View previous topic :: View next topic |
Author |
Message |
plbe l33t
Joined: 01 May 2004 Posts: 661
|
Posted: Wed Jun 15, 2005 2:00 pm Post subject: HOWTO: Encrypt a filesystem in a loopback file |
|
|
A Spin off the "Use new baselayout for file system encryption" thread here: https://forums.gentoo.org/viewtopic-t-298001.html
Taken from the dm_crypt wiki...
First you will need at least a 2.6.4 kernel
Enable these options:
***************************************************************
Device Drivers->Multi-device support (RAID and LVM)->
* Multiple devices driver support (RAID and LVM)
<*> Device mapper support
<*> Crypt target support
***************************************************************
Device Drivers->Block-devices->
<*> Loopback device support
***************************************************************
Cryptographic options->
<*> AES cipher algorithms
***************************************************************
Next: You have to create a loopback file (The following will create a 100mb file at the location of /home/sekrit)
dd if=/dev/urandom of=/home/sekrit bs=1M count=100
Set it as the loop device:
losetup /dev/loop0 /home/sekrit
****************************************************************
emerge cryptsetup
emerge popt
emerge device-mapper
emerge libgcrypt
****************************************************************
Setup the crypt device:
cryptsetup -c aes -y create sekrit /dev/loop0
Your encrypted device is available at /dev/mapper/sekrit, create a file system:
mke2fs -j /dev/mapper/sekrit
Mount it:
mount -t ext3 /dev/mapper/sekrit /mnt/sekrit
Add a line to your /etc/fstab is you like:
/dev/mapper/sekrit /mnt/sekrit ext3 noauto,noatime 0 0
Your Done! You can now store your data there and after that just......
umount /mnt/sekrit
cryptsetup remove sekrit
***If you don't call cryptsetup remove, everybody can remount it without typing the passphrase!***
To gain access to the encryted file system again you might have to setup the loop device again (for example after a reboot):
losetup /dev/loop0 /home/sekrit
Otherwise........
cryptsetup create sekrit /dev/loop0
mount /dev/mapper/sekrit /mnt/sekrit |
|
Back to top |
|
|
kawsper Tux's lil' helper
Joined: 09 Nov 2004 Posts: 128 Location: Copenhagen, Denmark
|
Posted: Sun Jan 15, 2006 7:48 am Post subject: |
|
|
If you want to secure your data more you should use /dev/random instead of /dev/urandom, it will take longer time to get the info, but it is more secure that way. _________________ Laptop: Zepto 2314W, Pentium M 730, 512 Mb Pc-3200
Server 1: Athlon XP 3200+ | Asus A7V880 | 768 Mb DDR Pc-3200
Server 2: Pentium III Coppermine | Unknown MB | 64 Mb
All running Gentoo
www.hyggenet.org - IRC-Network for the pleasant atmosphere. |
|
Back to top |
|
|
DJ_Rubbie n00b
Joined: 03 Jan 2004 Posts: 38 Location: /dev/null
|
Posted: Fri Apr 21, 2006 3:29 am Post subject: |
|
|
Don't need to use /dev/urandom at all, /dev/zero will do, since all it really needs is a file of some size to mount as a loop device. /dev/random will unnecessarily prolong the process (try to time the length of time it needs to generate 10 megabytes of data with /dev/random, let alone 10 kilobytes). Not to mention it's the aes cypher that does the encryption, not whatever that was in the original file. _________________ Please direct all bug reports to /dev/null |
|
Back to top |
|
|
Jake Veteran
Joined: 31 Jul 2003 Posts: 1132
|
Posted: Fri Apr 21, 2006 4:01 am Post subject: |
|
|
The advantage of /dev/urandom is hiding used space. Encrypted data will ideally appear identical to the randomness. Besides, if you wanted to save time, you'd use the skip= option. |
|
Back to top |
|
|
dogunderdog n00b
Joined: 31 Mar 2004 Posts: 19
|
Posted: Fri May 05, 2006 3:35 am Post subject: how can skip save time |
|
|
Hi,
I don't understand how the skip option can save time when using dd???
cheers,
Florian |
|
Back to top |
|
|
Jake Veteran
Joined: 31 Jul 2003 Posts: 1132
|
Posted: Fri May 05, 2006 4:46 am Post subject: Re: how can skip save time |
|
|
dogunderdog wrote: | Hi,
I don't understand how the skip option can save time when using dd???
cheers,
Florian |
Oops, I meant seek.
Code: | # dd of=testfs seek=256 count=0 bs=1M
0+0 records in
0+0 records out
0 bytes (0 B) copied, 5.6e-05 seconds, 0.0 kB/s
# ls -lh testfs
-rw-r--r-- 1 root root 256M May 4 23:41 testfs
# mkfs.reiser4 -f testfs
mkfs.reiser4 1.0.5
Copyright (C) 2001, 2002, 2003, 2004 by Hans Reiser, licensing governed by
reiser4progs/COPYING.
Block size 4096 will be used.
Linux 2.6.16.1-2 is detected.
Uuid 6cb3cbde-b153-46e5-a50c-bd1192d023eb will be used.
Reiser4 is going to be created on testfs.
(Yes/No): yes
Creating reiser4 on testfs ... done
# du -sh testfs
112K testfs
# mount -o loop testfs /mnt/test/
# df -h | grep test
/home/tmp/testfs 244M 112K 244M 1% /mnt/test
# |
Of course, if you want the best possible security, use /dev/urandom. |
|
Back to top |
|
|
dogunderdog n00b
Joined: 31 Mar 2004 Posts: 19
|
Posted: Fri May 05, 2006 5:21 pm Post subject: Re: how can skip save time |
|
|
hi,
thanks.
interestingly this does not work on a vfat partition (i.e. it doesn't save time there, unless the file already exists)
cheers,
florian |
|
Back to top |
|
|
|