[aescrypt] Suggestions - permissions, timestamps, and source file naming

Andy Schofield ajs at th.ph.bham.ac.uk
Sun Jan 23 09:17:08 EST 2011


Paul

Paul E. Jones wrote:
> Andy,
> 
>> Just discovered aescrypt. It seems to be exactly what I am looking for -
>> a file en/decrypter which is open source and works on linux, osx and
>> windows. Thanks very much for creating this.
> 
> Well, it wasn't me alone.  Several people on this list contributed in
> various ways :-)
>  

My thanks to all!

>> I've been adapting it to create an rpm (for redhat style linux
>> distributions) and had a couple of suggestions/observations for it:
>>
>> (1) File permissions
>> I notice that the .aes file created by encryption under linux seems to
>> take whatever umask would give it. That may be the preferred solution -
>> I genuinely do not know - but I would suggest that the .aes file should
>> inherit the permissions of the file it is created from. Presumably the
>> same should apply on decrypting.
> 
> Honestly, I can't recall having seen a program that would inherit file
> permissions from another file.  If this were an archiver, it might make
> sense to do, but I'm not so sure about a tool like AES Crypt.  If I wanted
> to preserve file permissions, I would tar files and then encrypt them.  In
> fact, that's how I do backups ;-)

comments below

>  
>> (2) Time stamps
>> On that subject, the encrypted version of the file, could perhaps have
>> the same creation/modification time as the original. It could then also
>> pass that back when it is decrypted.
> 
> This is a similar kind of request that deserves a similar kind of response.
> AES Crypt does, in fact, create a new file.  Decrypting it creates a new
> file, too.  So, to preserve the original timesamp of the file seems
> disingenuous.

Disingenuous seems a little strong! I guess my prejudice is based on 
other linux tools which offer similar functionality: mcrypt being a 
classic example (http://mcrypt.sourceforge.net/)

I just checked again, and what mcrypt does is create files (.nc) which 
have the same timestamp as the original and have a restricted set of 
permissions independent of the original files (600). On decrypting it 
keeps the original timestamp but the decrypted file remains as 600 
independent of umask.

The rational is this I presume: though it is creating a new file that 
new file's content was old and dates from the time the file was last 
modified. In that sense this is not a new file but a secure 
representation of an old one. That past date still has some value after 
decryption which is otherwise lost. I appreciate that you could tar up 
the file(s) for archiving then aescript them.

Given that mcrypt was itself a drop in replacement for the old crypt 
command, I suspect that the behaviour I was suggesting about preserving 
timestamps would actually be the expected behaviour for a large number 
of unix/linux users. (As I stressed in the original post though - the 
strength of aescript is that it runs easily on multiple platforms and 
does not rely on too many libraries.)

>  
>> (3) Name and contents of the source file It might be helpful (for
>> packagers etc) if the linux source file adopted a more standard naming
>> convention, and also included the man page which it also put in place.
>> At present the source file is: aescrypt305_source.tar.gz I would
>> suggest: aescrypt-3.0.5.tar.gz which then tar unzips to aescrypt-3.0.5/
> 
> If creating an RPM, I'd definitely agree.  I've not been entirely consistent
> with respect to naming.  Once I revise the code, I might do that.
> 
> In the meantime, though, feel free to create an RPM with version numbers in
> the files as you'd like to see them.  Is it your intent to get the file
> distributed with one of the major Linux versions?  You'd certainly be
> welcome to try, if you'd like.  Even though I have the source code readily
> available, I'd love it if the software shipped with Fedora, for example.  I
> just don't have time to engage folks to make that happen.

I have created an rpm - though I am no expert in this. I was not 
planning to lobby distributions to include it, but they determine 
content by the critical mass of people who want things. The best thing 
is to build up your user base - as you are doing. In that respect you 
are more than welcome to add my spec file, and rpms to your website. 
Rather than clog people's inboxes I will email you separately if you are 
interested.

Thanks again for all your efforts. Its free software and I am in your 
collective debt for creating it.

Andy
> 
> Paul
> 
> 




More information about the aescrypt mailing list