Category Archives: Cryptography

Everything that has to do with cryptography.

How to compile Truecrypt from source

A few days ago my new USB hard drive arrived. My idea was to connect the hard drive to my Raspberry Pi so that everyone in the network can read the data on that drive. But all the data stored on that drive should be encrypted. The problem was that I also wanted to use the hard drive to copy files from a computer of a friend. Not everyone uses Linux, so I could not encrypt the hard drive with LUKS.
But I had an idea to encrypt the hard drive with Truecrypt, which is available for Windows, Mac OS X and Linux. I created a little partition (about 100MB) which is not encrypted and download the Truecrypt installer for each OS to that partition. The advantage is that you don’t need an internet connection to download the installer. The rest of the hard drive is encrypted with Truecrypt.

The main problem was the installation of Truecrypt on my Pi because there is no ARM binary. I’ve no X-Server on my Pi so I had to install Truecrypt as console-only version. Here are the steps I’ve done to install Truecrypt on my Pi.
Read the rest of this entry

Advertisements

How to install a CalDav and CardDav server using Radicale

During my time at the university I had lots of meetings, events and I couldn’t remember all these events, so I had to write them down. But we’re living in a digital world, so I wanted to keep all my appointments digitally. I tried Thunderbird Lightning and it is a great Add On. But I also wanted to synchronize all these events with my smartphone without using an external cloud, e.g. Google Calendar.

I wanted a small program with minimal dependencies to act as a server which is able to run on a Raspberry Pi. It doesn’t have to provide a web interface, because I can use Thunderbird or my smartphone to add, change or delete events. I found Radicale which is written in Python and has no dependencies. It supports the CalDav and CardDav protocol. That’s all I wanted so I gave it a try. My first impression was very good and it works great. Here are all steps I did to set up my own CalDav server with Radicale.

1. Installation of Radicale
2. Adding bcrypt support to Radicale (optional step)
3. Configure Radicale
4. Configure Thunderbird Lightning
5. Configure Android Calendar
Read the rest of this entry

How to create your own PKI with openssl

Today certificates are widely used to verify, authenticate a client/user or server, to encrypt or sign emails or to sign other types of objects (e.g. source code). You are using a certificate at the moment, due to the secure http (https) connection.
In this post I will show you how to create your own Root Certificate Authority (CA).

1. Create a self signed root certificate
2. Create a sub ca certificate
3. Create a server certificate
4. Create a user certificate
5. Generate a certificate revocation list
6. Revoke a certificate
7. Export a certificate to PKCS#12 format
8. Bash script to manage your own CA

I recommend to configure your openssl.cnf (located at /etc/ssl/openssl.cnf). This is the most annoying part, but it simplifies the next steps. You can find an example of an openssl.cnf I’ll use at the end of this post. Be careful at the policy_match section, this can be a problem while signing a certificate signing request.
Read the rest of this entry

How to mount LUKS encrypted partitions manually

In the last days I played a bit with Slackware Linux on my netbook. But I play a bit too much and I had to recover some important files from my home folder but it is encrypted. The system wasn’t able to boot successfully. I had to boot from an usb-stick. But the problem was to decrypt the partition with my home folder.

Read the rest of this entry

How to mount a LUKS encrypted partition on boot

In order to automatically mount a LUKS encrypted partition on boot you have to find out its universally unique identifier (UUID) first. Open a root shell and enter
$ blkid
The program lists all mounted volumes and their UUIDs. Read the rest of this entry

How to encrypt a string with ROT13 (one liner)

ROT13 is a variation of the caesar chiffre. It replaces each letter with the letter 13 positions after that letter. A nice side effect: you need only a function to encrypt a string. If you encrypt an encrypted string, you’ll get the plaintext.

Encryption:
echo 'This is a Test' | tr 'A-Za-z' 'N-ZA-Mn-za-m'
Output: Guvf vf n Grfg

Decryption:
echo 'Guvf vf n Grfg' | tr 'A-Za-z' 'N-ZA-Mn-za-m'
Output: This is a Test

How to encrypt and decrypt a file with openssl

Openssl comes with lots of cipher types. At the end of the post you can find a list of all cipher types.

Encryption

We want to encrypt the file test.txt with AES 256 Bit CBC. The name of the encrypted file is test.enc:

openssl enc -aes-256-cbc -in test.txt -out test.enc

Decryption

We want to decrypt the file test.enc with AES 256 Bit CBC:

openssl enc -d -aes-256-cbc -in test.enc -out test.txt

Openssl will ask you for the passphrase.

Read the rest of this entry