|
[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[NMLUG] Creating a loopback crypto filesystem
> # create a "disk image" (this one is 20 MB)
> dd if': dd if=/dev/urandom of=cipher1.img bs=1M count=20
> # seeding with urandom just makes any attacker's job harder
>
> # load the cryptoloop module
> modprobe cryptoloop
>
> # create the loopback device with losetup
> losetup -e AES128 /dev/loop1 cipher1.img
> # pick your encryption poison here
> # use the -K gpgkey option if you want to use a gpg key
> # more options available
>
> # put a filesystem (pick a filesystem, any filesystem) on the device
> mke2fs /dev/loop1
>
> # create a mount point in /mnt or /media or somewhere
> mkdir /mnt/cipher
>
> # delete the loopback device
> losetup -d /dev/loop1
>
> # Now, we have an unmounted crypto device that's not connected
> # to a loopback device. We can dynamically create the loopback
> # device when we mount it with the following command
>
> # mount it
> mount -o loop,encryption=aes128 cipher1.img /mnt/cipher/
> # This will prompt you for a password. If the passwords don't
> # match, mount will fail when it cannot find a filesystem on the
> # encrypted device.
>
> If you want to have your crypto filesystems automatically mounted and
> unmounted when accessing a system, take a look at www.flyn.org at the
> pam_mount documentation
> (http://www.flyn.org/projects/pam_mount/index.html).
>
By adding the following the following line to fstab, I am able to mount
and umount this device as a non-root user:
/home/bigpig/cipher1.img /mnt/cipher ext2 \
rw,loop,encryption=aes128,user,noauto 0 0
James, I'm not ignoring your performance question, I just don't know the
answer. I haven't actually used it.
jody
--
http://www.RealizationSystems.com/ -- start communicating
http://www.GalacticSlacker.com/ -- read it and weep
http://www.NMPerspective.com/ -- a Southwest Perspective
|
|
