Using SiriKali to encrypt data via the GUI

Alexander Ermolaev, 123RF

Alexander Ermolaev, 123RF

Friendly Face

SiriKali, formerly known as cryfs-gui, delivers a graphical interface for four file encryption tools that the user would otherwise have to operate from the command line.

Encryption tools don't always have to be expansive like TrueCrypt and VeraCrypt in order to be able to encrypt data. For various reasons, it often makes more sense to work with individual files. For instance, the user who wants to upload unencrypted files into the cloud can choose from various Linux applications.

SiriKali [1] originated with the same developers who created zuluCrypt. Previously known as cryfs-gui, SiriKali now combines four relevant tools under an easy-to-use interface: CryFS [2], EncFS [3], gocryptfs [4], and securefs [5].

The use of file-based encryption brings with it the advantage that the containers can grow with the content. With TrueCrypt and VeraCrypt, on the other hand, the containers have a fixed size that is independent of the actual contents.

Speedy Installation

It is easy to install SiriKali. To install in Ubuntu, run the commands shown in Listing 1.

Listing 1

Installing SiriKali

$sudo sh -c "echo ,deb http://download.opensuse.org/repositories/home:/mhogomchungu/xUbuntu_16.10/ /' > /etc/apt/sources.list.d/sirikali.list"
$ wget http://download.opensuse.org/repositories/home:mhogomchungu/xUbuntu_16.10/Release.key
$ sudo apt-key add - < Release.key
$ sudo apt-get update
$ sudo apt-get install sirikali

Alternatively, you can manually download the packages from the repository [6] and then install them.

Then install the programs that you want to use with the interface. The command in Listing 2 sets up CryFS under Debian and Ubuntu as a normal user or directly as a DEB package [7]. Users of other distributions build the package from the source code according to instructions under the menu option Other .

Listing 2

Installing CryFS

$ wget -O - https://www.cryfs.org/install.sh | sudo bash

Theoretically, the simplest thing to do is to install EncFS. The developers have been working on this project since 2003, and all of the most popular distributions, including Ubuntu, offer the tool in their repositories. However, it can only be applied under certain conditions. This is because a 2014 security audit [8] uncovered security gaps that the developers still need to fix. To learn more about EncFS, turn to page 8 in this issue.

In the meantime, gocryptfs promises that its standard encryption procedures get around the gaps existing in EncFS. The project hopes to become the successor to EncFS. It offers a binary package for Debian, which works fine in Ubuntu [9].

In order to install this tool, decompress the corresponding archive and move the executable files it contains to a directory for which you have write rights, like ~/bin in the home directory.

The last member of this little toolset is securefs [10]. The best way to install this, is to use git to download the repository. So first, install git:

sudo apt install git

Then use it to grab the repository:

git clone https://github.com/netheril96/securefs.git

After downloading the archive, check for dependencies. Building requires the packages cmake , fuse , and libfuse-dev .

sudo apt install cmake fuse libfuse-dev

Then issue the command:

cmake .

from the downloaded directory. It is important to remember the period at the end of the command. Not much will happen if it is left out. Then issue the sudo make install command, and securefs will install on the disc ready to go.

Straightforward English

Once the preparations described above have been completed, you can start SiriKali. The tool opens with a tidy window that has only a few operating elements. The interface is written in plain and simple English (Figure 1).

Figure 1: The SiriKali interface has just a few elements, each of which clearly represents a function.

Next you should become acquainted with the Menu options. The selection of supported encryption tools is found under Create Volume . All of the other operating elements are usable only after a container has been set up.

CryFS: An Example

I chose CryFS for testing with the goal of determining compatibility with the ownCloud service. According to its developers, the tool works together with every service that synchronizes data with a local client.

CryFS has its origins in a 2015 college thesis written by developer Sebastian Messmer at the Karlsruhe Institute for Technology. As with the other candidates, this tool is based on the Filesystem in Userspace (FUSE) kernel module in order to shift the necessary filesystem drivers from the kernel space to the userspace. This approach makes it possible for end users to maintain and administer filesystems.

You can select only one of the your preinstalled encryption types, so you will have to install CryFS for this example to work. When you select the corresponding option under Create Volume , a dialogue will appear. Now you can enter a name for the folder or the file that is to be encrypted. Then, you select the corresponding object in the file tree (Figure 2).

Figure 2: Setting up a CryFS volume only requires a few inputs, such as the name for the corresponding directory.

You have several possibilities with respect to the key. You can either enter it manually, or you can use a previously set up encryption file. You will need to share the location of this file with SiriKali. Alternatively, you can use the integrated keyring or the wallets from Gnome and KDE. The software displays encrypted files and folders in the main window. You can show and hide these as desired (Figure 3).

Figure 3: The volume that has been created can then be seen in the application's main window. It comes with the corresponding options for mounting and unmounting the drive.sponding directory.

I encrypted and deposited the Ubuntu User folder and several files plus other items in the ownCloud sync file. The folder appears in the ownCloud server's browser view. As intended, it contains the individually encrypted files (Figure 4). Tests performed with both gocryptfs and securefs achieved the same results.

Figure 4: After synchronizing with the ownCloud server, the user will see the encrypted files that are on the server in the browser. The software even made the names for the files unrecognizable.

Conclusion

SiriKali reveals itself as a useful piece of software for users who want a graphical interface for tools that actually work on the command line. Although the GUI does not offer access to all of the options available in each application, you can use many of the most essential options. If you need more, the man page for each of the applications explains all of the options and parameters. Encrypting contents for services like Dropbox and ownCloud works reliably, as the data gets to the server in encrypted form.

The inconvenience caused by the SiriKali developers not delivering the individual backends along with the tool is understandable, since the effort required to maintain and update every system would be too much. A more thorough comparison of the encryption tools used here is found on the gocryptfs website [11]. The developers for CryFS also compare their software with the competition [12].