Introduction
A lot of tools can give you excellent encryption-options for
communicating with a small number of partners. But they are all based
on sending the information to them.
None of them gives you the option to (allmost) transparently encrypt
files on a shared (inter)network filesystem, not directly knowing who
of your communication-partners will open the file, without either
sharing a keypair or encrypting to everybody with access to that file.
SCS takes care of that. It uses blowfish encryption and you share 1
key. This "key" is actual the passphrase to decrypt the files. This
prevents you from the hassle of sharing lot's of key's and choosing
which key to use.
SCS has also an option te recode using a new "key", as for some reasons
you don't trust the old one anymore.
What's New
October 4, 2004.
Added
wildcard options for store and recode
so you don't have to handle each file seperately but handle them in
batch. This option does not work for "work" (decoding) to prevent
unintentionally decoding your entire list of files.
Also added an option to check for VIM-backup-files (the ones with the ~
on the end) to notify you there's still a plain version left over.
Some more strictly filechecking included.
August 23, 2004.
Added space-handling in
filenames.
Modified logging options at
key-generation-time.
July 9, 2004.
Initial version.
The complete changelog can be read here:
Changelog
Configuration
SCS comes with only 1 executable, named "work".
First of all, you need to make 2 symbolic links to this file, named
"store" and "recode".
Now it is ready to use. During the first run it will generate (if not
exists) a directory ~/.work and look for a key in it. If this not
exists, it will propose you to generate one.
In this setup it will copy 8kB of data out of your random-device and
use the sha1-hash as a key to work with.
Within your .work dir, you can put a config-file, named config. The use
of this file is optional!
#
# Config file for "work"
# Empty lines and lines starting with "#" are ignored.
#
# All entries are overrides from the defaults. Comment-out the settings
# if you're not sure!
#
# tempdir is the place where the unencrypted files are stored
tempdir=/some/where/secure
# keyfile is the keyfile used to encrypt and decrypt
keyfile=/only/readonly/key
# newkeyfile is the keyfile used to recode your files.
# you need this when there's a need to switch key's
newkeyfile=/only/readonly/newkey
# debug will spit-out a lot of information what it is doing. Only for
error-
# testing
debug=0
# storedir is a default directory to store your encrypted work.
# Not yet implemented.
#storedir=/tmp/store
# openssl is the place of the openssl-binary. Use this in case you need
# to use another openssl (i.e. /usr/local/bin/openssl ).
#openssl=/usr/bin/openssl
Tuning
Personally i choose to set the default store-directory in the
configfile, as this prevents typing in a location to store to.
The keyfile and the temp-files are all on my flash-drive. So nothing of
the secret data or key remains stored on the computer to use.
Download
HA! The important part:
October 4, 2004: Revision 0.6
SCS
It is
signed with my
gpg public key.
Copyright
SCS
is
released under the GPL.
Example
After installation, we generated a key and it's in place.
My plain file with sensitive data is called
/mnt/flashdrive/Docs/SomeData.sxw
Now i want to store it:
store /mnt/flashdrive/Docs/SomeData.sxw /mnt/shared/SomeData.sxw
or, if you
defined the store-directory: store /mnt/flashdrive/SomeData.sxw
The destination can also be a directory, so you don't need to type in
the filename:
store /mnt/flashdrive/Docs/SomeData.sxw /mnt/shared
And i want to work on it again:
work /mnt/shared/SomeData.sxw
It is now stored in the "plain" directory ~/work or as defined in the
config file.
Presume whe want to recode with another key. You need to have the
configfile in place with the key's defined:
recode /mnt/shared/SomeData.sxw