dabicho wrote:
Hello. I am looking for a way to encrypt filesystem in a loop device.
I have used loopAES, but if I use it with fedora, replacing
utilities like mount and losetup will make a mess.
It'd be a big job to try and port all the patches needed by loopAES
to Fedora or avoid using some of Fedora's properties, like
automounting CD's with kudzu and the like, so I am looking for a way
to encrypt filesystems that doesn't require too much hassle.
Any suggestions?
I consider this quite hazzle-free, but don't know loopAES, so it might
seem a bit more complicated. Here's how I did it using cryptloop [as root]:
# Create "empty" file (or partition, or any old block device)
# This will hold the encrypted fs contents.
$ dd if=/dev/urandom of=/securefs.aes bs=1024 count=4000000 # ~4 gigs
# Make sure cryptoloop module is loaded, to avoid getting error
# messages when trying to attach loop device using encryption.
$ /sbin/modprobe cryptoloop
# Setup loop device
$ losetup -e aes-cbc-256 /dev/loop0 /securefs.aes
[type password, and type carefully, it isn't verified]
# Create FS (Don't know how well ext3 plays together with cryptoloop)
$ mkfs.ext2 -m0 /dev/loop0
# Try it out
$ mkdir /mnt/secure && mount -t ext2 /dev/loop0 /mnt/secure
$ cd /mnt/secure
# Unmount fs and detach loop device
$ umount /mnt/secure && losetup -d /dev/loop0
# Add /etc/fstab entry (if wanted):
/securefs.aes /mnt/secure ext2 loop,noauto,encryption=aes-cbc-256,user,rw
Mounting /mnt/secure will now result in a password prompt (hopefully
you'll remember the passphrase). When mounted using 'loop' option, the
loop device will be automatically released when it is unmounted.
Add '/sbin/modprobe --quiet cryptoloop' to some startup script
(/etc/rc.d/rc.local comes to mind), since this module isn't autoloaded
when needed.
Øyvind
--
< Øyvind Stegard < oyvinst at ifi uio no >
< http://www.oyvind.nu/
< `Lottery: A tax on people who are bad at math.'
