[Users] Secure file deletion - Was: unable to read own encrypted GPG email

Ralf Mardorf info.mardorf at rocketmail.com
Tue Dec 9 20:28:45 CET 2014


On Tue, 9 Dec 2014 17:58:38 +0000, Brian Morrison wrote:
> On Tue, 9 Dec 2014 18:31:32 +0100
> Ralf Mardorf wrote:
> 
> > Continuing this off-topic here isn't required.
> 
> To be honest, I regard this as on-topic for the Claws list, it's
> important that people realise that crypto is difficult and it needs
> some thought if you are using it for communications where the secrecy
> is important. Setting up Claws and gnupg to work in a sensible manner
> is part of the process of using Claws effectively.

Ok :).

Instead of using ext2 to get secure file deletion working [1], I found
an on the fly workaround for ext3/4 [2].

Does this really ensure secure deletion?
Is there a better way to do it?
Aren't there any cached/tmp entries when using ext2?

Regards,
Ralf

[1]
Configuration > Preferences > Other > Miscellaneous > [x] use secure
file deletion if possible (which enables shredding of temporary files
and messages)

[2]
"Using shred, with an ext3 file system presents the user with the
problem of secure deletion because it can only really be effectively
used with ordered and writeback journals.

The solution as far as ext3 is concerned is to convert it to a
non-journaled system like ext2, run shred and then convert back to
ext3. This can be done on the fly. If you are not sure what file system
you are running just type /etc/fstab in the location bar of Konqueror
to find out. If it is ext3 you can convert it to ext2 using the
following method.

Open a console, as root, convert ext3 to ext2:

tune2fs -O ^has_journal /dev/hda1

and then:

e2fsck /dev/hda1

You will also need to amend /etc/fstab (as root) in your favourite text
editor to change the entry to ext2. Once you have used the shred
command you need to re-convert the file system back to ext3:

tune2fs -j /dev/hda1

That seems like a lot of trouble to go to to shred files securely and
it is but at least you can be sure that nothing escaped. There is
another way. Edit the mount options in /etc/fstab (as root) to change
the type of journal mode to one of the two types listed above, use
shred and revert the journal type once again by the same method."
-http://www.freesoftwaremagazine.com/articles/shred_and_secure_delete_tools_wiping_files_partitions_and_disks_gnu_linux

ext4: http://fenidik.blogspot.de/2010/03/ext4-disable-journal.html

-- 
"Pull a Homer -- to succeed despite idiocy." - The Simpsons



More information about the Users mailing list