[NMLUG] Creating a loopback crypto filesystem

Subject: [NMLUG] Creating a loopback crypto filesystem
From: jamesh at swcp.com (James Hamilton)
Date: Thu Jan 6 13:50:13 2005
In-reply-to: <41DCD051.6040708@harrisdev.com>
References: <41DCD051.6040708@harrisdev.com>

I was pretty excited to see this type of functionality called 'File Vault'
in Mac OS X.  How is the performance under linux?

On Wed, Jan 05, 2005 at 10:44:49PM -0700, Jody Harris wrote:
> Okay, looks like things in 2.6 are different enough from 2.4 that the 
> instructions I was attempting to follow are no bueno.
> 
> # create a "disk image" (this one is 20 MB)
> dd if': dd if=/dev/urandom of=cipher1.img bs=1M count=20
> # seeding with urandom just makes any attacker's job harder
> 
> # create the loopback device with losetup
> losetup /dev/loop1 cipher1.img
> 
> # use cryptosetup to create an dm-crypt device "out of" (for lack
> # of a better term) the loopback device
> /usr/sbin/cryptsetup create cipher /dev/loop1
> # This creates an encrypted device at /dev/mapper/cipher
> 
> # put a filesystem (pick a filesystem, any filesystem) on the device
> mke2fs /dev/mapper/cipher
> 
> # create a mount point in /mnt or /media or somewhere
> mkdir /mnt/cipher
> 
> # mount it
> mount /dev/mapper/cipher /mnt/cipher
> 
> You're done!  Well, you're partly done.
> 
> This is a combination of two Linux Journal articles.  One from August 
> 2003, and one from January 2005.  The rest of what I want to do will be 
> related to the Jan 2005 article.
> 
> Instead of creating your dm-crypt device with a password, you can use a 
> large, random key, then store that key on a USB thumb drive to lock down 
> your root file system on a notebook.  What I would like to do is apply 
> this in such a way that I can have encrypted devices via network 
> connections.  I think you should be able to use one of the PAM modules 
> to securely access them over ssh connections without exposing your key. 
>  (Back to the August 2003 article.)
> 
> Now, I'm going to pretend that I've made the world a somewhat better 
> place and go to bed with a false sense of achievement.
> 
> jody
> -- 
> http://www.RealizationSystems.com/ -- start communicating
> http://www.GalacticSlacker.com/ -- read it and weep
> http://www.NMPerspective.com/ -- a Southwest Perspective
> _______________________________________________
> NMLUG mailing list
> NMLUG@nmlug.org
> http://www.nmlug.org/mailman/listinfo/nmlug

-- 

James Hamilton
Southwest Cyberport
http://www.swcp.com
505-232-7992

References:
- [NMLUG] Creating a loopback crypto filesystem
  - From: havoc at harrisdev.com (Jody Harris)

Prev by Date: [NMLUG] Add User / KDE problems
Next by Date: [NMLUG] IR camera streaming?!??
Index(es):
- Chronological
- Thread

Please send sugestions and comments to webmaster@nmlug.org.