|
[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[NMLUG] Creating a loopback crypto filesystem
On Wed, 2005-01-05 at 22:44, Jody Harris wrote:
> Okay, looks like things in 2.6 are different enough from 2.4 that the
> instructions I was attempting to follow are no bueno.
>
> # create a "disk image" (this one is 20 MB)
> dd if': dd if=/dev/urandom of=cipher1.img bs=1M count=20
> # seeding with urandom just makes any attacker's job harder
>
> # create the loopback device with losetup
> losetup /dev/loop1 cipher1.img
>
> # use cryptosetup to create an dm-crypt device "out of" (for lack
> # of a better term) the loopback device
> /usr/sbin/cryptsetup create cipher /dev/loop1
> # This creates an encrypted device at /dev/mapper/cipher
>
> # put a filesystem (pick a filesystem, any filesystem) on the device
> mke2fs /dev/mapper/cipher
>
> # create a mount point in /mnt or /media or somewhere
> mkdir /mnt/cipher
>
> # mount it
> mount /dev/mapper/cipher /mnt/cipher
>
> You're done! Well, you're partly done.
This looks great!
Might you be willing to give us some more hints, or URL's?
What encryption do you recommend?
Where can we get stuff for the appropriate "international" encryption
module (a 2.6 debian sources.list entry would be nice... if you
know...)?
How/where do we do key generation, and how/where do you keep your key?
(Thumb drive, CD-ROM... Is a password-protected key secure enough...
in case I decide to leave the key on the system...)
I may want to start keeping some sensitive data in a crypto-fs.
I also may want to encrypt sensitive data before backing up via
disk-space shares discussed earlier.
--
Aaron Birenboim \ I have an inferiority complex,
Albuquerque, NM, USA \ but its not a very good one.
aaron at birenboim.com \
http://aaron.birenboim.com \
|
|
