Lei Yang wrote: > I am trying to play around loopback device and want to set up an > encrypted loopback filesystem. I did the following things: > > 1. losetup -e serpent /dev/loop0 /etc/crypt > /ect/crypt: Is a directory > > So I tried: losetup -e serpent /dev/loop0 /etc/cryptfile and this time > cryptfile is a plain txt file. It should be a filesystem image; or, at least, it needs to be large enough to have a filesystem image subsequently created on it, e.g. dd if=/dev/zero of=/etc/cryptfile bs=1m count=20 for a 20Mb "device". > Enter passwd... > > 2. mkfs -t ext2 /dev/loop0 > 3. mount -t ext2 /dev/loop0 /mnt/crypt > > After this, how do I verify that anything happened that has enabled > encryption? I can't understand where the encrypted filesystem lies in > here:( Plus, when we say 'encrypted', which file is on earth encrypted? > Is that files and data in /mnt/crypt are encrypted form of > /etc/cryptfile? Really confused. After the above sequence, /etc/cryptfile will be an encrypted ext2 filesystem. Any files which are created beneath /mnt/crypt will actually be stored in /etc/cryptfile. If you examine /etc/cryptfile directly with e.g. less, the contents should be unintelligible (because they are encrypted). Once you run: umount /mnt/crypt losetup -d /dev/loop0 the only way to recover those files will be to re-do steps 1 and 3 above, which will require the encryption key. Similarly, if someone steals the machine then, assuming that they had to unplug it, they won't be able to recover the data without the encryption key. OTOH, while the encrypted filesystem is mounted, the files which are on it remain accessible. So the encryption doesn't provide any protection against someone accessing the individual files while the encrypted filesystem is mounted. -- Glynn Clements <glynn.clements@xxxxxxxxxx> - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
