Difference between revisions of "Crypt Filesystems"

Revision as of 08:04, 28 September 2010

Cryptkeeper in Gnome

A more comfortable way of using encrypted filesystems is a tool for gnome: cryptkeeper

sudo apt-get install cryptkeeper

installs everything that is needed. Using is pretty forward.

Editing the file

vim /etc/gdm/PostSession/Default

and adding the line

for dir in "$(cat /etc/mtab | grep encfs | awk '{print $2}' | sed -e 's/\040/ /g')"
do
	echo "${dir}" | awk '{system("umount " $0)}'
done

assures that all encfs filesystems are umounted after logout.

Comment: The script seems to be a little bit complicated but fact is, that there are big problems concerning filenames and foldernames with white spaces in bash and utf-8 support in awk!!! So if you find a easier way to achieve this: write me an email ;)

Cryptoloop AES

Prepare a file according or partition according to Encrypted DVD and Laufwerke verschlüsselen mit Loop-AES for encryption with Loop-AES.

Prerequisites

Load module cryptoloop:

modprobe cryptoloop

Assure you have AES compiled in your kernel.
Assure you have installed loop-aes
Prepare a password (>20 chars for 128bit) and write it down at a secure place.

Encrypted partition

losetup -e AES128 /dev/loop0 /dev/hdaX
mkfs -t ext2 /dev/loop0
losetup -d /dev/loop0
mkdir /mnt/secure

With losetup the encrypted partition /dev/hdaX will be used. You are asked to give a password. With 128 bits it must be longer than 20 characters.

In fstab put something like

/dev/hdaX /mnt/secure ext2 noauto,user,rw,loop=/dev/loop0,encryption=AES128 0 0

The option noauto gives you the chance to mount it in a terminal. This partition will be accesible and mountable by the user with

mount /dev/hdaX

You have to unmount it with

umount /dev/hdaX && losetup -d /dev/loop0

With aespipe you can encrypt an existing partition

aespipe -e AES128 -T < /dev/hda7 > /dev/hda7

Encrypted File

dd if=/dev/zero of=/home/user/secure bs=1024 count=5120
losetup -e AES128 /dev/loop0 /home/user/secure
mkfs -t ext2 /dev/loop0
losetup -d /dev/loop0
mkdir /mnt/secure

This gives you a file with a size of 5MB (5120x1024 byte). You will be prompted for a password like before.

Mounting, unmounting and /etc/fstab entries are as mentioned before.

Generate secure passwords

head -c 30 /dev/urandom | uuencode -m -

-c 30 means, that the resulting password will be 30 characters long.

@@ Line 1: / Line 1: @@
-= Cryptkeeper in Gnome =
+== Cryptkeeper in Gnome ==
 A more comfortable way of using encrypted filesystems is a tool for gnome: cryptkeeper
   sudo apt-get install cryptkeeper
@@ Line 18: / Line 18: @@
 '''Comment''': The script seems to be a little bit complicated but fact is, that there are big problems concerning filenames and foldernames with white spaces in bash and utf-8 support in awk!!! So if you find a easier way to achieve this: write me an email ;)
-= Cryptoloop AES =
+== Cryptoloop AES ==
 Prepare a file according or partition according to [https://wiki.blue-it.org/index.php?action=edit&preload=&editintro=&title=Cryptoloop+AES&create=Create+article Encrypted DVD] and [http://www.pl-berichte.de/t_system/loop-aes.html Laufwerke verschlüsselen mit Loop-AES] for encryption with Loop-AES.
@@ Line 31: / Line 31: @@
-==Encrypted partition==
+===Encrypted partition===
   losetup -e AES128 /dev/loop0 /dev/hdaX
@@ Line 56: / Line 56: @@
   aespipe -e AES128 -T < /dev/hda7 > /dev/hda7
-==Encrypted File==
+===Encrypted File===
   dd if=/dev/zero of=/home/user/secure bs=1024 count=5120
@@ Line 68: / Line 68: @@
 Mounting, unmounting and '''/etc/fstab''' entries are as mentioned before.
-==Generate secure passwords==
+===Generate secure passwords===
   head -c 30 /dev/urandom | uuencode -m -
 ''-c 30'' means, that the resulting password will be 30 characters long.