Difference between revisions of "Crypt Filesystems"
From Blue-IT.org Wiki
(→Generate secure passwords) |
|||
Line 49: | Line 49: | ||
==Generate secure passwords== | ==Generate secure passwords== | ||
head -c 30 /dev/urandom | uuencode -m - | head -c 30 /dev/urandom | uuencode -m - | ||
+ | ''-c 30'' means, that the resulting password will be 30 characters long. |
Revision as of 13:59, 18 June 2006
Prepare a file according or partition according to Encrypted DVD and Laufwerke verschlüsselen mit Loop-AES for encryption with Loop-AES.
Prerequisites
- Load module cryptoloop:
modprobe cryptoloop
- Assure you have AES compiled in your kernel.
- Assure you have installed loop-aes
- Prepare a password (>20 chars for 128bit) and write it down at a secure place.
Encrypted partition
losetup -e AES128 /dev/loop0 /dev/hdaX mkfs -t ext2 /dev/loop0 losetup -d /dev/loop0 mkdir /mnt/secure
With losetup the encrypted partition /dev/hdaX will be used. You are asked to give a password. With 128 bits it must be longer than 20 characters.
In fstab put something like
/dev/hdaX /mnt/secure ext2 noauto,user,rw,loop=/dev/loop0,encryption=AES128 0 0
The option noauto gives you the chance to mount it in a terminal. This partition will be accesible and mountable by the user with
mount /dev/hdaX
You have to unmount it with
umount /dev/hdaX && losetup -d /dev/loop0
With aespipe you can encrypt an existing partition
aespipe -e AES128 -T < /dev/hda7 > /dev/hda7
Encrypted File
dd if=/dev/zero of=/home/user/secure bs=1024 count=5120 losetup -e AES128 /dev/loop0 /home/user/secure mkfs -t ext2 /dev/loop0 losetup -d /dev/loop0 mkdir /mnt/secure
This gives you a file with a size of 5MB (5120x1024 byte). You will be prompted for a password like before.
Mounting, unmounting and /etc/fstab entries are as mentioned before.
Generate secure passwords
head -c 30 /dev/urandom | uuencode -m -
-c 30 means, that the resulting password will be 30 characters long.