Stargate Logo  Secured by phpPhobos

secured site

  Login  - No Account?  Create One   
Wednesday, 7 October 2015 
    Site Documentation 
    About me 
    Web Links 
  Legal Notice 
 Registered Bloggers 
  Blog de Maiwenn 
  Joerg's Blog 
 FAQ  [ Topics  ]
 Routerboard RBxxxAH 
 Common Linux problem... 
 Apple Mac-mini 
 PHP Phobos 
 Stargate's Backup sc... 
 eBook Reader / PRS-5... 
 System Stats [ Index ]
  > Modem 
  > Gateway 
  > Nas 
  > Stargate 
  > RemPi 
Question ? How can In use a crypted Filesystem ?   [ View Details | Print View ]

 To use a crypted Filesystem - you first need to actually create it. I came accross an article showing me how to do it using cryptsetup. Check it out under Note that this is the upcoming standard for filesystem encryption under linux
LUKS was designed according to TKS1, a template design developed in [TKS1] for secure key setup. LUKS closely reassembles the structure recommended in the TKS1 paper, but also adds meta data for cipher setup management and LUKS also supports for multipe keys/passphrases. Why LUKS?
- compatiblity via standardization,
- secure against low entropy attacks,
- support for multiple keys,
- effective passphrase revocation,
- free
For creating the Crypted Filesystem - I assume using the /dev/sda1 device (USB-Drive). Replace all instances of sda1 with the device you require.:

modprobe aes
modprobe dm-crypt
cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/sda1

This will overwrite data on /dev/sda1 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
cryptsetup luksOpen /dev/sda1 cryptfs
Enter LUKS passphrase:
key slot 0 unlocked.

mke2fs -j -m 0 /dev/mapper/cryptfs
[...Formatting informations removed...]
tune2fs -c 0 -i 0 /dev/mapper/cryptfs
mkdir /cryptfs
mount /dev/mapper/cryptfs /cryptfs

This will setup up your crypted Partition and mount it under /cryptfs.
Unmount the Partition and lock the encrypted Filesystem cleanly for security

umount /cryptfs
cryptsetup luksClose cryptfs

and you're done. If you now want to add some more passwords - use cryptsetup to do so:

cryptsetup luksAddKey /dev/sda1
Enter any LUKS passphrase:
key slot 0 unlocked.
Enter new passphrase for key slot:

This added a new passphrase. Remove it using a similar command.

cryptsetup luksDelKey /dev/sda1 1

where 1 is the slot the key was stored in. Make sure you don't erase your master Key ... Would be bad if you couldn't access the encrypted FS anymore.
As I'm lazy to remember all that - I usually write wrapper scripts I use at home for mounting these devices.
Check it out in the donwload section.

        This Program manipulates crypted partitions

         mount          Mount a crypted partition
         umount         Unmount a crypted partition
         addkey         Add a new access key to the encrypted
         delkey         remove a key from the encrypted - don't use 0
                        Filesystem/Partition. 8 Max.
         new_partition  Create a new encrypted partition
                        * Warning - this will destroy all data on it
         device         Device to work on. e.g. /dev/sda1
         enc_module     Encryption module. Usually aes, or padlock if you have
                        a padlock accellerator chip as found on recent VIA Nemiah CPU's

Examples: new_partition /dev/sda1 aes mount /dev/sda1 aes addkey /dev/sda1 delkey /dev/sda1 aes 2 umount /dev/sda1

In case someone screws his partition - and needs a static version - check this static version of cryptsetup out. 

Entered by smurphy on Wednesday, 01 February 2006 @ 22:52:21  
Cryptography stuff - Common Linux problems, # Hits: 69198
  Back Back