Difference between revisions of "Crypt Filesystems"

From Blue-IT.org Wiki

 
Line 1: Line 1:
 
Prepare a file according or partition according to [https://wiki.blue-it.org/index.php?action=edit&preload=&editintro=&title=Cryptoloop+AES&create=Create+article Encrypted DVD] and [http://www.pl-berichte.de/t_system/loop-aes.html Laufwerke verschlüsselen mit Loop-AES] for encryption with Loop-AES.
 
Prepare a file according or partition according to [https://wiki.blue-it.org/index.php?action=edit&preload=&editintro=&title=Cryptoloop+AES&create=Create+article Encrypted DVD] and [http://www.pl-berichte.de/t_system/loop-aes.html Laufwerke verschlüsselen mit Loop-AES] for encryption with Loop-AES.
  
===Prerequisites===
+
==Prerequisites==
 
* Load module '''cryptoloop''':
 
* Load module '''cryptoloop''':
 
  modprobe cryptoloop
 
  modprobe cryptoloop
Line 10: Line 10:
  
  
===encrypted partition===
+
==encrypted partition==
  
 
  losetup -e AES128 /dev/loop0 /dev/hdaX
 
  losetup -e AES128 /dev/loop0 /dev/hdaX
Line 35: Line 35:
 
  aespipe -e AES128 -T < /dev/hda7 > /dev/hda7
 
  aespipe -e AES128 -T < /dev/hda7 > /dev/hda7
  
===Encrypted File===
+
==Encrypted File==
  
 
  dd if=/dev/zero of=/home/user/secure bs=1024 count=5120
 
  dd if=/dev/zero of=/home/user/secure bs=1024 count=5120

Revision as of 21:41, 4 June 2006

Prepare a file according or partition according to Encrypted DVD and Laufwerke verschlüsselen mit Loop-AES for encryption with Loop-AES.

Prerequisites

  • Load module cryptoloop:
modprobe cryptoloop
  • Assure you have AES compiled in your kernel.
  • Assure you have installed loop-aes
  • Prepare a password (>20 chars for 128bit) and write it down at a secure place.


encrypted partition

losetup -e AES128 /dev/loop0 /dev/hdaX
mkfs -t ext2 /dev/loop0
losetup -d /dev/loop0
mkdir /mnt/secure

With losetup the encrypted partition /dev/hdaX will be used. You are asked to give a password. With 128 bits it must be longer than 20 characters.

In fstab put something like 

/dev/hdaX /mnt/secure ext2 noauto,user,rw,loop=/dev/loop0,encryption=AES128 0 0

The option noauto gives you the chance to mount it in a terminal. This partition will be accesible and mountable by the user with 

mount /dev/hdaX

You have to unmount it with 

umount /dev/hdaX && losetup -d /dev/loop0

With aespipe you can encrypt an existing partition 

aespipe -e AES128 -T < /dev/hda7 > /dev/hda7

Encrypted File

dd if=/dev/zero of=/home/user/secure bs=1024 count=5120
losetup -e AES128 /dev/loop0 /home/user/secure
mkfs -t ext2 /dev/loop0
losetup -d /dev/loop0
mkdir /mnt/secure

This gives you a file with a size of 5MB (5120x1024 byte). You will be prompted for a password like before.

Mounting, unmounting and /etc/fstab entries are as mentioned before.

Retrieved from "https://wiki.blue-it.org/index.php?title=Crypt_Filesystems&oldid=1454"