Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
useful:encryption [2009/01/07 10:00] – chemist | useful:encryption [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== encryption ====== | ||
- | ===== harddisks usbkeys ===== | ||
- | ==== dm-crypt & luks ==== | ||
- | <code bash> | ||
- | #crypt device | ||
- | cryptsetup -y -c aes-cbc-essiv: | ||
- | |||
- | #open device | ||
- | cryptsetup luksOpen / | ||
- | |||
- | #make filesystem | ||
- | mkfs.ext4 / | ||
- | |||
- | #mount and fill with random data (fast way) | ||
- | mount / | ||
- | randfs / | ||
- | |||
- | #umount and close crypt | ||
- | umount /mnt/ | ||
- | cryptsetup luksClose " | ||
- | |||
- | === / | ||
- | on boot: the first device asks for password, the second looks for the keyfile at /mnt/keys/ | ||
- | <code bash> | ||
- | # <target name> | ||
- | " | ||
- | " | ||
- | </ | ||
- | === links === | ||
- | [[useful: | ||
- | |||
- | ==== loop-aes with 100MB file ==== | ||
- | <code bash> | ||
- | #load needed module | ||
- | modprobe cryptoloop | ||
- | |||
- | #create file crypt.aes 100MB | ||
- | dd if=/ | ||
- | |||
- | #setup loop, you will be prompted for passphrase | ||
- | losetup -e aes /dev/loop0 ./crypt.aes | ||
- | |||
- | #make FS | ||
- | mkfs.ext3 /dev/loop0 | ||
- | |||
- | #release loop | ||
- | losetup -d /dev/loop0 | ||
- | |||
- | #make node | ||
- | mkdir / | ||
- | === /etc/fstab === | ||
- | |||
- | <code bash> | ||
- | /crypt.aes / | ||
- | </ | ||
- | |||
- | ==== the keys ==== | ||
- | <code bash> | ||
- | head -c 256 /dev/random > / | ||
- | cryptsetup luksAddkey / | ||
- | </ | ||
- | ==== settings ==== | ||
- | |||
- | === / | ||
- | <code bash> | ||
- | # Run cryptdisks at startup ? | ||
- | CRYPTDISKS_ENABLE=Yes | ||
- | |||
- | # Mountpoints to mount, before starting cryptsetup. This is useful for | ||
- | # keyfiles on removable media. Seperate mountpoints by space. | ||
- | CRYPTDISKS_MOUNT="/ | ||
- | |||
- | # Default check script, see / | ||
- | # Takes effect, if the ' | ||
- | CRYPTDISKS_CHECK=vol_id | ||
- | |||
- | # Default precheck script, see | ||
- | # Takes effect, if the ' | ||
- | CRYPTDISKS_PRECHECK= | ||
- | |||
- | # Default timeout in seconds for password prompt | ||
- | # Takes effect, if the ' | ||
- | CRYPTDISKS_TIMEOUT=180 | ||
- | </ | ||
Last modified: le 2009/01/07 10:00