User:Jebba/Cryptsetup

1 Intro
2 Kernel
3 Userspace tools
4 Create cryptfile
5 Umount
6 Mount
7 See Also
8 TODO

[edit] Intro

Cryptsetup is a good way to use an encrypted filesystem with a gnulinux system. I have made kernel modules and built the cryptsetup program so it can be used with Maemo.

[edit] Kernel

You need some kernel modules to use cryptsetup. You can build your own kernel or use mine. This wiki has instructions on installing my custom kernel.

[edit] Userspace tools

You'll need to install cryptsetup from the extras-devel repository.

[edit] Create cryptfile

Set up a file to use:

#!/bin/sh
set -x
CRYPTSIZE=4
LOOPFILE=/dev/loop0
CRYPTNAME=cryptfooz
CRYPTFILE=/home/user/MyDocs/$CRYPTNAME
echo "warning going to erase $CRYPTFILE"
read ok
dd if=/dev/urandom of=$CRYPTFILE bs=1M count=$CRYPTSIZE
cryptsetup remove $CRYPTNAME
losetup -d $LOOPFILE
losetup $LOOPFILE $CRYPTFILE
cryptsetup -v \
	--key-size=256 \
	--cipher=twofish-cbc-essiv:sha256 \
	create \
	$CRYPTNAME \
	$LOOPFILE
mkfs.ext3 -j -m0 /dev/mapper/$CRYPTNAME
mkdir -p /mnt/$CRYPTNAME
mount -o noatime /dev/mapper/$CRYPTNAME /mnt/$CRYPTNAME
chown user:users /mnt/$CRYPTNAME
ls -la /mnt/$CRYPTNAME

With this, you can now copy files to /mnt/cryptfooz and they'll be encrypted.

[edit] Umount

(Untested, but should just be like this)

# cryptfooz or whatever you named it above
umount /mnt/cryptfooz

# Then remove it from cryptsetup
cryptsetup remove cryptofooz

# Then freeup the loopback
losetup -d /dev/loop0

[edit] Mount

So the next time you want to mount it, just run:

#!/bin/sh
set -x
CRYPTSIZE=4
LOOPFILE=/dev/loop0
CRYPTNAME=cryptfooz
CRYPTFILE=/home/user/MyDocs/$CRYPTNAME
cryptsetup remove $CRYPTNAME
losetup -d $LOOPFILE
losetup $LOOPFILE $CRYPTFILE
cryptsetup -v \
	--key-size=256 \
	--cipher=twofish-cbc-essiv:sha256 \
	create \
	$CRYPTNAME \
	$LOOPFILE
mount -o noatime /dev/mapper/$CRYPTNAME /mnt/$CRYPTNAME
ls -la /mnt/$CRYPTNAME

[edit] See Also

http://wiki.blagblagblag.org/Encrypting_Root_Filesystem - old, but lots of copying from my old page there.

[edit] TODO

May be possible, may not be possible:

Encrypted /home/user

Encrypted /home/user/MyDocs

Encrypted root

Encrypted swap

Way to prompt for password

Retrieved from "http://bugs.maemo.org/User:Jebba/Cryptsetup"

This page was last modified on 13 January 2010, at 12:56.
This page has been accessed 6,890 times.

Personal tools

Navigation

Views