[Under consideration] Get Cryptography Average Joe Ready!
 

http://maemo.org/community/brainstor...rage_joe_ready

There is no GnuPG GPG PGP environment, no dm-crypt, no blowfish-button in file-context-menus and no GU interfaces ready to use for Joe Average!

There was already the question of securing private data.


What is the best way to get email/file/addressbook de/encryption/signing to Joe and his friends.

Should it be part of all programs containing private data? Should there be a Privacy Manager Tool to manage keys keyrings, encrypted files, addressbooks and calendar entries?


Encrypting the whole filesystem is neither a solution for the private data nor for email. It slows down the system and drains the battery. On my Netbook its costs are about 1-2Watts, speed I dont realy recognize.

Re: [Sandbox] Get Encryption Average Joe Ready!
 

Andre Klapper was kind enough to further note down that there is a bugreport
and also posted a comment to the bugreport linking back to the brainstorm item. Thanks!

Re: [Sandbox] Get Encryption Average Joe Ready!
 

give me truecrypt on maemo and i'll be happy.


www.truecrypt.org

Re: [Sandbox] Get Encryption Average Joe Ready!
 

Please add it as a solution to the brainstorm ticket.

Re: [Sandbox] Get Encryption Average Joe Ready!
 

How about eCryptfs? (it's a kernel module nowadays)
Can you mount stuff via the busybox shell?

Re: [Sandbox] Get Encryption Average Joe Ready!
 

so you are not average joe, are you?

truecrypt doesnt help with "modest got no pgp/mime handling"
truecrypt does not manage your gpg keys.

truecrypt does crypt your filesystem and thats not a solution for average joe (I script that faster as joe installs truecrypt and gets it working, the problem with large crypts is that it drains battery)

to deliver to windows, as mass device you could decrypt a partition setup with truecrypt as it is available for windows (AFAIK) but you need to install it and configure it

summary:
truecrypt (in my eyes) is a standalone solution for encrypting partitions and it makes them also available while in massstorage mode within YOUR windows. (same goes for LUKS I know)


for eCryptfs quiet the same answer apart of I dont know another OS than unix based to work with it

Re: [Sandbox] Get Encryption Average Joe Ready!
 

I use truecrypt on my computers at work/home and would love to see it in Maemo.

You do not have to encrypt the whole partition. You can create an encrypted file (up to 4GB on FAT32), mount that and store important files in it. The file would be accessible to both window and linux when exported via usb. I believe that there is a "portable/thumb drive" version for windows that does not need to be installed to run.

Best of all, if you don't need to access the files, truecrypt does not need to be running (ie no battery drain).

This doesn't address all the issues, but may address enough for the average joe to use (with a gui front end) easily to protect important data.

Re: [Sandbox] Get Encryption Average Joe Ready!
 

good to know so truecrypt would be the env for files (includes partitions as we all know "everything is a file)I want to share within massstorage mode?!

you leave out addressbook and calendar if you think of unmounting. In any other case, most crypting softwares do need the juice while reading and writing files but none while idle... (at least the stuff I think of)

but joe doesnt know which data is important! joe doesnt know that all his emails send are scanned! joe doesnt know that all data he sends via ICQ is from then on owned by ICQ Inc. and so on. (at this point I recognize I missed a jabber client or xmpp at all.) the worse is that joe does not care. so we, as people who care, should give a startup for joe, showing what we do and was is recommended.

joe would crypt some passwords which are guessable anyway, and some files... (next thought: passwords need to be checked and rated for security)

Re: [Sandbox] Get Encryption Average Joe Ready!
 

Hmm there are a few other threads about this subject. It is also related to authentication about which we have also some threads.

One problem with cryptography (don't call it 'encryption') is that it only works if you trust it. In order to trust it, you have to understand it. While making it as less complex as possible is a good aim, many people won't understand how cryptography works. So a solution which handles this must keep that in mind. (See for example how Mozilla Firefox deals with SSL and the various implications of this.)

Some related threads:
http://talk.maemo.org/showthread.php...689#post381689
http://talk.maemo.org/showthread.php?t=32672
http://talk.maemo.org/showthread.php?t=33304

Re: [Sandbox] Get Encryption Average Joe Ready!
 

If you aren't aware, there was some work done putting a maemo front end on true-crypt, but it never got to a point I would call complete or elegant. It's called EasyCrypt:

http://talk.maemo.org/showthread.php?t=15984

Re: [Sandbox] Get Encryption Average Joe Ready!
 

Don't know what DRM has to do with cryptography but ok, the others are more general, like locking the device which could be taken as part of the whole cryptography issue.
The issue with people not knowing, call it "Security Suite" give a short description what will be secured and what it means to in general and provide it with a red pill mode for advanced users, but blue pill should be all with default settings dev team thinks are useful. With that you will get most people to secure at least some of their private data.

Actualy I care less about those Joes! If someone say he doesnt care that much why should I? I care about those Joes who would like to use cryptography and have no clue how to do that as they are used to deal with menu-overloaded-mouse-only-GUIs from windows and KDE. They get stuck with creating a GnuPG keypair in a terminal and gave up after 10 minutes because they thought they'd never understand and a cheap GUI wasnt any help either.

I'm not a developer yet and far away from doing this kind of stuff from scratch. EasyCrypt looks like a start but more important is the modest mime extension to me and others. The name is already telling and getting the GUI slowly extended to handle GPG PGP keys, then integrating with the system to encrypt calendar etc. would be an idea.
the device lock stuff is already in my primary solution

Re: [Sandbox] Get Cryptography Average Joe Ready!
 

As a first step, could the basic tools be made available together with a how-to suitable for the average joe like me who doesn't mind using the CLI if given clear instructions?

I'd like to see gpg and a truecrypt port, even with no GUIs.

And what about using a key stored on other media? I guess having my key on a USB stick would be one option.

Re: [Sandbox] Get Cryptography Average Joe Ready!
 

GnuPG is preinstalled out of the box and fairly complete:

Re: [Sandbox] Get Cryptography Average Joe Ready!
 

I think it wouldn't, since the N900 supposedly doesn't support USB Host.

Edit: Assuming you're actually talking about the N900, of course.

Re: [Sandbox] Get Cryptography Average Joe Ready!
 

Thanks. Yes, talking about N900.

Re: [Sandbox] Get Encryption Average Joe Ready!
 

I tried to change the thread's name and it is showing the changed name to me when I edit the main post but it doesnt for anything else. Some of the Mods might wanna fix/change this, its Cryptography instead of Encryption, please.

Re: [Under consideration] Get Cryptography Average Joe Ready!
 

On TrueCrypt there is another thread here:
http://talk.maemo.org/showthread.php?t=38536

I am not realy impressed yet as there is nothing showing up in extras and nothing from this brainstorm was looked at...

at least REMFwhoopitydo will be happy now

Re: [Under consideration] Get Cryptography Average Joe Ready!
 

has anyone tried to encrypt the whole folder where personal settings are stored? (contacts, PINs, calendars, etc)? Or, is it feasible?

Re: [Under consideration] Get Cryptography Average Joe Ready!
 

Actually a proper login screen and encrypt the whole privacy tops would be first choice. I did not have a look yet for anything of the issues as my first look would go for real multi user environment and that would mean to have all things moved to ~/ instead of somewhere else. Long way to walk I guess.