[PLUG] Setting up encrypted file system
श्रीधर नारायण दैठणकर
ghodechhap at ghodechhap.net
Fri Dec 8 17:12:11 IST 2006
Hi all,
Answering query from a friend and in general reference for others and
bots.. ;)
On Thursday 07 December 2006 16:56, you wrote:
> enc filesystem ???
Links:
http://www.linux.com/howtos/Cryptoloop-HOWTO/cryptoloop-introduction.shtml
http://www.saout.de/misc/dm-crypt/
http://www.gentoo.org/proj/en/hardened/disk-cryptography.xml
Steps:
Note that, in the dd step, zeroing the device is not secure enough. Ideally
one should use /dev/urandom instead of /dev/zero but that would take couple
of days to clear a 5-10GB partition with truely random data instead 5-10
minutes for /dev/zero.
An intermediate could be creating a file of 1-2M with /dev/urandom and
overwriting the partition with that data. The actual commands are left as an
exercise to the reader.
Of course replace the variables as required. And remember, these steps are
highly destructive. Know before you do. You have been warned.
# modprobe cryptoloop
# time dd if=/dev/zero of=/dev/hdc7 bs=1M
# losetup -e blowfish /dev/loop0 /dev/hdc7
# mkfs -t ext2 /dev/loop0
# mount -t ext2 /dev/loop0 /mnt3
# umount /mnt3
# losetup -d /dev/loop0
Add following to /etc/fstab for permanent effect.
/dev/hdc7 /mnt3 ext2 users,noauto,encryption=blowfish
1 0
HTH
Shridhar
More information about the Plug-mail
mailing list