Re: Cryptoloop and kernel 2.6?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Just for kicks I went and did a cryptoloop-device on my slack9.1 box. Fairly easy, no patches required, and you can *almost* follow the directions at:

http://tldp.org/HOWTO/Loopback-Encrypted-Filesystem-HOWTO.html

A quick run-down of what to do:

1) Grab the 2.6 kernel from ftp://ftp.kernel.org

2) Configure the kernel:
a) Turn on 'Code maturity level options'/'Prompt for development and/or incomplete code/drivers'
b) Turn on 'Device Drivers'/'Block devices'/'Loopback device support' as well as the sub-item 'Cryptoloop Support'
c) Under 'Cryptographic options' make sure to turn on the crypto algorithms you intend to use. The HOWTO recommends serpent, and that is what i tested with, though you should be able to use just about any algorithm you want.
Note: If you compile any of these options as modules, you will probably want to create a shell-script that will modprobe or insmod them.

3) Compile your new kernel, use your bootloader to make the new kernel bootable. Reboot.

4) Create your encrypted file, if you don't already have one:
$ dd if=/dev/urandom of=/home/myuser/cryptfile bs=1M count=10
If I understand this correctly, this creates a 10MB file of garbage, which is what you want. You can change the size of 'count' if you need to create a larger file.

5) Create your loopback device (loop, cryptoloop, and your algorithm modules must be loaded at this point):
$ losetup -e serpent /dev/loop0 /home/myuser/cryptfile
Note: A normal user can't do this by default.
Note2: As stated in the HOWTO, you only get one chance to enter the password. It will create the loopback device even if you enter the wrong password, but the contents of /dev/loop0 will essentially be garbage.

6) Create your filesystem, for example:
$ mke2fs /dev/loop0

7) You *should* now be able to mount your filesystem with:
$ mount -t ext2 /dev/loop0 /some/mount/point
Note: add the ability for users to mount /dev/loop0 to fstab if you don't want to su each time you want to use your encrypted filesystem, though you'll probably by using su to run losetup.

8) To unmount and secure your file:
$ umount /dev/loop0
$ losetup -d /dev/loop0
Note: 'losetup -d [device]'  removes the loopback device

Also, as a side note, Slackware9.1 comes with util-linux-2.12. I didn't upgrade or patch util-linux in any way.

And that's basically it.

~Brad

Benjamin Walkenhorst wrote: 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello everybody,

I use Slackware 9.1 for desktop and work. I currently use linux-2.4.22 plus the cryptoapi and -loop patches.
I use a cryptoloop-device for my diary.

Now I would like to upgrade my kernel to 2.6, but cryptoloop does not work with 2.6 - I upgraded util-linux to 2.12, but it still does not work. What am I doing wrong? Do I have to patch util-linux-2.12? If I understand correctly, the patch for cryptoloop is already included in 2.12.

Thank you very much,

Kind regards,

Benjamin

- -- Benjamin Walkenhorst
eMail: krylon@xxxxxxx
http://www.krylon.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFAAZ26/JWwsvZUqOwRAuW+AJ9ibNsi5RjJvwUIKgW7mx9GI7YBOwCfWWw1
4UAtbswKuANmKSKSs2GIKMs=
=VDyi
-----END PGP SIGNATURE-----

-
: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

-
: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Newbie]     [Audio]     [Hams]     [Kernel Newbies]     [Util Linux NG]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Device Drivers]     [Samba]     [Video 4 Linux]     [Git]     [Fedora Users]

  Powered by Linux