Thank you Gylnn, everything is pretty clear now :-) So if I want something to be safe, I put them in /mnt/crypt. While the filesystem is mounted, I can access all the data and file in /mnt/crypt without problem. If the machine is unplugged or stolen, /mnt/crypt no longer works, right? On Tue, 2004-08-03 at 17:58, Glynn Clements wrote: > Lei Yang wrote: > > > I am trying to play around loopback device and want to set up an > > encrypted loopback filesystem. I did the following things: > > > > 1. losetup -e serpent /dev/loop0 /etc/crypt > > /ect/crypt: Is a directory > > > > So I tried: losetup -e serpent /dev/loop0 /etc/cryptfile and this time > > cryptfile is a plain txt file. > > It should be a filesystem image; or, at least, it needs to be large > enough to have a filesystem image subsequently created on it, e.g. > > dd if=/dev/zero of=/etc/cryptfile bs=1m count=20 > > for a 20Mb "device". > > > Enter passwd... > > > > 2. mkfs -t ext2 /dev/loop0 > > 3. mount -t ext2 /dev/loop0 /mnt/crypt > > > > After this, how do I verify that anything happened that has enabled > > encryption? I can't understand where the encrypted filesystem lies in > > here:( Plus, when we say 'encrypted', which file is on earth encrypted? > > Is that files and data in /mnt/crypt are encrypted form of > > /etc/cryptfile? Really confused. > > After the above sequence, /etc/cryptfile will be an encrypted ext2 > filesystem. Any files which are created beneath /mnt/crypt will > actually be stored in /etc/cryptfile. > > If you examine /etc/cryptfile directly with e.g. less, the contents > should be unintelligible (because they are encrypted). Once you > run: > > umount /mnt/crypt > losetup -d /dev/loop0 > > the only way to recover those files will be to re-do steps 1 and 3 > above, which will require the encryption key. > > Similarly, if someone steals the machine then, assuming that they had > to unplug it, they won't be able to recover the data without the > encryption key. > > OTOH, while the encrypted filesystem is mounted, the files which are > on it remain accessible. So the encryption doesn't provide any > protection against someone accessing the individual files while the > encrypted filesystem is mounted. - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
