Stargate Logo  Secured by phpPhobos

secured site

Smurphtools   
  Login  - No Account ?  Create One   
Search
Fri, 31 Oct 2014 12:05:41 
  Home 
  Authentication 
 Documentation 
    Site Documentation 
    About me 
 Applications 
    Downloads 
    Web Links 
  Legal Notice 
 Registered Bloggers 
  Maiwenn's Blog 
  Joerg's Blog 
 FAQ Topic [ Topics  ]
 Routerboard RBxxxAH 
 Common Linux problem... 
 Apple Mac-mini 
 PHP Phobos 
 Stargate's Backup sc... 
 eBook Reader / PRS-5... 
 QNAP SS839 NAS 
 System Stats [ Index ]
 Router
  > Modem 
  > Gateway 
 Server
  > Stargate 
 Client
  > RemPi 
Question ? How can In use a crypted Filesystem ?   [ View Details | Print View ]

 To use a crypted Filesystem - you first need to actually create it. I came accross an article showing me how to do it using cryptsetup. Check it out under http://luks.endorphin.org. Note that this is the upcoming standard for filesystem encryption under linux
LUKS was designed according to TKS1, a template design developed in [TKS1] for secure key setup. LUKS closely reassembles the structure recommended in the TKS1 paper, but also adds meta data for cipher setup management and LUKS also supports for multipe keys/passphrases. Why LUKS?
- compatiblity via standardization,
- secure against low entropy attacks,
- support for multiple keys,
- effective passphrase revocation,
- free
For creating the Crypted Filesystem - I assume using the /dev/sda1 device (USB-Drive). Replace all instances of sda1 with the device you require.:

modprobe aes
modprobe dm-crypt
cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/sda1

WARNING!
========
This will overwrite data on /dev/sda1 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
cryptsetup luksOpen /dev/sda1 cryptfs
Enter LUKS passphrase:
key slot 0 unlocked.

mke2fs -j -m 0 /dev/mapper/cryptfs
[...Formatting informations removed...]
tune2fs -c 0 -i 0 /dev/mapper/cryptfs
mkdir /cryptfs
mount /dev/mapper/cryptfs /cryptfs

This will setup up your crypted Partition and mount it under /cryptfs.
Unmount the Partition and lock the encrypted Filesystem cleanly for security

umount /cryptfs
cryptsetup luksClose cryptfs

and you're done. If you now want to add some more passwords - use cryptsetup to do so:

cryptsetup luksAddKey /dev/sda1
Enter any LUKS passphrase:
key slot 0 unlocked.
Enter new passphrase for key slot:

This added a new passphrase. Remove it using a similar command.

cryptsetup luksDelKey /dev/sda1 1

where 1 is the slot the key was stored in. Make sure you don't erase your master Key ... Would be bad if you couldn't access the encrypted FS anymore.
As I'm lazy to remember all that - I usually write wrapper scripts I use at home for mounting these devices.
Check it out in the donwload section.

Usage:  mount_crypted.sh    
        This Program manipulates crypted partitions

         mount          Mount a crypted partition
         umount         Unmount a crypted partition
         addkey         Add a new access key to the encrypted
         delkey         remove a key from the encrypted - don't use 0
                        Filesystem/Partition. 8 Max.
         new_partition  Create a new encrypted partition
                        * Warning - this will destroy all data on it
         device         Device to work on. e.g. /dev/sda1
         enc_module     Encryption module. Usually aes, or padlock if you have
                        a padlock accellerator chip as found on recent VIA Nemiah CPU's

Examples:
        mount_crypted.sh new_partition /dev/sda1 aes
        mount_crypted.sh mount /dev/sda1 aes
        mount_crypted.sh addkey /dev/sda1
        mount_crypted.sh delkey /dev/sda1 aes 2
        mount_crypted.sh umount /dev/sda1

In case someone screws his partition - and needs a static version - check this static version of cryptsetup out. 

Entered by smurphy on Wednesday, 01 February 2006 @ 22:52:21  
Cryptography stuff - Common Linux problems, # Hits: 60721
  Back Back