Spaß mit Verschlüsselung

Privaten Schlüssel (AES-256/4096bit) erstellen:

openssl genrsa -aes256 -out private.pem 4096

Öffentlichen Schlüssel erstellen:

openssl rsa -in private.pem -outform PEM -pubout -out public

Datei verschlüsseln:

openssl rsautl -pubin -inkey public.pem -encrypt -in klartext.txt -out geheim.txt

Datei entschlüsseln:

openssl rsautl -inkey private.pem -decrypt -in geheim.txt -out klartext2.txt 

Read More

disk encryption (dm-crypt + LUKS, non-root)

encrypting external drives with dm-crypt and LUKS (hdd, flash etc.)

1) wipe potentially existing luks-header (optional)

dd if=/dev/zero of=/dev/sdX bs=512 count=20480

2) wipe existing partitions (optional)

3) setup luks-header

cryptsetup options luksFormat device

respectively

cryptsetup -v --cipher aes-xts-plain64 --key-size 512 \
--hash sha512 --iter-time 5000 --use-random luksFormat <device>

4) mount encrypted partition

simply mount

or

cryptsetup open <device> <name>

5) create file system

mkfs.fstype /dev/mapper/name

6) change user permissions (only accessible for root as default)

chown user:group <mount point>

https://wiki.archlinux.org/index.php/LUKS

https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_a_non-root_file_system

https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode

Read More

bad blocks / (e2)fsck – repair partitions

badblocks is a Linux utility to check for bad sectors on a disk drive (A bad sector is a sector on a computer’s disk drive or flash memory that cannot be used due to permanent damage or an OS inability to successfully access it.). It creates a list of these sectors that can be used with other programs, like mkfs, so that they are not used in the future and thus do not cause corruption of data. It is part of the e2fsprogs project.

It can be a good idea to periodically check for bad blocks. This is done with the badblocks command. It outputs a list of the numbers of all bad blocks it can find. This list can be fed to fsck to be recorded in the filesystem data structures so that the operating system won’t try to use the bad blocks for storing data. The following example will show how this could be done.

From the terminal, type following command:

$ sudo badblocks -v /dev/hda1 > bad-blocks

The above command will generate the file bad-blocks in the current directory from where you are running this command.

Now, you can pass this file to the fsck command to record these bad blocks

$ sudo fsck -t ext3 -l bad-blocks /dev/hda1
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Check reference counts.
Pass 5: Checking group summary information.

/dev/hda1: ***** FILE SYSTEM WAS MODIFIED *****

/dev/hda1: 11/360 files, 63/1440 blocks

If badblocks reports a block that was already used, e2fsck will try to move the block to another place. If the block was really bad, not just marginal, the contents of the file may be corrupted.


e2fsck /dev/sdX

Read More

ssh tunnel / vpn

sudo ssh -L localhost:port:localhost:remote-port user@host -N

Proxy
set remote-port to the proxy port (3128 for squid) on the server
set port to any local port (e.g. 8000) on the client and configure proxy settings to localhost:port

Any port
set remote-port to the port to be tunnelled on the server
set port to any local port (e.g. 8001) on the client and use it with localhost:port

Read More