Announcement

Collapse
No announcement yet.

Are Vaults a joke?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    [ENCRYPTION] Are Vaults a joke?

    Just for fun, I tried making an "Encrypted Vault" and put some stuff in it.
    Well, whether the Vault is open or closed, the data in it is perfectly readable.
    The link to it may be "encrypted" but the data is not.

    So... if not a practical joke, the whole idea is a bit... misleading, isn't it?


    #2
    Huh?
    Closing the dolphin window, or unmounting the vault? Rather, ejecting it via the systray widget.
    I can't see files in the mount folder, and the actual files being mounted are all encrypted:

    Click image for larger version

Name:	Screenshot_20200427_171558.jpg
Views:	1
Size:	54.0 KB
ID:	644664

    And when I mount it and supply the password:

    Click image for larger version

Name:	Screenshot_20200427_171745.jpg
Views:	1
Size:	57.0 KB
ID:	644665

    Comment


      #3
      heck, if I set the vault to only open on one Activity, it closes (unmounts) when I switch to a different one, and I have to re-enter my password when I switch back.

      Comment


        #4
        What I mean is, when you create the vault, it asks for a Mount point and for an "Encrypted data location", right?
        Well, if I close the vault - or don't open it - , and go straight to the Encrypted data location (a folder), I can see everything in it.

        Comment


          #5
          Originally posted by Don B. Cilly View Post
          What I mean is, when you create the vault, it asks for a Mount point and for an "Encrypted data location", right?
          Well, if I close the vault - or don't open it - , and go straight to the Encrypted data location (a folder), I can see everything in it.
          In my screenshots, the left pane is the encrypted data location, and you can see the many encrypted files/folders there, representing the two files I have added to the vault. What are you seeing in yours?

          I wonder if it is a symptom of your Neon Testing setup, if that isd what you are using.

          Comment


            #6
            Well, I'm setting the data location on an external drive - the idea being that if I wanted to keep some backed up documents there private...

            Click image for larger version

Name:	vaults.png
Views:	1
Size:	44.1 KB
ID:	644666

            Now, in the left tab I have the (locked) vault. In the right one the location it points to.
            If I unlock the vault, all that's in the vault is a ".directory" file, with an "open" padlock icon. When locked, it's "empty".

            But as you can see, the actual data on the external drive are perfectly readable.

            Now, it might be neon - but it's got a Vaults widget in the panel "by default". I didn't put it there.
            I might be doing it wrong - but I just use the "Create a New Vault" menu and just choose an external location for the data. I certainly get no warnings.
            This is with the unlocked vault:

            Click image for larger version

Name:	Screenshot_0428_073715.png
Views:	1
Size:	25.2 KB
ID:	644667

            See that the right tab is now labelled ~/Vaults/test (fuse.cryptfs). But
            1) there's nothing in the left one.
            2) the actual stuff in the actual location is plainly readable whether it's open or locked.

            Comment


              #7
              Originally posted by Don B. Cilly View Post
              Well, I'm setting the data location on an external drive - the idea being that if I wanted to keep some backed up documents there private...

              [ATTACH=CONFIG]8778[/ATTACH]

              Now, in the left tab I have the (locked) vault. In the right one the location it points to.
              If I unlock the vault, all that's in the vault is a ".directory" file, with an "open" padlock icon. When locked, it's "empty".

              But as you can see, the actual data on the external drive are perfectly readable.

              Now, it might be neon - but it's got a Vaults widget in the panel "by default". I didn't put it there.
              I might be doing it wrong - but I just use the "Create a New Vault" menu and just choose an external location for the data. I certainly get no warnings.
              This is with the unlocked vault:

              [ATTACH=CONFIG]8779[/ATTACH]

              See that the right tab is now labelled ~/Vaults/test (fuse.cryptfs). But
              1) there's nothing in the left one.
              2) the actual stuff in the actual location is plainly readable whether it's open or locked.

              Are you putting the files you want to be encrypted directly in the encrypted data location ?
              You put the files in the vault location, which is where the encrypted volume is actually mounted, it is just like a drive is mounted. Anything put there is encrypted and put in the data location, if you are putting files in the mount point, and seeing the actual, unencrypted files in the encrypted data location you probably have exposed a flaw.



              On my setup with the encrypted data location on an external drive, and adding files to the vault - the mount point for the encrypted data location. Note that I did not scroll down to view the entire contents on the right Dolphin pane, but there the actual files i dragged are not visible in the encrypted data location, just the newly encrypted data is.
              Think of the encrypted data (NOT the physical location) as a device, a drive. The images you have visible in the folder alongside your encrypted data are not actually encrypted, just sitting alongside the files that make up the encrypted volume.

              Comment


                #8
                I see. That's what I was doing wrong.
                Well, I thought, since they are backups of data, on an external drive, if I lose the data on my system due to a disk crash...
                ... so I went and backed them up on external drive. I though, since that location is "vaulted"... and I copy them from my Dolphin - which should know that the location...
                Totally wrong reasoning.

                So I should copy them to the Vault on my drive. Let's try... it works Click image for larger version

Name:	icon_smile_blush.gif
Views:	8
Size:	845 Bytes
ID:	644671

                Still... one doubt: if I lose the whole system? I would have to restore all of it from backup to get my encrypted external data, or any *buntu OS will do?
                Because if the password is stored on the HD, and no copy - or hash - of it is on the external... :·/

                I'm trying to find out but it's unclear.
                Well, there is a cryfs.config on the ext. drive location. Maybe... I'll try and plug it into the laptop and we'll see.

                Comment


                  #9
                  OK, I found the solution.
                  I also backup - on the same drive - the ~/Vaults directory, and ~/.config/plasmavaultrc, and if I copy them to the same locations on the new system, logout/in, I have "ze vault".
                  As the username is the same on both systems, it's a breeze. Otherwise, I guess one just edits the config files.

                  One little note, as the system I transferred it to (the laptop) has Kubuntu 20.04, when I went to open the vault, it said, "This uses a newer version of cryfs, would you like to upgrade the vault", Said Yes, went flawlessly.
                  Even CryFS didn't make me cry ;·)

                  Comment

                  Working...
                  X