[NMLUG] Creating a loopback crypto filesystem

Subject: [NMLUG] Creating a loopback crypto filesystem
From: havoc at harrisdev.com (Jody Harris)
Date: Thu Jan 6 13:42:59 2005
In-reply-to: <41DCD051.6040708@harrisdev.com>
References: <41DCD051.6040708@harrisdev.com>

Jody Harris wrote:
> Okay, looks like things in 2.6 are different enough from 2.4 that the 
> instructions I was attempting to follow are no bueno.

With further investigation, I discovered that using dm-crypt, it there 
were several steps, and I was not able to unmount the drive when I was 
done and still be able to get back to it.  That method creates a drive 
that is permanently available once it has been mounted.

I went back to attempting to mount the encrypted device with losetup 
doing the encryption step, and realized that I FAILED (!) to 'modprobe 
cryptoloop' before trying to use cryptoloop.  ACK!

so anyway:

# create a "disk image" (this one is 20 MB)
dd if': dd if=/dev/urandom of=cipher1.img bs=1M count=20
# seeding with urandom just makes any attacker's job harder

# load the cryptoloop module
modprobe cryptoloop

# create the loopback device with losetup
losetup -e AES128 /dev/loop1 cipher1.img
# pick your encryption poison here
# use the -K gpgkey option if you want to use a gpg key
# more options available

# put a filesystem (pick a filesystem, any filesystem) on the device
mke2fs /dev/loop1

# create a mount point in /mnt or /media or somewhere
mkdir /mnt/cipher

# delete the loopback device
losetup -d /dev/loop1

# Now, we have an unmounted crypto device that's not connected
# to a loopback device.  We can dynamically create the loopback
# device when we mount it with the following command

# mount it
mount -o loop,encryption=aes128 cipher1.img /mnt/cipher/
# This will prompt you for a password.  If the passwords don't
# match, mount will fail when it cannot find a filesystem on the
# encrypted device.

If you want to have your crypto filesystems automatically mounted and 
unmounted when accessing a system, take a look at www.flyn.org at the 
pam_mount documentation (http://www.flyn.org/projects/pam_mount/index.html).

jody
-- 
http://www.RealizationSystems.com/ -- start communicating
http://www.GalacticSlacker.com/ -- read it and weep
http://www.NMPerspective.com/ -- a Southwest Perspective

Follow-Ups:
- [NMLUG] IR camera streaming?!??
  - From: aaron at boim.com (Aaron NMLUG-EV)
- [NMLUG] Creating a loopback crypto filesystem
  - From: havoc at harrisdev.com (Jody Harris)

References:
- [NMLUG] Creating a loopback crypto filesystem
  - From: havoc at harrisdev.com (Jody Harris)

Prev by Date: [NMLUG] Samba + NFS
Next by Date: [NMLUG] Add User / KDE problems
Index(es):
- Chronological
- Thread

Please send sugestions and comments to webmaster@nmlug.org.