|
[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[NMLUG] Creating a loopback crypto filesystem
- Subject: [NMLUG] Creating a loopback crypto filesystem
- From: havoc at harrisdev.com (Jody Harris)
- Date: Wed Jan 5 22:44:55 2005
Okay, looks like things in 2.6 are different enough from 2.4 that the
instructions I was attempting to follow are no bueno.
# create a "disk image" (this one is 20 MB)
dd if': dd if=/dev/urandom of=cipher1.img bs=1M count=20
# seeding with urandom just makes any attacker's job harder
# create the loopback device with losetup
losetup /dev/loop1 cipher1.img
# use cryptosetup to create an dm-crypt device "out of" (for lack
# of a better term) the loopback device
/usr/sbin/cryptsetup create cipher /dev/loop1
# This creates an encrypted device at /dev/mapper/cipher
# put a filesystem (pick a filesystem, any filesystem) on the device
mke2fs /dev/mapper/cipher
# create a mount point in /mnt or /media or somewhere
mkdir /mnt/cipher
# mount it
mount /dev/mapper/cipher /mnt/cipher
You're done! Well, you're partly done.
This is a combination of two Linux Journal articles. One from August
2003, and one from January 2005. The rest of what I want to do will be
related to the Jan 2005 article.
Instead of creating your dm-crypt device with a password, you can use a
large, random key, then store that key on a USB thumb drive to lock down
your root file system on a notebook. What I would like to do is apply
this in such a way that I can have encrypted devices via network
connections. I think you should be able to use one of the PAM modules
to securely access them over ssh connections without exposing your key.
(Back to the August 2003 article.)
Now, I'm going to pretend that I've made the world a somewhat better
place and go to bed with a false sense of achievement.
jody
--
http://www.RealizationSystems.com/ -- start communicating
http://www.GalacticSlacker.com/ -- read it and weep
http://www.NMPerspective.com/ -- a Southwest Perspective
|
|
