FC3 encrypted filesystem femto-howto

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Setting up an encrypted file system on Fedora Core 3
----------------------------------------------------------------------------

[This procedure was performed on a Fedora Core 3 system with the 2.6.10 kernel.]

FC3 ships with a package called cryptsetup. If you have it, get rid of
it now to avoid confusion later:

[root@divya ~]# rpm -e cryptsetup

Obtain Clemens Fruhwirth's enhanced version of cryptsetup with the
LUKS extension, available at http://luks.endorphin.org/dm-crypt. The
version I used was called "cryptsetup-luks-1.0.tar.bz2". Build and
install the enhanced cryptsetup package:

[root@divya ~]# bunzip2 -k cryptsetup-luks-1.0.tar.bz2
[root@divya ~]# cd cryptsetup-luks-1.0
[root@divya cryptsetup-luks-1.0]# ./configure
[root@divya cryptsetup-luks-1.0]# make
[root@divya cryptsetup-luks-1.0]# make install

Create the dm-crypt mapping:

[root@divya ~]# cryptsetup -y luksFormat <device> 
[root@divya ~]# cryptsetup luksOpen <device> <name>

where <device> is the partition you wish to place your encrypted
volume on (for example /dev/hda5 for the 5th partition on hda), and
<name> is arbitrary. By the way your partition type doesn't matter for
any of this.

The first command above will prompt you for your passphrase. Choosing
a good passphrase is VERY important. Long, random passphrases are best
but I don't know how long/random a passphrase needs to be to be
"good." (Does anybody else know?) After executing the above commands
you should have the device /dev/mapper/<name>

Suppose that you chose "crackme" for the mapping name. Create your
ext3 file system and mount it:

[root@divya ~]# mke2fs -vjL crackme /dev/mapper/crackme
[root@divya ~]# mkdir /crackme
[root@divya ~]# mount /dev/mapper/crackme /crackme

Now you have a ext3 file system that will behave as any other; that is
to say, ordinary file permissions govern which users have access to
what files. When you are done using your encrypted volume, unmount the
file system and remove the dm-crypt mapping via:

[root@divya ~]# umount /crackme; cryptsetup luksClose crackme

but if you happen to leave your file system mounted when you shut down
you are OK.

Getting your file system back:

[root@divya ~]# cryptsetup luksOpen <device> crackme
[root@divya ~]# mount /dev/mapper/crackme /crackme

References:

http://www.saout.de/misc/dm-crypt
http://luks.endorphin.org/dm-crypt
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux