12:36 Safe storage of secrets | ||
Never could remember all the logins, passwords and other access codes to all my accounts. Sometimes the registration name and code must be cherished in the worst possible moment, so I carry them on a flash drive. In order not to tear my hair out when they lose a treasured storage of information I wrote skriptik, discussed below. Formulate the problem. There is a folder with secrets (personal diaries, account information, with articles on the Habr, etc.), which could well be stored in clear text. Ability to read data from it would be desirable to have on any computer on which zaneset. For simplicity, we describe further manipulations to restrict all computers running Windows. But nothing prevents to expand this circle, as all software used cross platform. We need the following tools:
I'll use 7-Zip portable, GnuPG and Eraser portable. In * nix systems it might be for example tar, GnuPG and wipe Create a working directory on a flash drive (eg F: \ bin \ secure). Copy into it the needed tools:
Next we need to generate private and public key cryptography operations. This is done very simply with all the same gpg: F: \ bin \ secure \ gpg.exe - gen-key - home = C: \ After answering all the questions (if you do not understand that asked in the first three questions can answer as follows: 1, 1024, 0) we obtain public and private keys, as well as database of trusted certificates. These are the files:
The most important are pubring ( public key that can be used to encrypt) and secring (the private key that can be used to decrypt). Furthermore, the Council remember the name of a key holder and a password. Write down all the registered vehicle and put in the safe. Me portability is more important than security, so the two files I store on the same flash drive. Just put them in a place where they will be looking vryatli. Even if found, to decrypt the private key will need a password. Let the private key is F: \ ZAKRYTYY.KLYUCH and the public - F: \ OTKRYTYY.KLYUCH. Database of trusted certificates (needed to gpg not swear in operations encryption / decryption) - files random_seed and trust_db put to gpg.exe, ie F: \ bin \ secure. Note: If you work in homes and offices, carrying vital information back and forth, the keys can be stored on a business and office computer. Thus "the way" information will be protected from theft, loss, or meeting in a dark alley with a group of Gopnik-ITshnikov. It only remains to implement the encryption script, which implements the following operations:
And the script decryption -
Here are the scripts for batch: enc.bat 1 @ echo off 2 rem Capturing keys 3 copy% 3 ; "% ~ dp0/pubring.gpg" / Y>> nul 4 rem Packaging 5% ~ dp0/7z.exe a% 1.7z% 1 ;>> nul & & start / wait% ~ dp0/gpg.exe 6 - homedir =% ~ dp0-r% 2 - quiet-o% 1. enc-e% 1.7z 7 IF NOT% ERRORLEVEL% == goto fail 8 echo ENCRYPTED SUCCESSFULL 9% ~ dp0/eraserl.exe-file% 1.7z-silent & &% ~ dp0/eraserl.exe-folder% 1 10-subfolders-silent>> nul 11 goto ; end 1912: fail 13 echo ENCRIPTION FAILED 14: end 15 rem trimmed keys 16% ~ dp0/eraserl.exe-file "% ~ dp0/pubring.gpg "-silent dec.bat 1 @ echo off 2 rem Capturing keys 3 copy% 3 "% ~ dp0/pubring.gpg" / Y>> nul 4 copy% 4 "% ~ dp0/secring.gpg" / Y>> ; nul 5 rem Explanation 6 start / wait% ~ dp0/gpg.exe - homedir =% ~ dp0-r% 2 - quiet-o% 1.7 z-d% 1 7 IF NOT% ERRORLEVEL% == goto fail 8 rem Unpack 9% ~ dp0 / 7z.exe x% 1.7z-o% ~ dp1>> nul & & del% 1 / Q & &% ~ dp0/eraserl.exe 10-file% 1.7z - resultsonerror 11 echo DECRYPTED SUCCESSFULL 12 goto end 1913: fail 14 echo DECRYPTION FAILED 15: end 16% ~ dp0 / eraserl.exe-file "% ~ dp0/secring.gpg"-resultsonerror & & 17% ~ dp0/eraserl.exe-file "% ~ dp0/pubring.gpg"-resultsonerror arrange them in the same folder F: \ bin \ secure. If the pack Eraserl.exe, Eraser.dll and gpg.exe with upx, then the entire folder secure with keys fits easily on a registered 3,5 "floppy disk. The process of encoding is as follows: F: \ bin \ secure \ enc.bat F: \ VAZHNAYA_PAPKA IMYA_VLADELTSA_KLYUCHA F: \ OTKRYTYY.KLYUCH and decryption so: F: \ bin \ secure \ dec.bat F: \ VAZhNAYa_PAPKA.enc IMYA_VLADELTSA_KLYUCHA F: \ OTKRYTYY.KLYUCH F: \ ZAKRYTYY.KLYUCH In the process of decoding you will be asked to enter a password to the private key. Note: These scripts encrypt only the folder, because eraserl distinguish between folders and files, but with the necessary skill is an unfortunate misunderstanding is easily fixable. | ||
|
| ||
| Total comments: 0 | |