Setting up an encrypted file system on Fedora Core 3 ---------------------------------------------------------------------------- [This procedure was performed on a Fedora Core 3 system with the 2.6.10 kernel.] FC3 ships with a package called cryptsetup. If you have it, get rid of it now to avoid confusion later: [root@divya ~]# rpm -e cryptsetup Obtain Clemens Fruhwirth's enhanced version of cryptsetup with the LUKS extension, available at http://luks.endorphin.org/dm-crypt. The version I used was called "cryptsetup-luks-1.0.tar.bz2". Build and install the enhanced cryptsetup package: [root@divya ~]# bunzip2 -k cryptsetup-luks-1.0.tar.bz2 [root@divya ~]# cd cryptsetup-luks-1.0 [root@divya cryptsetup-luks-1.0]# ./configure [root@divya cryptsetup-luks-1.0]# make [root@divya cryptsetup-luks-1.0]# make install Create the dm-crypt mapping: [root@divya ~]# cryptsetup -y luksFormat <device> [root@divya ~]# cryptsetup luksOpen <device> <name> where <device> is the partition you wish to place your encrypted volume on (for example /dev/hda5 for the 5th partition on hda), and <name> is arbitrary. By the way your partition type doesn't matter for any of this. The first command above will prompt you for your passphrase. Choosing a good passphrase is VERY important. Long, random passphrases are best but I don't know how long/random a passphrase needs to be to be "good." (Does anybody else know?) After executing the above commands you should have the device /dev/mapper/<name> Suppose that you chose "crackme" for the mapping name. Create your ext3 file system and mount it: [root@divya ~]# mke2fs -vjL crackme /dev/mapper/crackme [root@divya ~]# mkdir /crackme [root@divya ~]# mount /dev/mapper/crackme /crackme Now you have a ext3 file system that will behave as any other; that is to say, ordinary file permissions govern which users have access to what files. When you are done using your encrypted volume, unmount the file system and remove the dm-crypt mapping via: [root@divya ~]# umount /crackme; cryptsetup luksClose crackme but if you happen to leave your file system mounted when you shut down you are OK. Getting your file system back: [root@divya ~]# cryptsetup luksOpen <device> crackme [root@divya ~]# mount /dev/mapper/crackme /crackme References: http://www.saout.de/misc/dm-crypt http://luks.endorphin.org/dm-crypt
