Encrypted pup_save for Puppy 212
Encrypted pup_save for Puppy 212
I've updated the pup_save encryption for 212. Included in the package below is a modified initrd.gz which will prompt you for a password if your pup_save file has "crypt" in the name and a script to create an encrypted pup_save file.
The initrd.gz is about 40k bigger and has the following additions:
cryptoloop.ko.gz
aes.ko.gz
losetup (compiled with dietlibc to replace the busybox version)
The init script has these changes:
261 CRYPT=$( echo $PUPSAVE | grep crypt )
262 if [ "$CRYPT" != "" ] ; then
263 CRYPTO="-e aes"
264 zcat /lib/modules/${KERNVER}/aes.ko.gz | insmod -
265 zcat /lib/modules/${KERNVER}/cryptoloop.ko.gz | insmod -
266 else
267 CRYPTO=""
268 fi
589 if [ "$CRYPTO" != "" ] ; then
590 echo -e "\\033[1;31m" >/dev/console
591 echo "Loading encrypted pup_save_crypt" >/dev/console
592 echo "" >/dev/console
593 while true; do
594 echo "Password: " >/dev/console
595 losetup $CRYPTO /dev/loop1 $SMNTPT$SAVEFILE
596 mount -t ext3 -o noatime,rw /dev/loop1 $EFSMNT
597 if [ "$?" = "0" ] ; then
598 break
599 else
600 losetup -d /dev/loop1
601 echo "Can't mount file, Try password again." >/dev/console
602 fi
603 done
604 else
611 fi
The pup-save-encryption script is a simplified and improved version of the one I had posted before. I did away with the option to choose a partition for the new pup_save_crypt file because the pup_save files need to be on one partition anyway. Added an option to re-enter your password. Fixed a bug in naming the pup_save_crypt file. Clarified some of the verbage.
Opps Forum can't take files over 1MB anymore. I've poseted it here:
http://upload2.net/page/download/DZIl8c ... ar.gz.html
The initrd.gz is about 40k bigger and has the following additions:
cryptoloop.ko.gz
aes.ko.gz
losetup (compiled with dietlibc to replace the busybox version)
The init script has these changes:
261 CRYPT=$( echo $PUPSAVE | grep crypt )
262 if [ "$CRYPT" != "" ] ; then
263 CRYPTO="-e aes"
264 zcat /lib/modules/${KERNVER}/aes.ko.gz | insmod -
265 zcat /lib/modules/${KERNVER}/cryptoloop.ko.gz | insmod -
266 else
267 CRYPTO=""
268 fi
589 if [ "$CRYPTO" != "" ] ; then
590 echo -e "\\033[1;31m" >/dev/console
591 echo "Loading encrypted pup_save_crypt" >/dev/console
592 echo "" >/dev/console
593 while true; do
594 echo "Password: " >/dev/console
595 losetup $CRYPTO /dev/loop1 $SMNTPT$SAVEFILE
596 mount -t ext3 -o noatime,rw /dev/loop1 $EFSMNT
597 if [ "$?" = "0" ] ; then
598 break
599 else
600 losetup -d /dev/loop1
601 echo "Can't mount file, Try password again." >/dev/console
602 fi
603 done
604 else
611 fi
The pup-save-encryption script is a simplified and improved version of the one I had posted before. I did away with the option to choose a partition for the new pup_save_crypt file because the pup_save files need to be on one partition anyway. Added an option to re-enter your password. Fixed a bug in naming the pup_save_crypt file. Clarified some of the verbage.
Opps Forum can't take files over 1MB anymore. I've poseted it here:
http://upload2.net/page/download/DZIl8c ... ar.gz.html
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
Cool. I finally got around to trying an encrypted pupfile, and it works great. I don't know if the "copy your old file" part worked, because I'm not sure if I chose it or not. Otherwise, no problems yet.
Assuming nothing pops up before I get around to it, I'll be including this in Pizzapup A.T.E.
Assuming nothing pops up before I get around to it, I'll be including this in Pizzapup A.T.E.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
kirk, I'm glad you figured out what needed to be changed in the boot script for 212; I certainly had no idea.
However I guess you missed that I responded to your earlier request:
However I guess you missed that I responded to your earlier request:
I rewrote the script and posted it at the end of the thread about the encrypted pupsave for 211. It's a shame we duplicated this effort, although it didn't hurt for me to polish my script writing skills. Perhaps the two can be combined somehow.If this is going to be included in Puppy I would like see somebody rewrite the encrypt-pupsave script. What I wrote works, but it's not pretty and my scripting skills aren't great.
Pizzasgood, PaulBx1, thanks for checking it out.
PaulBx1, A couple days ago I saw the script you posted. Thanks, it was a help. Especially for figuring out the maximum number of characters for the password. I thought it would probably be best to simplify things so that new users would find it less confusing.
Thanks again guys!
PaulBx1, A couple days ago I saw the script you posted. Thanks, it was a help. Especially for figuring out the maximum number of characters for the password. I thought it would probably be best to simplify things so that new users would find it less confusing.
Thanks again guys!
-
- Posts: 12
- Joined: Fri 01 Dec 2006, 01:24
keyboard not working at password prompt
hello, and thanks for the scripting
im stuck at the password prompt with no keyboard, mineis usb and works at the boot prompt prior to the password prompt and also further on in puppy if i remove the encrypted save file...
perhaps the usb modules need loading as part of your script ??
im running 2.11 and the scripts you released for that version.
thanks
im stuck at the password prompt with no keyboard, mineis usb and works at the boot prompt prior to the password prompt and also further on in puppy if i remove the encrypted save file...
perhaps the usb modules need loading as part of your script ??
im running 2.11 and the scripts you released for that version.
thanks
The part I added to the init script comes after the part that let's you choose which pupsave file to use, so the keyboard should be working by then. Did you have more than one pupsave file to choose from? If not you could just make a blank file in the same place as your pupsave file and name it pup-save-test.3fs (that - should be an under score, don't have that on my keyboard right now) reboot and see if you can choose which pupsave file to use. Also, when you type your password, your typing is not visible so it might seem like the keyboard is not working. But pressing enter should give some indication. I'm out of town right now using a blackberry, so, I can't check out the script now. If you still have problems let me know and I'll do some checking when I get back.
-
- Posts: 12
- Joined: Fri 01 Dec 2006, 01:24
ok, i made the blank file as you suggested and got the menu prompt, but as is with the password prompt i was all locked up...
that is, keyboard not responding, "num lock" stuck on, and have to hard reset to go anywhere...
pc is a Dell dimension 1100 with usb keyboard.
but at the menu prior, for boot parameters, the keyboard works fine.
ps- do you get on well with your blackberry ? i have a zaurus sl-5500
-> oh and i also just upgraded to 2.12, with no difference to this.
that is, keyboard not responding, "num lock" stuck on, and have to hard reset to go anywhere...
pc is a Dell dimension 1100 with usb keyboard.
but at the menu prior, for boot parameters, the keyboard works fine.
ps- do you get on well with your blackberry ? i have a zaurus sl-5500
-> oh and i also just upgraded to 2.12, with no difference to this.
The part of the init script that handles multiple pupsave files is in the normal init script without encryption. Try it again with the normal initrd.gz and see if you can choose which pupsave file to use. If you can't, post that in the Bugs section so that Barry might get a look at it. I'll take a look at it in a few days too. Thanks for trying it out!
I get the blackberry from my employer, so it's hard to complain about it and I haven,t tried anything else like it. Guess it works pretty well.
I get the blackberry from my employer, so it's hard to complain about it and I haven,t tried anything else like it. Guess it works pretty well.
-
- Posts: 12
- Joined: Fri 01 Dec 2006, 01:24
Happypuppy, I have no idea what's wrong.
I compared the original init with the modified one using Gtkdiff to make sure I did'nt accidentally change something. Just the changes I listed on the first post. Those changes come after the part in the init script that ask you which pup_save file to use. Sorry, I wish I could tell you what's up. Might try downloading it again (bad download?) The md5sum of the initrd.gz is:
97d9ceae292a0ada13deff257c7a3e33 initrd.gz
That's just the initrd, not the whole download.
I'll see if I can borrow a USB keyboard from someone. And work on it more.
EDIT: Are you using a frugal install and replacing the initrd.gz with this one or are you re-making the iso?
I compared the original init with the modified one using Gtkdiff to make sure I did'nt accidentally change something. Just the changes I listed on the first post. Those changes come after the part in the init script that ask you which pup_save file to use. Sorry, I wish I could tell you what's up. Might try downloading it again (bad download?) The md5sum of the initrd.gz is:
97d9ceae292a0ada13deff257c7a3e33 initrd.gz
That's just the initrd, not the whole download.
I'll see if I can borrow a USB keyboard from someone. And work on it more.
EDIT: Are you using a frugal install and replacing the initrd.gz with this one or are you re-making the iso?
-
- Posts: 12
- Joined: Fri 01 Dec 2006, 01:24
the md5 checks out... perhaps its to do with how i'm running it...
im runnning off an Apacer 1Gb which i ran syslinux on, then copied the puppy iso contents to root.
renamed isolinux.cfg to syslinux.cfg,
changed one parameter inside:
PMEDIA=usbstorage
that's it but , may be enough, so perhaps ill try installing from within puppy...
im runnning off an Apacer 1Gb which i ran syslinux on, then copied the puppy iso contents to root.
renamed isolinux.cfg to syslinux.cfg,
changed one parameter inside:
PMEDIA=usbstorage
that's it but , may be enough, so perhaps ill try installing from within puppy...
-
- Posts: 12
- Joined: Fri 01 Dec 2006, 01:24
-
- Posts: 12
- Joined: Fri 01 Dec 2006, 01:24
well ive spent the day mucking around and found out some interesting things...
i burned the live-cd.iso's of dsl and puppy, then installed dsl to my usb from within dsl, this made dsl boot fine overcoming the lockup problem from before.
then i tried installing puppy from within puppy but no good, i formatted and repartitioned the drive to start fresh, then ran the installer... it could copy the files on their but not boot, similiar problem reported elsewhere on the forum...
so then i read that people had luck installing and booting puppy if installed to a usb drive after dsl had been installed, so i did this and found it worked both with and without the dsl files.
the added surprise/bonus from this was that the loading time of vmlinux and initrd.gz? at the startup was greatly reduced ! instead of waiting upto 30 seconds for the two files two load, they were streaming along and finishing in around 5-7 seconds !!
only let down was that i now wouldnt get and multiple save file choose menu option... just wouldn't appear, and also wouldn't see any encrypted save files there either if they were... i found out this was due to the relatively small set of commands in the syslinux.cfg file created by the puppy installer compared with the one in the iso (isolinux.cfg)...
so i formatted again (FAT), this time with HP utility which i think helped after having done so much to my drive it needed it...
and then copied the puppy iso contents to the root, renamed and edited syslinux.cfg and ran syslinux on the drive, this then booted fine and gave me the multi-save menu when relevant , but it was locked up, couldnt choose it !! and this was with the standard initrd.gz .... beats me, havent tested you encrypt initrd.gz this time around as figure it'll lock as well if the other is too...
but i noticed another thing which may have some thing to do with it all... when booting with no save files , when it goes through the step where its loading and looking for save file's (and where it would come in with the menu for choosing multiple save files or encrypted password) the num-lock light is locked on, and wont budge...
i think ill leave it at that until i can get on a different computer...
i burned the live-cd.iso's of dsl and puppy, then installed dsl to my usb from within dsl, this made dsl boot fine overcoming the lockup problem from before.
then i tried installing puppy from within puppy but no good, i formatted and repartitioned the drive to start fresh, then ran the installer... it could copy the files on their but not boot, similiar problem reported elsewhere on the forum...
so then i read that people had luck installing and booting puppy if installed to a usb drive after dsl had been installed, so i did this and found it worked both with and without the dsl files.
the added surprise/bonus from this was that the loading time of vmlinux and initrd.gz? at the startup was greatly reduced ! instead of waiting upto 30 seconds for the two files two load, they were streaming along and finishing in around 5-7 seconds !!
only let down was that i now wouldnt get and multiple save file choose menu option... just wouldn't appear, and also wouldn't see any encrypted save files there either if they were... i found out this was due to the relatively small set of commands in the syslinux.cfg file created by the puppy installer compared with the one in the iso (isolinux.cfg)...
so i formatted again (FAT), this time with HP utility which i think helped after having done so much to my drive it needed it...
and then copied the puppy iso contents to the root, renamed and edited syslinux.cfg and ran syslinux on the drive, this then booted fine and gave me the multi-save menu when relevant , but it was locked up, couldnt choose it !! and this was with the standard initrd.gz .... beats me, havent tested you encrypt initrd.gz this time around as figure it'll lock as well if the other is too...
but i noticed another thing which may have some thing to do with it all... when booting with no save files , when it goes through the step where its loading and looking for save file's (and where it would come in with the menu for choosing multiple save files or encrypted password) the num-lock light is locked on, and wont budge...
i think ill leave it at that until i can get on a different computer...
-
- Posts: 12
- Joined: Fri 01 Dec 2006, 01:24
well i just found out the loading time is related to syslinux version...
i have been using the win32 .exe from version 2.11 , and i noticed the dsl cd mentions 2.04 apon startup, so i dlded and tried that but im not sure if it installed properly over 2.11 so no change... but i also downlaoded the latest 3.31, and installed that, and now i get fast as load times, just like when i was running off the dsl install
i have been using the win32 .exe from version 2.11 , and i noticed the dsl cd mentions 2.04 apon startup, so i dlded and tried that but im not sure if it installed properly over 2.11 so no change... but i also downlaoded the latest 3.31, and installed that, and now i get fast as load times, just like when i was running off the dsl install
-
- Posts: 12
- Joined: Fri 01 Dec 2006, 01:24
http://syslinux.zytor.com/faq.php
maybe Puppy is installing syslinux using the -s option and maybe dsl is installing syslinux without the -s option, and that is the differenceThe -s option, if given, will install a "safe, slow and stupid" version of SYSLINUX. This version may work on some very buggy BIOSes on which SYSLINUX would otherwise fail. If you find a machine on which the -s option is required to make it boot reliably ...
I'm going to post under this thread for convenience.
Regarding PaulBx1's script:
http://www.murga-linux.com/puppy/viewto ... 9280#79280
line 56:
dd if=/dev/zero of=/mnt/home/$FNAME bs=1024 count=$(($SIZE*1024))
Should /dev/random be used instead? Along the lines of the watermarking mentioned previously, I was thinking that perhaps (although not by design) the ext3 file system or even the files in Puppy itself might function as one big watermark.
Although the act of mkfs with the crypto loopsetup might just fill in crap too but it would probably be better in theory to write the encrypted FS overtop of random data than a blank slate.
Regarding PaulBx1's script:
http://www.murga-linux.com/puppy/viewto ... 9280#79280
line 56:
dd if=/dev/zero of=/mnt/home/$FNAME bs=1024 count=$(($SIZE*1024))
Should /dev/random be used instead? Along the lines of the watermarking mentioned previously, I was thinking that perhaps (although not by design) the ext3 file system or even the files in Puppy itself might function as one big watermark.
Although the act of mkfs with the crypto loopsetup might just fill in crap too but it would probably be better in theory to write the encrypted FS overtop of random data than a blank slate.
-
- Posts: 12
- Joined: Fri 01 Dec 2006, 01:24
i actually couldnt get what the puppy installer did to boot at all...GuestToo wrote:http://syslinux.zytor.com/faq.phpmaybe Puppy is installing syslinux using the -s option and maybe dsl is installing syslinux without the -s option, and that is the differenceThe -s option, if given, will install a "safe, slow and stupid" version of SYSLINUX. This version may work on some very buggy BIOSes on which SYSLINUX would otherwise fail. If you find a machine on which the -s option is required to make it boot reliably ...
i had to do it manually; copy iso contents to root usb, rename/edit isolinux.cfg, run syslinux on drive... i was using 2.11 maybe with or with-out -s...
its good to know that as i didnt know all the differences...