> > Thank you for the suggestion. I just read a similar suggestion for Jari, though I need a more
> > detailed example to actually implement the suggestion (as in an example fstab and command line
> > that properly sets up the stack of loops). I never stacked loops before, and do not yet seem
to
> > understand how I would stack loops.
> >
> > While your suggestion with the keys residing in each layer may be convenient, I think it
> > needlessly reduces the security to Level 2 as stated in the loop-AES.README. It would be just
as
> > convenient and easy to store the keys external to the encrypted partion/loops.
>
> Taken the losetup from the README i've just written this shell-script
> Example is for 4 layer, but you can be easily changed for more or less.
>
> - snip -
> #!/bin/bash
>
> loop=0
> # Find next free Loop-device
> # return loop-device as output-string and (next) nr via return-value
> function nextFreeLoop()
> {
> while true
> do
> if [ ! -b "/dev/loop${loop}" ]; then
> print "No more loop devices /dev/loop${loop}"
> exit 99
> fi
> # If the loop-device is "free" then break
> losetup "/dev/loop${loop}" &>/dev/null || break
> let loop=loop+1
> done
> echo "/dev/loop${loop}"
> let loop=loop+1
> exit $loop
> }
>
> loop0=`nextFreeLoop`
> loop=$?
> loop1=`nextFreeLoop`
> loop=$?
> loop2=`nextFreeLoop`
> loop=$?
> loop3=`nextFreeLoop`
> loop=$?
>
> if [ "$loop" = "99" ]; then
> print "Not enough free loop-devices"
> exit 1
> fi
>
> losetup -e AES128 -K /root/secret1.gpg $loop0 /dev/hda666 || exit 1
> losetup -e AES128 -K /root/secret2.gpg $loop1 $loop0 || exit 1
> losetup -e AES128 -K /root/secret3.gpg $loop2 $loop1 || exit 1
> losetup -e AES128 -K /root/secret4.gpg $loop3 $loop2 || exit 1
>
> echo "Setup successfull"
> echo "Used Loop-devices: $loop0 $loop1 $loop2 $loop3"
> - snip -
>
> After that you can
> mkfs (First time) and/or mount $loop3.
>
> If you have other loop-devices the used loop-devices may not be persistent.
>
> But you could also change the script to use fixed-numbers instead.
Thank you for the script. I wish I knew bash so I could understand the script better.
While I do very much appreciate your effort, I hoped to get something *much* more simple and
direct to help me understand the process of stacking just *two* loops, so I can understand how it
works.
What I *really* need is an example of stacking two loops, shown as the needed fstab entries and
then the command line commands to set up the stack of loops.
Anon
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
