definitely not strong
> encryption. Anyway, it would work. In case you are interested, I might
> hack a little sample for you. It should be enough to keep the lamers out.
> 
> Regards
> --
> Alexander Kriegisch
> Certified ScrumMaster
> http://scrum-master.de
> 
> Kevin Holland:
> > I want something where I can create the archive run it through an 
> > encryption utility, then upload it to the ftp server.  Then my
> > embedded board will download it and run it through its decryption
> > utility and make the needed updates.
>

(Continue reading)

Alexander Kriegisch | 4 Mar 2008 00:09

Re: Encryption

Well, this is extremely simple and not very refined,
but try something like this:

# Alphabets for en-/decoding (must contain same characters, only in different order)
decoded_chars='A-Za-z0-9\n _;.:#+*/"!'
encoded_chars='mn0opj\nYZk _;.rGJX6IHu12tsWVU5ql3a:e#+zFTEDRS4CBAyxwvd*b/f"9gQPONch8!iMKL7'

# Encode file
cat myfile.gz | tr "$decoded_chars" "$encoded_chars" > myfile.gz.enc
# Decode file
cat myfile.gz.enc | tr "$encoded_chars" "$decoded_chars" > myfile.gz.dec

# Make sure decoded file equals original
md5sum myfile.gz*
e7720032bb3f6579d7e9cc2edcf1f9df  myfile.gz
e7720032bb3f6579d7e9cc2edcf1f9df  myfile.gz.dec
4b630933f0ebf0af2e159bf41272a30f  myfile.gz.enc

Just a quick hack.

Now you can start improving this little sample by adding more
characters (even control characters or full 256-character alphabets),
adding a shell function automatically creating keys from given
alphabets etc.

--
Alexander Kriegisch
Certified ScrumMaster
http://scrum-master.de

(Continue reading)

Kevin Holland | 4 Mar 2008 00:16

Re: Encryption

Thanks this should work great!
Kevin

On Tue, 2008-03-04 at 00:09 +0100, Alexander Kriegisch wrote:
> Well, this is extremely simple and not very refined,
> but try something like this:
> 
> 
> # Alphabets for en-/decoding (must contain same characters, only in different order)
> decoded_chars='A-Za-z0-9\n _;.:#+*/"!'
> encoded_chars='mn0opj\nYZk _;.rGJX6IHu12tsWVU5ql3a:e#+zFTEDRS4CBAyxwvd*b/f"9gQPONch8!iMKL7'
> 
> # Encode file
> cat myfile.gz | tr "$decoded_chars" "$encoded_chars" > myfile.gz.enc
> # Decode file
> cat myfile.gz.enc | tr "$encoded_chars" "$decoded_chars" > myfile.gz.dec
> 
> # Make sure decoded file equals original
> md5sum myfile.gz*
> e7720032bb3f6579d7e9cc2edcf1f9df  myfile.gz
> e7720032bb3f6579d7e9cc2edcf1f9df  myfile.gz.dec
> 4b630933f0ebf0af2e159bf41272a30f  myfile.gz.enc
> 
> 
> Just a quick hack.
> 
> Now you can start improving this little sample by adding more
> characters (even control characters or full 256-character alphabets),
> adding a shell function automatically creating keys from given
> alphabets etc.

(Continue reading)

walter harms | 3 Mar 2008 17:43

Picon

Re: Encryption


Kevin Holland wrote:
> Sorry I was gone this weekend,
> But this is statement is correct.  I don't want to encrypt the traffic
> just the contents of a tar archive.  The archive is on an ftp server
> where an anonymous person can log in and download anything.  I just want
> to keep people from snooping around in the update files.  I understand
> that someone determined to get into them probably will, I just want to
> keep out the less determined people. 
>  I want something where I can create the archive run it through an
> encryption utility, then upload it to the ftp server.  Then my embedded
> board will download it and run it through its decryption utility and
> make the needed updates.
> 
> I hope this is clearer to everyone.
> 
> Kevin

what is about pgp ? let them download if they like.

re,
 wh

Tito | 1 Mar 2008 23:24

Picon

Re: Encryption

On Saturday 01 March 2008 22:50:01 Mike Frysinger wrote:
> On Saturday 01 March 2008, Goetz Bock wrote:
> > On Sat, Mar 01 '08 at 02:10, Mike Frysinger wrote:
> > > On Friday 29 February 2008, Kevin Holland wrote:
> > > > Is there a quick and dirty way to encrypt and decrypt a tar with the
> > > > current busybox utilities?
> > >
> > > there are no encrypt/decrypt utils in busybox
> >
> > to bad.
> >
> > > > I'm pulling updates from a public FTP and I would like to secure it.
> > >
> > > that doesnt really make sense.  if it's public ftp, then anyone can fetch
> > > it, therefore protecting the content by encryption is pointless.
> >
> > that made about as much sence as saying: AIDS is a sexualy transmitted
> > desease. everyoe is having sexi, so using a condom is pointless.
> 
> that's a stupid (and incorrect) analogy
> 
> > Encryption is probably the only way to secure Kevins data.
> 
> if it's a public FTP, then there's nothing to be secured.  if someone is 
> sniffing traffic and the traffic is encrypted, then the attacker merely needs 
> to go to the public FTP and fetch the files themselves.
> -mike
> 

Hi,

(Continue reading)

Alexander Kriegisch | 2 Mar 2008 00:54

Re: Encryption

> maybe the problem is to post a file on a public ftp server
> in a way that its contents are not public..........?

Why not let him answer by himself? He spoke of "pulling files", not
"pushing/uploading files".

Alexander Kriegisch

Mike Frysinger | 2 Mar 2008 00:00

Picon

Re: Encryption

On Saturday 01 March 2008, Tito wrote:
> On Saturday 01 March 2008 22:50:01 Mike Frysinger wrote:
> > On Saturday 01 March 2008, Goetz Bock wrote:
> > > On Sat, Mar 01 '08 at 02:10, Mike Frysinger wrote:
> > > > On Friday 29 February 2008, Kevin Holland wrote:
> > > > > Is there a quick and dirty way to encrypt and decrypt a tar with
> > > > > the current busybox utilities?
> > > >
> > > > there are no encrypt/decrypt utils in busybox
> > >
> > > to bad.
> > >
> > > > > I'm pulling updates from a public FTP and I would like to secure
> > > > > it.
> > > >
> > > > that doesnt really make sense.  if it's public ftp, then anyone can
> > > > fetch it, therefore protecting the content by encryption is
> > > > pointless.
> > >
> > > that made about as much sence as saying: AIDS is a sexualy transmitted
> > > desease. everyoe is having sexi, so using a condom is pointless.
> >
> > that's a stupid (and incorrect) analogy
> >
> > > Encryption is probably the only way to secure Kevins data.
> >
> > if it's a public FTP, then there's nothing to be secured.  if someone is
> > sniffing traffic and the traffic is encrypted, then the attacker merely
> > needs to go to the public FTP and fetch the files themselves.
>

(Continue reading)

Hamish Moffatt | 3 Mar 2008 03:43

Picon

Re: Encryption

On Sat, Mar 01, 2008 at 06:00:04PM -0500, Mike Frysinger wrote:
> in any case though, the ftp server would need to support the encryption as 
> well ... a random util in busybox isnt going to magically make it happen.  

Umm, what? Perhaps OP wants to encrypt a file, place it on a public
server he controls, and have his busybox target download the file and
decrypt it. In that case, encryption serves to prevent other people from
accessing the file contents, even though they can download the file.

I use the command-line utilities that accompany OpenSSL to do something
similar.

Hamish
--

-- 
Hamish Moffatt VK3SB <hamish <at> debian.org> <hamish <at> cloud.net.au>

Return

Return to gmane.linux.busybox.

Project Web Page

Discussion and development of BusyBox

Search Archive

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane