Crypt and decrypt files with OpenSSL from the command line

I finally managed to add to my ~/.bashrc a function to crypt and decrypt files and directories using OpenSSL. Add these to your ~/.bashrc and reload it with source ~/.bashrc

function sslcrypt {
  item=$(echo $1 | sed -e 's/\/$//') # get rid of trailing / on directories

  if [ ! -r $item ]; then
    exit 1;
  fi

  if [ -d $item ]; then
    tar zcf "${item}.tar.gz" "${item}"
    openssl enc -aes-256-cbc -salt -in "${item}.tar.gz" -out "${item}.tar.gz.ssl"
    rm -f "${item}.tar.gz"
  else
    openssl enc -aes-256-cbc -salt -in "${item}" -out "${item}.ssl"
  fi
}

function ssldecrypt {
  item=$1

  if [ ! -r $item ]; then
    exit 1;
  fi

  openssl enc -d -aes-256-cbc -in "${item}" > "${item}.decrypted"
}

You can invoke them as:

user[~]% sslcrypt file.txt
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
user[~]%
user[~]% ls -l file*
-rw------- 1 user group 668 13 gen 16.11 file.txt
-rw-rw-r-- 1 user group 688 19 feb 23.27 file.txt.ssl
user[~]%
user[~]% ssldecrypt file.txt.ssl
user[~]% ls -l file*
-rw------- 1 user group 668 13 gen 16.11 file.txt
-rw-rw-r-- 1 user group 688 19 feb 23.27 file.txt.ssl
-rw-rw-r-- 1 user group 668 19 feb 23.29 file.txt.ssl.decrypted

Use a good passphrase for strong security, but don’t forget it!

Linux RAID1 starting from single disk

Just found some notes I did take some time ago about creating a software RAID1 starting with only one disk: it’s a bit more complicated than starting with two, but doable anyway. First thing, partition your disk, you should have at least one partition marked as FD type (Linux Raid Autodetect):

# cfdisk /dev/vda
[create new partition, change partition type to FD, write to disk]

Next, you should build your array, with the only disk you have and save the configuration:

# mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/vda1 missing
# mdadm --detail --scan >> /etc/mdadm/mdadm.conf

After the array is started, it should appear as “degraded” in /proc/mdstat, but we can use it right away; let’s format and mount it:

# mkfs.ext4 /dev/md0
[...]
# mkdir /mnt/raid
# mount /dev/md0 /mnt/raid

Next we can save some data to the new filesystem, so that we can make sure it’s ok after the rebuild

# date > /mnt/raid/current-date
# cat /mnt/raid/current-date
[...]

Now we will add the second disk to the array. First thing, we would copy the partitioning scheme from vda to vdb and check to make sure everything is fine:

# sfdisk -d /dev/vda | sfdisk /dev/vdb
# fdisk -l 2>/dev/null | grep -B1 '^\/dev'

Next step, is to add the new disk. Let’s umount the raid first, then add the disk and check if the array is rebuilding itself (use CTRL+C to quit watch command):

# umount /dev/md0
# mdadm --add /dev/md0 /dev/vdb1
# watch cat /proc/mdstat
# mount /dev/md0 /mnt/raid
# cat /mnt/raid/current-date
[...]

When the rebuild will end, you’ll be ready to go :)

Compiling John the Ripper with OpenCL support on Debian testing [updated]

John the Ripper has now experimental OpenCL support via a patch distributed by the official site. Sadly, AMD OpenCL toolkit (APP 2.6, drivers 11.11+) is broken, so I can’t try it, but if you want to build it, here’s how I did it:

# cd /usr/src
# git clone git://github.com/magnumripper/magnum-jumbo john-git
# apt-get install build-essential libssl-dev opencl-headers
# apt-get install amd-opencl-icd amd-libopencl1 # this will be different for nvidia and intel!
# apt-get install --no-install-recommends fglrx-driver fglrx-source glx-alternative-fglrx xserver-xorg-video-fglrx fglrx-modules-dkms libgl1-fglrx-glx fglrx-atieventsd module-assistant kernel-package libxvbaw1 autopoint libmail-sendmail-perl # also, this will be different for Nvidia and Intel
# cd john-git/src
# vim Makefile

Here you should uncomment the line reading “OMPFLAGS = -fopenmp -msse2”, then save and compile:

# make -j3 linux-x86-64-opencl
[...]
# ../run/john -test