Crypt Filesystems

From Blue-IT.org Wiki

Revision as of 11:11, 16 September 2010 by WikiSysOp (talk | contribs) (Cryptoloop)

Cryptkeeper

A more comfortable way of using encrypted filesystems is a tool for gnome: cryptkeeper

sudo apt-get install cryptkeeper

installs everything that is needed. Using is pretty forward.

Editing the file

vim /etc/gdm/PostSession/Default

and adding the line

umount "$(cat /etc/mtab | grep encfs | awk '{print $2}' | tail -n1 | sed -e 's/\040/ /g' | sed -e 's/\\ / /g')"

assures that all encfs filesystems are umounted after logout.

Cryptoloop AES

Prepare a file according or partition according to Encrypted DVD and Laufwerke verschlüsselen mit Loop-AES for encryption with Loop-AES.

Prerequisites

  • Load module cryptoloop:
modprobe cryptoloop
  • Assure you have AES compiled in your kernel.
  • Assure you have installed loop-aes
  • Prepare a password (>20 chars for 128bit) and write it down at a secure place.


Encrypted partition

losetup -e AES128 /dev/loop0 /dev/hdaX
mkfs -t ext2 /dev/loop0
losetup -d /dev/loop0
mkdir /mnt/secure

With losetup the encrypted partition /dev/hdaX will be used. You are asked to give a password. With 128 bits it must be longer than 20 characters.

In fstab put something like

/dev/hdaX /mnt/secure ext2 noauto,user,rw,loop=/dev/loop0,encryption=AES128 0 0 

The option noauto gives you the chance to mount it in a terminal. This partition will be accesible and mountable by the user with

mount /dev/hdaX

You have to unmount it with

umount /dev/hdaX && losetup -d /dev/loop0

With aespipe you can encrypt an existing partition

aespipe -e AES128 -T < /dev/hda7 > /dev/hda7

Encrypted File

dd if=/dev/zero of=/home/user/secure bs=1024 count=5120
losetup -e AES128 /dev/loop0 /home/user/secure
mkfs -t ext2 /dev/loop0
losetup -d /dev/loop0
mkdir /mnt/secure

This gives you a file with a size of 5MB (5120x1024 byte). You will be prompted for a password like before.

Mounting, unmounting and /etc/fstab entries are as mentioned before.

Generate secure passwords

head -c 30 /dev/urandom | uuencode -m -

-c 30 means, that the resulting password will be 30 characters long.