LoopCrypt
Cryptsetup & LUKS
To encrypt the swap
- apt-get install cryptsetup
- cf /usr/share/doc/cryptsetup/CryptoSwap.HowTo
- The diff is that I had to destroy the content of the swap partition before /etc/init.d/cryptdisks otherwise cryptsetup refuses to work.
To encrypt disks
Creation
- cryptsetup luksFormat /dev/hdaX
- cryptsetup luksOpen /dev/hdaX hdaX
- mkfs.ext3 /dev/mapper/hdaX
- cryptsetup luksClose hdaX
Usage
- cryptsetup luksOpen /dev/hdaX hdaX && mount -t ext3 /dev/mapper/hdaX /mnt/
- umount /mnt && cryptsetup luksClose hdaX
Loopcrypt
Should work with the Knoppix
As root:
Make a mount point for the encrypted filesystem as follows:
mkdir /mnt/crypt
Edit '/etc/fstab', adding an entry for your mount point as follows:
/dev/loop0 /mnt/crypt ext2 user,noauto,rw,loop 0 0
Create your encrypted file as follows:
dd if=/dev/urandom of=/etc/cryptfile bs=1M count=10
This creates a 10M encryption "container" in /etc called cryptfile.
You can adjust size, location, and name to your preferences.
Next, run losetup as follows:
losetup -e aes /dev/loop0 /etc/cryptfile
You only have one chance to enter the 20 character password, be careful. Note: optional test If you want to double-check your password, use the command:
losetup -d /dev/loop0
to deactivate your loop device. Next you will run losetup again to test your password, as follows:
losetup -e aes /dev/loop0 /etc/cryptfile
end optional test
Make your ext2 filesystem as follows:
mkfs -t ext2 /dev/loop0
Now you can mount the encrypted filesystem with:
mount -t ext2 /dev/loop0 /mnt/crypt
When you're done, you can unmount and protect your filesystem as follows:
umount /dev/loop0 losetup -d /dev/loop0
The above works fine for the root user, but I wanted something where "joe user" could mount, unmount, and read / write to the encrypted container.
After a little trial and effort, here is what I have come up with...
This example shows how to create an ext2 file system on encrypted file.
This example creates a 5 MB file (/mnt/msdos/scratch/cryptfile) for storage and a directory (/mnt/crypt) as a mount point.
A couple of notes: This example is intentionally simple to help you understand basic loop encryption, but is also vulnerable to optimized dictionary attacks.
Also, the "losetup -e" command asks for a 20 character encryption password, make up one and don't forget it.
Execute the following commands (as root), modifying paths and filenames for your purposes:
dd if=/dev/zero of=/mnt/msdos/scratch/cryptfile bs=4k count=1280 losetup -e AES128 -T /dev/loop1 /mnt/msdos/scratch/cryptfile mkfs -t ext2 /dev/loop1 losetup -d /dev/loop1 mkdir /mnt/crypt cd /mnt/crypt chown knoppix.knoppix * chown knoppix.knoppix . chown knoppix.knoppix .. cd .. chown knoppix.knoppix crypt
Next, add this to your /etc/fstab file (all one line):
/mnt/msdos/scratch/cryptfile /mnt/crypt ext2 noauto,users,exec,loop=/dev/loop1,encryption=AES128 0 0
Exit the root account, to your joe user account (knoppix in this example).
Now regular users should be able to mount the file system as follows (after answering the password prompt correctly).
mount /mnt/crypt
The can then unmount it like this:
umount /mnt/crypt
Attempt to recover old loopcrypts
- http://www.saout.de/misc/dm-crypt/
- http://clemens.endorphin.org/Cryptoloop_Migration_Guide
- http://glarson.org/files/loopaes
apt-get install hashalot