Is there any program that allows to use a crypted disk on a USB pen
without the need of administrator rights?
Thanks.
Yes. The Kingston Data Traveller Secure has inherent encryption without
installing any drivers. Works only on Win 2k/xp (2k3? vista?) however.
The software is specific to this drive as far as I know. The actual USB
drive is physically a bit bigger than most but very robust and is available
in sizes up to 8 gig.
Regards,
If the host allows it, you can reboot to linux from the USB drive. Then you
can use TrueCrypt from linux.
Whatever you decide, beware of connecting your USB drive to an untrusted
computer!
Yes. I like the USB drives that have a hardware read-only switch.
--Mike Amling
> "Ciofegates" <ciofe...@mailinater.com> wrote:
>> Is there any program that allows to use a crypted disk on a USB pen
>> without the need of administrator rights?
>> Thanks.
>
> If the host allows it, you can reboot to linux from the USB drive.
> Then you can use TrueCrypt from linux.
...and quietly reformat the computer it's connected to as well.
Honestly - if he's not allowed admin rights - what makes you think he'll be
allowed to boot from anything other than the PC's HDD?
Unwise as it may be, it is still quite commonly possible to do so.
Your mileage may vary...
afaik, no
but there is a somewhat tedious yet still quite do-able workaround
to functionally accomplish what you want to do
here is an overview,
and then if you are still interested, the step-by-step how to, is
listed below the overview
overview:
a large encrypted file is contructed to act as your container file,
using pgp 2.x which runs from the usb drive without any administrative
privileges, or registry entries
this 'container' file can hold any type of file within it, or multiple
files of varying types,
(i have tested it up to 1 gig, as that is the hardware limit for the
usb pendrive, since even a 2 gig usb drive needs space for the
decrypted contents in addition to the original 'container' )
the individual files can remain in encrypted form until needed,
and any work done or new files added, can be put back into the
'container'
as always, on any computer with multiple access, there are still
concerns about key-loggers, journal file system backups, etc.
ok,
the how-to:
requirements:
(a) pgp 2.x
(i very highly recommend Disastry's last version, as it can use all
the current open-pgp hashes and symmetrical algo's, available here:
http://www.spywarewarrior.com/uiuc/disastry/263multi.htm
but any pgp 'classic' 2.x build will work just as well)
(b)it would help to have a programmer's text editor
that could be run from the usb without traces,
otherwise wordpad will be sufficient,
(but beware of windows 'autobackups' that might be active in wordpad)
the features that are essential are:
a 'find' feature,
and the ability to open large textfiles
(for testing, i used editpadlite
http://www.editpadpro.com/editpadlite.html
but have not tested it with regard to running from a usb drive
the test consisted of taking a 1gig truecrypt container,
pgp-armoring it into ascii text, and opening it in the editor,
ep lite opened the 1.4 gig .asc file instantly)
[if anyone knows of a small portable editor that runs traceless from
the usb, please post, Thanks!]
here are the individual steps:
[1] set-up pgp 2.x on the usb drive
(for purposes of illustration, call the usb drive the K drive,
and set up pgp as k:\pgp)
[2] open the editor and type the following two lines:
set PGPHOME=home
command.com
and save this as k:\pgp\1.bat
double-clicking on the 1.bat file will open a dos window with the pgp
2.x commandline
[3] create a folder K:\cf to act as the 'container folder'
and put the desired files there
(the next few steps are better done with a script using perl, python,
cygwin, etc. as part of the set-up, but the script will not be needed
to run it from the usb drive)
[4] for each file in K:\cf, do the following:
pgp -awe K:\cf\filename
this produces K:\cf\filename.asc
an encrypted file in text form, and wipes the original file
(the encryption can be symmetrical or to a pgp 2.x key)
the original file can be retrieved by doing:
pgp K:\cf\filename.asc
[5] in the pgp 'Comment:' line of filename.asc
type: filename.asc
(this will allow the individual files to be retrieved from the
'container')
[6] concatenate all the filename.asc textfiles into one large
textfile,
an save it as K:\cf\cf.txt
[7] do:
pgp -we K:\cf\cf.txt
this produces K:\cf\cf.pgp and wipes the previous file
and is the encrypted 'container' file
with no hint of what files are present within it
[8] to retrieve, do
pgp K:\cf\cf.pgp
this produces K:\cf\cf.txt
[8] use the editor's 'find' function to find any individual file,
copy it as a new textfile, and retrieve it as in step [4]
using 'find' to search for 'Comment' will list each filename in the
concatenation
[9] any new 'worked on' files, can be 'saved' as in steps [4] amd [5]
and added onto the end of cf.txt
[10] do step [7] to re-encrypt and 'close up' the container
vedaal
Thanks of your explanation. Indeed, your method seems to me quite
cumbersome. And I wonder if there would be no freeware program that is
able to crypts and decrypts files without administrator rights.
In my original question I did want to refer to encryption "on the
fly", which allows not only to open and modify documents, but to
launch executable files, too.
> I wonder if there would be no freeware program that is
> able to crypts and decrypts files without administrator rights.
> In my original question I did want to refer to encryption "on the
> fly", which allows not only to open and modify documents, but to
> launch executable files, too.
again,
afaik, no
but if you can find a zip/unzip program that works without registry
traces or administrator rights,
then you can still accomplish what you want, by zipping all your
executables and documents into one archive, and encrypting the
archive,
and decrypt from the usb, and re-zip, re-encrypt, and wipe when you
are finished
btw,
the pgp 2.x method i outlined, allows for launching executables too,
they just have to be decrypted from text form first ;-)
vedaal