Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: securely editing files, shred command

  1. #1

    Default securely editing files, shred command

    I have some old paper letters I'm going to scan and store. I need to be able to create and edit personal letters securely. I've learned how to use encryption. Now, I need to use a secure method of deleting files.

    https://linux.die.net/man/1/shred

    I have a folder with all the files. So first, I zip the folder. How do I securely shred a folder with one command?


    After that, I can encrypt the zip file. Then use the shred command on the zip file. To be the most secure, I store the encrypted file on a blank flash drive. So, I want to edit those files on the main hard drive and then shred all traces from the hard drive.

    Which file system type should I use on the flashdrive? -- opensuse uses snapshots and caches files. I have the app bleachbit to erase all cache and backup files.

    Is opensuse saving any user data in snapshots? Is bleachbit enough to remove all traces of the edited files? Noting the comments about the ext3 system. I'm planning to use ext4 for the flash drive.

  2. #2
    Join Date
    Jun 2008
    Location
    West Yorkshire, UK
    Posts
    3,442

    Default Re: securely editing files, shred command

    http://www.system-rescue-cd.org/manu...etion_of_Data/ has a useful discussion of and links to other discussions of these issues.

  3. #3
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,942
    Blog Entries
    2

    Default Re: securely editing files, shred command

    If your disk is an SSD, you don't have to do anything except perhaps to make sure that the traps are cleared with something like a TRIM command. Once the trap is cleared of data, no one can recover the data, period.

    If your disk is a rotating disk (HDD), then the tools described in John's SystemRescueCD link are fine. No matter what tool you use, the space occupied by the data has to be over-written with something... zeroes or random characters, and the more often you over-write the location the less likely any remnants from the original data can be recovered. Personally, I feel over-writing 25 times is considerable overkill and likely a waste of time. I've tested recovering after one or two passes, and personally recommend 3-5 passes. Even if something could be recovered at that point it probably couldn't be used to re-construct anything meaningful.

    The other thing that the SystemRescueCD article doesn't mention that is essential to forensic data recovery is to know that temporary files, caches and sometimes memory caches need to be cleared as well. If you use something like vim, there are very few additional data locations to check but if you use graphical text editors, anything is possible.

    Personally, I use dd because it gives me ability to configure wiping the fastest, you just need to be careful that if you configure very large number of blocks to over-write, it can leave a very large number of blocks not over-written so you need to additionally configure over-writing smaller numbers of blocks.

    IMO,
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,370
    Blog Entries
    3

    Default Re: securely editing files, shred command

    Best to do things in a way that shredding is not needed.

    (1) Use encrypted swap. Ask for more details if needed.

    (2) Configure "/tmp" to use "tmpfs". That means that "/tmp" exists in memory and perhaps swap. But swap is encrypted (step (1) above). And when you reboot, memory is erased.

    (3) To work with the files you are encrypting, create a directory in "/tmp" and work with them there. That way, the only unencrypted copy is in "/tmp". And, when done, just delete it all. Since "/tmp" now uses "tmpfs" and backing swap is encrypted, there is no need to shred.

    (4) When that is not enough, use an encrypted directory. I use an "ecryptfs" private directory. You can also use "encfs" for encrypting a directory. Or you can set up a Plasma vault (from KDE), where "encfs" is one of the encryption choices.
    openSUSE Leap 15.1; KDE Plasma 5;

  5. #5

    Default Re: securely editing files, shred command

    I tried to format the flash drives with volume label. Yast-partitioner

    Mounting options:

    mount device
    /srv

    fstab option:
    enter label

    click ok

    the btrfs volume... error


    I can't enter a label with either primary or extended partion. ??

    I had to manually label it:

    tune2fs -L labelname /dev/sdb1

  6. #6
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,872

    Default Re: securely editing files, shred command

    In fact you can not label partitions, you can label file systems. That is file system dependent. Thus you use e.g. tune2fs for ext2/3/4/ file systems. And a different one each for other type of file system (if the file system supports it).

    And as said you can not label partitions. Primary partitions may contain a file sytem, thus you may be able to label such a file system and some then will incorrectly say they labeled the partition. But extended partitions can not contain file systems (they can only contain logical partitions), thus even when using the shortcut expression partition for file system, you can not label an extended partition.
    Henk van Velden

  7. #7

    Default Re: securely editing files, shred command

    Quote Originally Posted by hcvv View Post
    In fact you can not label partitions, you can label file systems. That is file system dependent. Thus you use e.g. tune2fs for ext2/3/4/ file systems. And a different one each for other type of file system (if the file system supports it).

    And as said you can not label partitions. Primary partitions may contain a file system, thus you may be able to label such a file system and some then will incorrectly say they labeled the partition. But extended partitions can not contain file systems (they can only contain logical partitions), thus even when using the shortcut expression partition for file system, you can not label an extended partition.


    FYI, I need to understand this so I can properly format a flash drive in linux to store my data and possibility encrypt it. After, I will return to the subject matter.


    Create partition (all available space) --> Format that partition with a file system, add label.


    New flash pre-formatted with FAT32
    ------------------------------------------------
    Partition /dev/sdb -- > FAT32 file system with the label 'brandname'


    Yast-partitioner--> click sdb in system view --> click delete.

    That deletes the FAT32 file system and partition. Flash drive has no partitions.

    Add partition --> primary --> maximum size --> Data and ISV applications -->
    Formatting options --> format device --> select ext4 -->

    Choose to encrypt device or not. Click on checkbox
    Encrypt --> enter password

    Flash drive has a partition formatted with ext4 file system. Blank label. KDE then mounts the drive showing it in the plugin icon.


    I've done this for three flash drives. Is there a way enter a drive label here or somewhere else in KDE? Else, I have to manually label all my flash after using this.


    PS, I need do some websurfing on linux extended partitions.

  8. #8
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,872

    Default Re: securely editing files, shred command

    Quote Originally Posted by lord_valarian View Post
    FYI, I need to understand this so I can properly format a flash drive in linux to store my data and possibility encrypt it. After, I will return to the subject matter.


    Create partition (all available space) --> Format that partition with a file system, add label.


    New flash pre-formatted with FAT32
    ------------------------------------------------
    Partition /dev/sdb -- > FAT32 file system with the label 'brandname'
    First FYI, I did not try to read all the posts before the post I answered (and quoted) to. I am not interested in the subject. I only saw the confusion emenating from the post I answered to and tried to provide you with information about what a file system is (the contents), what a partition is (one of the type of containers that can contain a file system), so that you see the difference and thus may understand why you can label a file system, but not a a partiotion (and certainly not an extended partition.

    Now about what you post above.
    I stopped reading at after the part I quote here. Because you first say that you created a (one!) partition on the device that has the maximum available size. Now when you create such a partition on say /dev/sdb, that partition will be /dev/sdb1.
    Then you say you have a file system on /dev/sdb.
    Those two things can NOT be true at the same time. Either you have a file system on the whole device /dev/sdb (that will then have no partitions at all), or you have a file system on a partition on the devive /dev/sdb1.

    I decided it has no use to read one before this it is made clear.what you have (done).
    Henk van Velden

  9. #9
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,872

    Default Re: securely editing files, shred command

    Quote Originally Posted by lord_valarian View Post


    PS, I need do some websurfing on linux extended partitions.
    Why? Just read https://en.opensuse.org/SDB%3ABasics...,_mount_points
    Henk van Velden

  10. #10
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,872

    Default Re: securely editing files, shred command

    Quote Originally Posted by lord_valarian View Post


    Yast-partitioner--> click sdb in system view --> click delete.

    That deletes the FAT32 file system and partition. Flash drive has no partitions.

    Add partition --> primary --> maximum size --> Data and ISV applications -->
    Formatting options --> format device --> select ext4 -->

    Choose to encrypt device or not. Click on checkbox
    Encrypt --> enter password

    Flash drive has a partition formatted with ext4 file system. Blank label. KDE then mounts the drive showing it in the plugin icon.


    I've done this for three flash drives. Is there a way enter a drive label here or somewhere else in KDE? Else, I have to manually label all my flash after using this.

    I Took the trouble to try and understand this.
    First:
    Yast-partitioner--> click sdb in system view --> click delete.
    Normaly one would after clicking sdb at left, then see the existing partitions at right and select the partition at right before one clicks delete at right. But indeed, when there is only one partotion (sdb1) clicking Delete will delete this only partition (btw, it will only remove the entry of that partition from the new, yet to write to the device, partition table, nothing is done to the device yet).

    Then you recreate the partition sdb1. I do not know why, because it was already there. You only want to create a new file system on it, which you can do with Edit. But OK, that is what you did.

    Now when you reach to the Formatting Options, there is also the Mount Options panel. When you check Mount the device, you will be able to click the Fstab options. This will bring a pop-up where you can fill in the Volum Label..

    I admit that it is a bit strange that you can only fill in the label when you also go for creating an fstab entry with a mount point, but as you found out you can always create/change the label with tune2fs. You are not bound to using YaST. I most of the time just use fdisk, mkfs, vi /etc/fstab, etc. YaST is only a helping program created around all these tools that by nature only covers a subset of the myriads of prossibilities. The subset that the designers assumed are the ones most often used.
    Henk van Velden

Page 1 of 3 123 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •