On 07 Jul 2001 00:28:23 -0700, IT3 Stuart B. Tener, USNR-R wrote: > Dear Sir: > > 1) I just downloaded/compiled/installed the 2.4.6 kernel from > (http://www.kernel.org/pub/linux/kernel/v2.4/); I am standardizing on using > the kernel.org kernel distributions from this day forward, no matter what > distribution of Linux I use > 2) I am going to grab the crypto patches from > (http://www.kernel.org/pub/linux/kernel/crypto/v2.4/); and install them > later tonight > 3) I will download and read > http://encryptionhowto.sourceforge.net/Encryption-HOWTO.html > Normally a raw partition would have a filesystem placed on it, my initial > presumptions were you then place encryption on the filesystem, and I have > now learned that after adding encryption a filesystem must be laid down > again, thus adding a second layer of filesystem. I do not see the need for > this, and have been advised that it is better to encrypt a raw partition, > and then place a filesystem on top of the encrypted raw partition. Do I > understand you correctly? Presuming what I understand is what you were > recommending; do you see any problem with the filesystem that is going to > overlay the encryption being a ReiserFS filesystem? Yes you do not need an underlying filesystem. Let me give you an example: Say /dev/hda2 is a spare partition that you want to encrypt. First you are supposed to put random data on the partition (this takes a while): dd if=/dev/urandom of=/dev/hda2 then you create an encrypted loop device on that partition: losetup -e <ciphername> /dev/loop0 /dev/hda2 Then you format it (you wanted to try reiserfs): mkreiserfs /dev/loop0 Then you mount it: mkdir /encrypted mount -t reiserfs /dev/loop0 /encrypted OK now unmount it: umount /dev/loop0 losetup -d /dev/loop0 And so on, see the HOWTO. If you did it right (and added the right entries to fstab) you will be asked for your password the next time you go to mount the partition. > If I understand all that you are saying with regard to the above; then I am > presuming all I must do is wait for a resolution to the issues with in > pursuit of patching 2.4.6, and I will be on my way. Yep, though Loop-AES is looking superior at this stage :-) I wasn't aware of the international kernel patch SMP issues (so am now open to advice about this). Regards, Adam Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
