User:Jebba/Cryptsetup
Contents |
[edit] Intro
Cryptsetup is a good way to use an encrypted filesystem with a gnulinux system. I have made kernel modules and built the cryptsetup program so it can be used with Maemo.
[edit] Kernel
You need some kernel modules to use cryptsetup. You can build your own kernel or use mine. This wiki has instructions on installing my custom kernel.
[edit] Userspace tools
You'll need to install cryptsetup from the extras-devel repository.
[edit] Create cryptfile
Set up a file to use:
#!/bin/sh set -x CRYPTSIZE=4 LOOPFILE=/dev/loop0 CRYPTNAME=cryptfooz CRYPTFILE=/home/user/MyDocs/$CRYPTNAME echo "warning going to erase $CRYPTFILE" read ok dd if=/dev/urandom of=$CRYPTFILE bs=1M count=$CRYPTSIZE cryptsetup remove $CRYPTNAME losetup -d $LOOPFILE losetup $LOOPFILE $CRYPTFILE cryptsetup -v \ --key-size=256 \ --cipher=twofish-cbc-essiv:sha256 \ create \ $CRYPTNAME \ $LOOPFILE mkfs.ext3 -j -m0 /dev/mapper/$CRYPTNAME mkdir -p /mnt/$CRYPTNAME mount -o noatime /dev/mapper/$CRYPTNAME /mnt/$CRYPTNAME chown user:users /mnt/$CRYPTNAME ls -la /mnt/$CRYPTNAME
With this, you can now copy files to /mnt/cryptfooz and they'll be encrypted.
[edit] Umount
(Untested, but should just be like this)
# cryptfooz or whatever you named it above umount /mnt/cryptfooz # Then remove it from cryptsetup cryptsetup remove cryptofooz # Then freeup the loopback losetup -d /dev/loop0
[edit] Mount
So the next time you want to mount it, just run:
#!/bin/sh set -x CRYPTSIZE=4 LOOPFILE=/dev/loop0 CRYPTNAME=cryptfooz CRYPTFILE=/home/user/MyDocs/$CRYPTNAME cryptsetup remove $CRYPTNAME losetup -d $LOOPFILE losetup $LOOPFILE $CRYPTFILE cryptsetup -v \ --key-size=256 \ --cipher=twofish-cbc-essiv:sha256 \ create \ $CRYPTNAME \ $LOOPFILE mount -o noatime /dev/mapper/$CRYPTNAME /mnt/$CRYPTNAME ls -la /mnt/$CRYPTNAME
[edit] See Also
- http://wiki.blagblagblag.org/Encrypting_Root_Filesystem - old, but lots of copying from my old page there.
[edit] TODO
May be possible, may not be possible:
- Encrypted /home/user
- Encrypted /home/user/MyDocs
- Encrypted root
- Encrypted swap
- Way to prompt for password
- This page was last modified on 13 January 2010, at 12:56.
- This page has been accessed 6,922 times.