Linux 007 Style

In a world where computers are used for almost all financial & personal written records, the need to defend data is more crucial than ever. In the Internet age, billions of people are accessing electronic information databases every second. Improperly protected data could open the door to many threats everything from identity theft to access to classified information that could likely harm national security. Security is not the only menace facing data managers. There is also the growing worry for defense against malicious viral attacks and ruinous data corruption that could easily put a commercial enterprise in a legal bind. Although most threats are not on the level of starting World War III, businesses and individuals can be destroyed by the lack of security concerning sensitive data. Appropriate data security methods can decrease the risk of losing important and private information and should be a top priority.

Steps to Better Data Security

Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity.

It is possible to hide a rar archive inside a png image file and then retrieve the files from this image.
cat picture.png archive.rar > hidden_archive_in_pic.png
This can also be done on Windows:
copy picture.png + archive.rar hidden_archive_in_pic.png
When you want to retrieve the hidden files, download the image, rename to .rar and extract


OutGuess is a universal steganographic tool that allows the insertion of hidden information into the redundant bits of data sources. The nature of the data source is irrelevant to the core of OutGuess. The program relies on data specific handlers that will extract redundant bits and write them back after modification. In this version the PNM and JPEG image formats are supported.


Steghide is an open source steganography program for Windows and Linux that can hide data in image and audio files. The current version 0.5.1 offers compression, encryption, and an integrity check of the embedded data.

To use Steghide to embed the file secret.txt into example.bmp, you’d use the following command:

$ steghide embed -cf example.bmp -ef secret.txt
  Enter passphrase:
  Re-Enter passphrase:
  embedding "secret.txt" in "example.bmp.". done

The -cf argument specifies the cover file and -ef the embedded file.

The default encryption algorithm is AES/Rijndael with a keysize of 128 bits. However, if you want another encryption algorithm, you can run the steghide encinfo command to see all supported encryption algorithms.

If you have received a cover file that contains a file that has been embedded with Steghide, use the extract command to reveal the hidden file with an -sf argument:

$ steghide extract -sf example.bmp
  Enter passphrase:
  wrote extracted data to "secret.txt."

These are just basic examples of how to use Steghide. You can read the project’s documentation to learn about several other useful commands.


Note steganography is not encryption it can be detected 90% of the time and decoded in under 5 mins for 100 files. Other 10% can be detected by brute force and decoded this takes more time.


Pretty Good Privacy

PGP version 6.5.8 is readily available at the MIT download site:

Getting Started with PGP


We are going to generate our public and private key pair. PGP can be evoked in any directory but lets stay where we are and type:
pgp -kg

You will be prompted to make some choices and generate some keystrokes that will make your keys unique. I chose a 2048-bit key and the RSA algorithm because that is what most of my fellow conspirators use.

When you are finished generating your keys type:
ls -a

Now a directory “.pgp” should be visible. In it reside your public and private keyrings, pubring.pkr and secring.skr. Let us proceed.
cd .pgp

Note: At any time now you can type “pgp -h” for the basic PGP commands available for your use. Also, in the /usr/doc/pgp-6.5.8 directory there are some excellent .txt and .pdf files you can read with vi, xpdf, or the Adobe Acrobat Reader.

In the /usr/doc/pgp-6.5.8 directory is a file named SampleKeys.asc. We are going to add a public key block to your public keyring–in a minute we are going to check to see if the .rpm file we used to install PGP was good.
cd /usr/doc/pgp-6.5.8

pgp -ka SampleKeys.asc

Let’s check to see if we have a good version of the .rpm file. Type:
rpm –checksig PGPcmdln_6.5.8_Lnx_FW.rpm

If we have a good copy we will get a response which looks like this:
PGPcmdln_6.5.8_Lnx_FW.rpm: md5 OK

We need to extract a copy of your public key so that you can exchange keys with other PGP users. I am going to use the -a option to get an ASCII armored file. This is useful because you can view the output of the file with a text editor. You can demonstrate to others the uniqueness of public keys and win PGP converts, hopefully.
cd .pgp
pgp -kxa Chuck <userid> moose.asc <name of the public key file> pubring.pkr
vi moose.asc <Chuck Steele’s public key>

moose.asc will look something like this when viewed with vi

Version: PGP 6.5.8


The rest is up to you. You will need to exchange public keys with other users and add their keys to your public keyring. This can be done via e-mail attachments, on a floppy, or by posting your key on a keyserver.


gpg is the main program for the GnuPG system.


gpg [–homedir name] [–options file] [options] command [args]

Task: encrypt file

To encrypt single file, use command gpg as follows:
$ gpg -c filename

To encrypt file, type the command:
$ gpg -c

Enter passphrase:<YOUR-PASSWORD>
Repeat passphrase:<YOUR-PASSWORD>

This will create a file.

  • -c : Encrypt with symmetric cipher.

Caution if you ever forgot your password aka passphrase, you cannot recover the data as it use very strong encryption.

Task: decrypt file

To decrypt file use gpg command:
$ gpg

gpg: CAST5 encrypted data
Enter passphrase:<YOUR-PASSWORD>

Decrypt file and write output to file you can run command:
$ gpg –o
Remember if file extension is .asc, it is a ASCII encrypted file and if file extension is .gpg, it is a binary encrypted file.

Read the man page here


To encrypt a file:

openssl des3 -salt -in infile.txt -out encryptedfile.txt

To decrypt the file:

openssl des3 -d -salt -in encryptedfile.txt -out normalfile.txt

Secure File Transfers

SFTP (secure file transfer protocol)

To connect to here is what you should do.


You will have to enter your username and password when prompted.

To upload your file file.pdf to the directory in

cd /home/urfix/backup
put file.pdf

To download the file from the directory in


If you want to download multiple files, say all PDF files,

get *.pdf

To quit, type exit. This is just the basic SFTP. To check all the options using SFTP, type man sftp from your shell prompt.

SCP (secure copy)

SCP is used for single file transfers unlike SFTP or FTP, where once connected, you can carry out any number of transfers.

To upload the file urfix.pdf to the /home/user/backup in the remote computer here is what you should do. Lets say the username and password for connecting to are user and password respectively, read ahead.

scp urfix.pdf

You will be prompted for your password, which you should enter. It uploads the file and quits automatically.. all in one operation.

To download the file from the remote directory, here is what you must do.


If you want to upload the entire perl directory (recursively) here is what you do.

scp -r /home/user/perl

Although these are only a few ways of protecting your sensitive data. make sure you research all your possible options and the caveats involved in your methods. Also take in consideration that users in your system might be able to open up and read RAM which can lead to many vulnerabilities such as sniffing out your keys and more.

Protect yourselves


  1. Pingback: Tweets that mention Linux 007 Style --

Leave Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.