Difference between revisions of "Crypt Filesystems"
From Blue-IT.org Wiki
(→Cryptkeeper) |
(→Cryptkeeper in Gnome) |
||
Line 16: | Line 16: | ||
assures that all encfs filesystems are umounted after logout. | assures that all encfs filesystems are umounted after logout. | ||
− | '''Comment''': The script seems to be a | + | '''Comment''': The script seems to be a little bit complicated but fact is, that there are big problems concerning filenames and foldernames with white spaces in bash and utf-8 support in awk!!! So if you find a easier way to achieve this: write me an email ;) |
= Cryptoloop AES = | = Cryptoloop AES = |
Revision as of 19:22, 21 September 2010
Contents
Cryptkeeper in Gnome
A more comfortable way of using encrypted filesystems is a tool for gnome: cryptkeeper
sudo apt-get install cryptkeeper
installs everything that is needed. Using is pretty forward.
Editing the file
vim /etc/gdm/PostSession/Default
and adding the line
for dir in "$(cat /etc/mtab | grep encfs | awk '{print $2}' | sed -e 's/\040/ /g')" do echo "${dir}" | awk '{system("umount " $0)}' done
assures that all encfs filesystems are umounted after logout.
Comment: The script seems to be a little bit complicated but fact is, that there are big problems concerning filenames and foldernames with white spaces in bash and utf-8 support in awk!!! So if you find a easier way to achieve this: write me an email ;)
Cryptoloop AES
Prepare a file according or partition according to Encrypted DVD and Laufwerke verschlüsselen mit Loop-AES for encryption with Loop-AES.
Prerequisites
- Load module cryptoloop:
modprobe cryptoloop
- Assure you have AES compiled in your kernel.
- Assure you have installed loop-aes
- Prepare a password (>20 chars for 128bit) and write it down at a secure place.
Encrypted partition
losetup -e AES128 /dev/loop0 /dev/hdaX mkfs -t ext2 /dev/loop0 losetup -d /dev/loop0 mkdir /mnt/secure
With losetup the encrypted partition /dev/hdaX will be used. You are asked to give a password. With 128 bits it must be longer than 20 characters.
In fstab put something like
/dev/hdaX /mnt/secure ext2 noauto,user,rw,loop=/dev/loop0,encryption=AES128 0 0
The option noauto gives you the chance to mount it in a terminal. This partition will be accesible and mountable by the user with
mount /dev/hdaX
You have to unmount it with
umount /dev/hdaX && losetup -d /dev/loop0
With aespipe you can encrypt an existing partition
aespipe -e AES128 -T < /dev/hda7 > /dev/hda7
Encrypted File
dd if=/dev/zero of=/home/user/secure bs=1024 count=5120 losetup -e AES128 /dev/loop0 /home/user/secure mkfs -t ext2 /dev/loop0 losetup -d /dev/loop0 mkdir /mnt/secure
This gives you a file with a size of 5MB (5120x1024 byte). You will be prompted for a password like before.
Mounting, unmounting and /etc/fstab entries are as mentioned before.
Generate secure passwords
head -c 30 /dev/urandom | uuencode -m -
-c 30 means, that the resulting password will be 30 characters long.