Terminus Logo

Question ? How can In use a crypted Filesystem ?  

 To use a crypted Filesystem - you first need to actually create it. I came accross an article showing me how to do it using cryptsetup. Check it out under http://luks.endorphin.org. Note that this is the upcoming standard for filesystem encryption under linux
LUKS was designed according to TKS1, a template design developed in [TKS1] for secure key setup. LUKS closely reassembles the structure recommended in the TKS1 paper, but also adds meta data for cipher setup management and LUKS also supports for multipe keys/passphrases. Why LUKS?
- compatiblity via standardization,
- secure against low entropy attacks,
- support for multiple keys,
- effective passphrase revocation,
- free
For creating the Crypted Filesystem - I assume using the /dev/sda1 device (USB-Drive). Replace all instances of sda1 with the device you require.: 

modprobe aes
modprobe dm-crypt
cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/sda1

WARNING!
========
This will overwrite data on /dev/sda1 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
cryptsetup luksOpen /dev/sda1 cryptfs
Enter LUKS passphrase:
key slot 0 unlocked.

mke2fs -j -m 0 /dev/mapper/cryptfs
[...Formatting informations removed...]
tune2fs -c 0 -i 0 /dev/mapper/cryptfs
mkdir /cryptfs
mount /dev/mapper/cryptfs /cryptfs

This will setup up your crypted Partition and mount it under /cryptfs.
Unmount the Partition and lock the encrypted Filesystem cleanly for security 

umount /cryptfs
cryptsetup luksClose cryptfs

and you're done. If you now want to add some more passwords - use cryptsetup to do so: 

cryptsetup luksAddKey /dev/sda1
Enter any LUKS passphrase:
key slot 0 unlocked.
Enter new passphrase for key slot:

This added a new passphrase. Remove it using a similar command. 

cryptsetup luksDelKey /dev/sda1 1

where 1 is the slot the key was stored in. Make sure you don't erase your master Key ... Would be bad if you couldn't access the encrypted FS anymore.
As I'm lazy to remember all that - I usually write wrapper scripts I use at home for mounting these devices.
Check it out in the donwload section. 

Usage:  mount_crypted.sh    
        This Program manipulates crypted partitions

         mount          Mount a crypted partition
         umount         Unmount a crypted partition
         addkey         Add a new access key to the encrypted
         delkey         remove a key from the encrypted - don't use 0
                        Filesystem/Partition. 8 Max.
         new_partition  Create a new encrypted partition
                        * Warning - this will destroy all data on it
         device         Device to work on. e.g. /dev/sda1
         enc_module     Encryption module. Usually aes, or padlock if you have
                        a padlock accellerator chip as found on recent VIA Nemiah CPU's

Examples:
        mount_crypted.sh new_partition /dev/sda1 aes
        mount_crypted.sh mount /dev/sda1 aes
        mount_crypted.sh addkey /dev/sda1
        mount_crypted.sh delkey /dev/sda1 aes 2
        mount_crypted.sh umount /dev/sda1

In case someone screws his partition - and needs a static version - check this static version of cryptsetup out. 
Entered by smurphy on Wednesday, 01 February 2006 @ 22:52:21  
Cryptography stuff - Common Linux problems, # Hits: 107959

This page was issued from the Terminus Website:
https://www.solsys.org

The URL for this page is:
https://www.solsys.org/mod.php?mod=faq&op=view&faq_id=103


  Close