Peter Kirk wrote: > On Donnerstag, 11. Juli 2002 17:39 Jari Ruusu wrote: > > Loop-AES does all of that, including encrypted swap (by adding > > loop=/dev/loop6,encryption=AES128 options to swap entries of your > > /etc/fstab file). It even includes a configurable script to create a > > complete fully-working initrd for you. Just follow instructions in the > > README file and you have encrypted-everything-except-/boot system. > > > > You can find latest version here: > There was a HowTo I read (from 2000 or sth), > which explained how to patch loopback driver, util-linux, the Kernel, > integrate crypto-api. > At this moment I _can_ use losetup to create a encrypted file-system (with > aes) on a partition (or a file). Do I realy have to install this Loop-AES ? > Why ? Is it only possible to encrypt swap with Loop-AES instead of with my > crypto-loopback ? You don't have to. But loop-AES' AES cipher is twice as fast as cryptoapi AES on most modern boxes, and you don't have to patch your kernel at all to use it. Cryptoapi still uses dark ages method for encrypted swap: some init script (each distro needs a different one) that does magic and then sets up a loop device and enables swap on it. Loop-AES enhanced swapon understands loop= and encryption= options in /etc/fstab to enable encrypted swap. Existing init scripts simply run swapon -a and swapon does all that encrypted swap magic. No need to modify init scripts. > My biggest problem till now is: I`d like to mount all my partitions with the > same password, which I only want to enter once...but losetup doesnt seem to > provide an option for the password ! This is explained in loop-AES' README. Once you have encrypted root partition, you can simply have a script (on root partition) that sets other partitions like this before other partitions are mounted. And since root partition is encrypted, passwords within such scripts are protected by root partition encryption. echo "Pd1eXapMJk0XAJnNSIzE" | losetup -p 0 -e AES128 /dev/loop6 /dev/hda666 echo "D0aZNSNnu6FdAph+zrHt" | losetup -p 0 -e AES128 /dev/loop4 /dev/hdd666 Regards, Jari Ruusu <jari.ruusu@pp.inet.fi> - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
