Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

working on an encrypted disk on my USB pen without admin rights: a problem without solution?

3 views
Skip to first unread message

Ciofegates

unread,
Feb 7, 2007, 4:46:53 AM2/7/07
to
I have tried many and many programs: TrueCrypt, OTFEFree, Dekart Disk
Light, Cryptainer LE, and others, but all of them require (at least
one time) admin rights to load their system driver on the machine to
use.

Is there any program that allows to use a crypted disk on a USB pen
without the need of administrator rights?
Thanks.

nemo_outis

unread,
Feb 7, 2007, 4:22:26 PM2/7/07
to
"Ciofegates" <ciofe...@mailinater.com> wrote in
news:1170841613.4...@a34g2000cwb.googlegroups.com:


Yes. The Kingston Data Traveller Secure has inherent encryption without
installing any drivers. Works only on Win 2k/xp (2k3? vista?) however.

The software is specific to this drive as far as I know. The actual USB
drive is physically a bit bigger than most but very robust and is available
in sizes up to 8 gig.

Regards,

Alan

unread,
Feb 8, 2007, 9:34:52 AM2/8/07
to
"Ciofegates" <ciofe...@mailinater.com> wrote:
> Is there any program that allows to use a crypted disk on a USB pen
> without the need of administrator rights?
> Thanks.

If the host allows it, you can reboot to linux from the USB drive. Then you
can use TrueCrypt from linux.

Whatever you decide, beware of connecting your USB drive to an untrusted
computer!


Mike Amling

unread,
Feb 8, 2007, 12:55:30 PM2/8/07
to
Alan wrote:
> Whatever you decide, beware of connecting your USB drive to an untrusted
> computer!

Yes. I like the USB drives that have a hardware read-only switch.

--Mike Amling

tril...@bonbon.net

unread,
Feb 8, 2007, 2:48:37 PM2/8/07
to
"Alan" <a__l_...@hotmail.com> wrote in
news:eqfcek$qh2$1...@bananasplit.info:

> "Ciofegates" <ciofe...@mailinater.com> wrote:
>> Is there any program that allows to use a crypted disk on a USB pen
>> without the need of administrator rights?
>> Thanks.
>
> If the host allows it, you can reboot to linux from the USB drive.
> Then you can use TrueCrypt from linux.

...and quietly reformat the computer it's connected to as well.

Honestly - if he's not allowed admin rights - what makes you think he'll be
allowed to boot from anything other than the PC's HDD?

Alan

unread,
Feb 12, 2007, 10:02:58 AM2/12/07
to
On Feb 8, 2:48 pm, "trilam...@bonbon.net" <trilam...@bonbon.net>
wrote:

> Honestly - if he's not allowed admin rights - what makes you think he'll be
> allowed to boot from anything other than the PC's HDD?

Unwise as it may be, it is still quite commonly possible to do so.
Your mileage may vary...

vedaal

unread,
Feb 12, 2007, 10:16:10 AM2/12/07
to


afaik, no

but there is a somewhat tedious yet still quite do-able workaround
to functionally accomplish what you want to do

here is an overview,
and then if you are still interested, the step-by-step how to, is
listed below the overview

overview:

a large encrypted file is contructed to act as your container file,
using pgp 2.x which runs from the usb drive without any administrative
privileges, or registry entries

this 'container' file can hold any type of file within it, or multiple
files of varying types,
(i have tested it up to 1 gig, as that is the hardware limit for the
usb pendrive, since even a 2 gig usb drive needs space for the
decrypted contents in addition to the original 'container' )

the individual files can remain in encrypted form until needed,
and any work done or new files added, can be put back into the
'container'

as always, on any computer with multiple access, there are still
concerns about key-loggers, journal file system backups, etc.


ok,

the how-to:

requirements:
(a) pgp 2.x
(i very highly recommend Disastry's last version, as it can use all
the current open-pgp hashes and symmetrical algo's, available here:
http://www.spywarewarrior.com/uiuc/disastry/263multi.htm
but any pgp 'classic' 2.x build will work just as well)

(b)it would help to have a programmer's text editor
that could be run from the usb without traces,
otherwise wordpad will be sufficient,
(but beware of windows 'autobackups' that might be active in wordpad)

the features that are essential are:
a 'find' feature,
and the ability to open large textfiles

(for testing, i used editpadlite
http://www.editpadpro.com/editpadlite.html
but have not tested it with regard to running from a usb drive

the test consisted of taking a 1gig truecrypt container,
pgp-armoring it into ascii text, and opening it in the editor,
ep lite opened the 1.4 gig .asc file instantly)
[if anyone knows of a small portable editor that runs traceless from
the usb, please post, Thanks!]


here are the individual steps:

[1] set-up pgp 2.x on the usb drive
(for purposes of illustration, call the usb drive the K drive,
and set up pgp as k:\pgp)

[2] open the editor and type the following two lines:

set PGPHOME=home
command.com

and save this as k:\pgp\1.bat

double-clicking on the 1.bat file will open a dos window with the pgp
2.x commandline

[3] create a folder K:\cf to act as the 'container folder'
and put the desired files there

(the next few steps are better done with a script using perl, python,
cygwin, etc. as part of the set-up, but the script will not be needed
to run it from the usb drive)

[4] for each file in K:\cf, do the following:
pgp -awe K:\cf\filename

this produces K:\cf\filename.asc
an encrypted file in text form, and wipes the original file
(the encryption can be symmetrical or to a pgp 2.x key)

the original file can be retrieved by doing:
pgp K:\cf\filename.asc

[5] in the pgp 'Comment:' line of filename.asc
type: filename.asc
(this will allow the individual files to be retrieved from the
'container')

[6] concatenate all the filename.asc textfiles into one large
textfile,
an save it as K:\cf\cf.txt

[7] do:
pgp -we K:\cf\cf.txt

this produces K:\cf\cf.pgp and wipes the previous file

and is the encrypted 'container' file
with no hint of what files are present within it

[8] to retrieve, do
pgp K:\cf\cf.pgp

this produces K:\cf\cf.txt

[8] use the editor's 'find' function to find any individual file,
copy it as a new textfile, and retrieve it as in step [4]

using 'find' to search for 'Comment' will list each filename in the
concatenation

[9] any new 'worked on' files, can be 'saved' as in steps [4] amd [5]
and added onto the end of cf.txt

[10] do step [7] to re-encrypt and 'close up' the container


vedaal

Ciofegates

unread,
Feb 14, 2007, 3:54:23 AM2/14/07
to
> > Is there any program that allows to use a crypted disk on a USB pen
> > without the need of administrator rights?
> > Thanks.
>
>
> afaik, no
>
> but there is a somewhat tedious yet still quite do-able workaround
> to functionally accomplish what you want to do
>
> here is an overview,
> and then if you are still interested, the step-by-step how to, is
> listed below the overview

Thanks of your explanation. Indeed, your method seems to me quite
cumbersome. And I wonder if there would be no freeware program that is
able to crypts and decrypts files without administrator rights.
In my original question I did want to refer to encryption "on the
fly", which allows not only to open and modify documents, but to
launch executable files, too.

vedaal

unread,
Feb 14, 2007, 10:34:39 AM2/14/07
to
On Feb 14, 3:54 am, "Ciofegates" <ciofega...@mailinater.com> wrote:

> I wonder if there would be no freeware program that is
> able to crypts and decrypts files without administrator rights.
> In my original question I did want to refer to encryption "on the
> fly", which allows not only to open and modify documents, but to
> launch executable files, too.

again,
afaik, no

but if you can find a zip/unzip program that works without registry
traces or administrator rights,
then you can still accomplish what you want, by zipping all your
executables and documents into one archive, and encrypting the
archive,
and decrypt from the usb, and re-zip, re-encrypt, and wipe when you
are finished

btw,
the pgp 2.x method i outlined, allows for launching executables too,
they just have to be decrypted from text form first ;-)


vedaal


0 new messages