Thomas,
Thanks for the info.
I tried a fresh install of the kernel (2.4.26) and patched it with: patch-cryptoloop-jari-2.4.22.0
Then I turned on crypto loop device in the Block Devices menu. I recompiled. All went smoothly.
But losetup still doesn't recognize any of the crypto ciphers.
Here's the output:
% losetup -e aes -k 256 /dev/loop7 /etc/encrypted.data
The cipher does not exist, or a cipher module needs to be loaded into the kernel
ioctl: LOOP_SET_STATUS: Invalid argument
That's the same output that I had before when I was just using the crypto API stuff (without jari's patch for cryptoloop).
I then looked, and I saw that when I selected the cryptoloop module, it disabled the crypto API for me. And I don't see any modules at:
% cat /proc/crypto
(Ie, nothing appears when I cat it.)
So apparently this means you can have one or the other, but not both, eh? Either you use cryptoloop or you use the built-in Crypto API?
This doesn't make sense at all. Why use cryptoloop? What does it do? I thought the Crypto API did everything?
And do I need a particular version of losetup (util-linux package)? If so, which one? And do I need to patch it with a patch file? If so, which one?
Someone suggested I use loop-aes? I have to check into that. But does that mean that it only supports AES and not blowfish etc? If so, I want blowfish and the rest. I don't just want AES. Having a fast version of AES is nice, but not necessary.
I dunno. I've been patching my kernels with the crypto patches since kernel 2.0.x. It's never been easy. And nobody ever seems to have a nice readme.txt file available to do it. I'm always left to beg for help on this mailing list. It's frustrating.
Steve
From: Thomas Sjögren <thomas@xxxxxxxxxxxxxxxxxxxx> Reply-To: thomas@xxxxxxxxxxxxxxxxxxxx To: Lohan Knight <lohan_knight@xxxxxxxxxxx> CC: linux-crypto@xxxxxxxxxxxx Subject: Re: Help trying to setup an encypted filesystem. Date: Mon, 21 Jun 2004 13:06:15 +0200
On Sun, Jun 20, 2004 at 11:54:38PM -0500, Lohan Knight wrote: > So what do I have to do to get kernel 2.4.26 to the point where > I can create an encrypted filesystem? I don't care too much > about backwards compatibility.
The kernel, as you said, contains the crypto but it doesn't support cryptoloop. Try http://www.kernel.org/pub/linux/kernel/people/hvr/testing/patch-cryptoloop-jari-2.4.22.0 or you might want to consider loop-aes instead.
> Does anyone have a step by > step list of instructions on how to do that?
this is for creating a encrypted /tmp using the vanilla crypto stuff in the kernel + the cryptoloop-jari
patch, works for 2.4.26:
patch, configure, compile and reboot the kernel
losetup -e aes -k 256 /dev/loop0 <your partition or file[1]> mkfs -t ext2 /dev/loop0 mount -o nosuid,nodev -t ext2 /dev/loop0 /tmp chmod 1777 /tmp
[1] dd if=/dev/urandom of=/tmpcrypt bs=1M count=<size of /tmp in M> for example
/Thomas -- == thomas@xxxxxxxxxxxxxxxxxxxx | thomas@xxxxxxxxxxxx == Encrypted e-mails preferred | GPG KeyID: 114AA85C -- << signature.asc >>
_________________________________________________________________
Get fast, reliable Internet access with MSN 9 Dial-up ? now 3 months FREE! http://join.msn.click-url.com/go/onm00200361ave/direct/01/
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
