1
I encrypted a file using ecryptfs on an sdcard,
Then I decrypted the file on the same sdcard,
If anyone take the sdcard at this point can he read the file ?
If yes, are there any other options to prevent that ?
Yossi
Posted 2018-06-12T23:36:09.867
Reputation: 13
1
If you wrote a file to any drive (hard drive, flash/SD/USB) then it could be read again later, even if it's been deleted, even if it's been "overwritten" on a flash device since flash devices sometimes swap sectors in the background.
If you don't want to worry about decryped files (or their deleted remnants) lying around, you should be using an on-the-fly encryption, like LUKS or eCryptfs or EncFS or Truecrypt/VeraCrypt (among others). They take care of the "only decrypt to ram" details themselves, and most should be available on a Raspberry.
FYI, Interestingly tmpfs may be written to a disk cache, but ramfs won't.
Xen2050
Posted 2018-06-12T23:36:09.867
Reputation: 12 097
1Thank you for this tmpfs vs ramfs info. I've learnt something today. :) – Kamil Maciorowski – 2018-06-16T01:42:38.403
@KamilMaciorowski I was surprised when I found out, almost want to prove it now too (Kernel.org: "tmpfs puts everything into the kernel internal caches and grows and shrinks to accommodate the files it contains and is able to swap unneeded pages out to swap space... Ramdisks cannot swap and you do not have the possibility to resize them." ;-) Seems almost like a bug but there's reasons I guess, c'est la vie.
– Xen2050 – 2018-06-16T02:17:03.737
Encrypt the filesystem. – Ignacio Vazquez-Abrams – 2018-06-12T23:41:41.137
@IgnacioVazquez-Abrams I can't. it's raspberry pi. – Yossi – 2018-06-13T00:00:03.777
Do you mean you encrypted the file and then opened or viewed it on the computer? Or do you mean you encrypted the file and then you decrypted the file. It should be fairly obvious what the answer is if the latter. If the former, then no, viewing or opening the file should not cause it to be unencrypted on the disk. – Appleoddity – 2018-06-13T00:14:57.447
@Appleoddity it's a raspberry pi so the whole system is on an sdcard, I decrypted a file/folder using a passphrase to read the data so my concern is if someone take that sdcard will he be able to read that file – Yossi – 2018-06-13T00:18:24.590
Let me know if this is a good solution, I will create a temp ram drive and decrypt the file to it, that way the decrypted file wouldn't be on the sdcard. – Yossi – 2018-06-13T01:11:23.690
Yes that would be a good solution (if you can afford the necessary RAM). – xenoid – 2018-06-13T06:15:05.910
@xenoid thank you, I just need to decrypt some private keys so it doesn't need much space – Yossi – 2018-06-13T17:23:40.263