http://qs321.pair.com?node_id=136337
Category: Cryptography
Author/Contact Info L. Wells
Description: A quick-and-dirty script I whipped up to securely delete files up to and beyond Orange Book standards. The default is seven passes over overwriting first with 0's, then with 1's, then with a cryptographically secure mechanism (In this case, blowfish using /dev/urandom). It is very messy, in that it uses /dev/urandom for all of its input, so on a very large file (or after many files), the entropy will become less and less random, but I'll likely do something about that when I get some time. Any other input would be appreciated. 
#!/usr/bin/perl -w
#
#
#
# Shred.pl 0.5 by L. Wells
# Secure file deletion utility
# Licensed under the GPL (http://www.opensource.org/licenses/gpl-licen
+se.html)
# December 28, 2001
#
#
#
#
# TODO:
# Finish support for other encryption algorithms.
# Add annoying little progress bar type things.
#
#
#

use IO::File;
use Crypt::Blowfish;
use Getopt::Std;
use strict;

my $filename;
my $verbose = 0;

my %opts;
getopts("vVha:f:i:", \%opts);

if ($opts{f}) {
        $filename=$opts{f} or die "No file specified $!";
        }

if ($opts{v}) {
        do_version();
        }

if ($opts{h} || !$opts{f}) {
        do_help();
        }

if ($opts{V}) {
        $verbose = 1;
        }

my $keysize=56;
my $blocksize=8;
my $random=1;
my $iterations=7;
my $entropyfile="/dev/urandom";
my $null=chr(0);
my $one=chr(255);
my $the_key = gather_entropy($keysize);
my $cipher = new Crypt::Blowfish $the_key;
my $b;
my $i;
my $size = (stat($filename))[7] or die "no $filename: $!";

sub nuke_file($);
sub do_version;
sub do_help;



if ($opts{i}) {
        $iterations=$opts{i};
        }


for ($b=1;$b <=$iterations;$b++) {

        if ($verbose) {
                print "Wipe iteration $b\n";
                }
        nuke_file($null);
        if ($verbose) {
                print "Null wipe $b\n";
                }
        nuke_file($one);
        if ($verbose) {
                print "One wipe $b\n";
                }
        nuke_file($random);
        if ($verbose) {
                print "Crypt wipe $b\n";
                }
}

unlink ($filename);

if ($verbose) {
        print "Wipe finished. Completed $iterations iterations\n";
        }


sub do_cipherstring {

my $outchar = gather_entropy($blocksize);

my $cipherout = $cipher->encrypt($outchar);

return $cipherout;

}


sub gather_entropy {

        my $bytes=$_[0];
        my $entropy_bytes;

        sysopen (ENTROPY, $entropyfile, O_RDONLY);

        sysread(ENTROPY, $entropy_bytes, $bytes);

        close(ENTROPY);

        return $entropy_bytes;

}



sub nuke_file ($){

        my $o_w = $_[0];

        sysopen(BYEBYE, $filename, O_WRONLY) or die $!;

        for ($i=0;$i<($size/$blocksize);$i++) {

                if ($o_w ne $null && $o_w ne $one) {
                $o_w=do_cipherstring;
                }

        my $err = syswrite(BYEBYE, $o_w, $blocksize, 0) or die $!;

        my $bytes += $err;

        }

close(BYEBYE);

}

sub do_version {
        print "Shred.pl 0.5 by L. Wells\n\n";
        exit(1);
        }

sub do_help {
        print "Shred.pl 0.5 by L. Wells\n";
        print "Usage: Shred.pl -f filename [-i iterations] [-a algorit
+hm] [-vVh]\n";
        print "\t-f filename\tWhere filename is the file to be nuked.\
+n";
        print "\t-i iterations\tWhere iterations are the number of pas
+ses for overwriting.\n";
        print "\t-v\t\tPrint version information and exit.\n";
        print "\t-a algorithm\tSpecify which algorithm to use for cryp
+to pass. (NOT IMPLEMENTED)\n";
        print "\t-V\t\tVerbose mode. Shows more detailed information (
+Default is no output).\n";
        print "\t-h\t\tHelp. Prints this help information.\n\n";
        exit(1);
        }

Back to Code Catacombs