|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] Encrypted filesystem on loop file
From: Roman Pindela (roman.pindela
autograf.pl)
Date: Sun Sep 24 2006 - 10:59:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sunday 24 September 2006 16:35, Carlos E. R. wrote:
> Hi,
>
> I'm trying to create an encrypted filesystem via Yast partitioner in SuSE
> 10.1, using a file mounted via the loop device. I have done this before,
> in fact I have two such things created under 9.3 running; but I can't
> (couldn't) with 10.1, it is creating a plain non encrypted filesystem
> instead.
>
>
> Or so it seemed.
>
> Looking carefully again, after several runs, I noticed that it was
> mounting the filesystem as plain non encrypted, but it was in fact
> creating an encrypted one with the appropriate entry en /etc/cryptotab
> instead of in /etc/fstab - whereas in 9.3 it created then in /etc/fstab
> instead, and in 8.x they were created in /etc/cryptotab. This criteria
> change is very confusing. Perhaps Yast could ask where the user wanted to
> define it - feature request, perhaps?
>
> It's not only a config file difference; an encrypted filesystem defined in
> /etc/fstab can be mounted with the command mount, but one defined in
> /etc/cryptotab is mounted via the command "/etc/init.d/boot.crypto start",
> which is less comfortable for manual mount after boot (and it mounts all
> devices listed, even if already mounted).
>
>
> /etc/cryptotab sample line:
>
> /dev/loop3 /file3 /crypta3 ext3 twofish256 acl,user_xattr
>
>
> /etc/fstab, the equivalent sample line:
>
> /file3 /crypta3 ext3
> noauto,acl,user_xattr,loop=/dev/loop3,encryption=twofish256 0 0
>
>
> Both work with the same file, I tried. I'll stay with the second one. But
> in 9.3 the fstab line was instead (incompatible):
>
> /file2 /crypta2 ext3
> noauto,acl,user_xattr,loop=/dev/loop2,encryption=twofish256,phash=sha512,it
>ercountk=100
>
>
> Comments?
>
>
> Also, how would I create the equivalent encrypted filesystem manually;
> docus, howtos?
>
>
> Tks.
>
>
> --
> Cheers,
> Carlos Robinson
Hello there
I see you're a little surprised because of that "small" change in SU10, aren't
you ? It's is about docs you should check first man page of << losetup >>
command.
But before that fallowing steps will led you to setup manually encrypted file
system on your partition:
1. create loop device with additional optional that says it's encrypted (USE:
losetup), for example :
# losetup -e aes-256 /dev/loop0 /dev/hda9
(or)
# losetup -e aes-256 /dev/loop2 /mnt/encrfs.raw
2. make file system you want file/partition had (USE: mkfs.xxx), for example:
# mkfs.ext3 /dev/hda9
(or)
# mkfs.ext3 /mnt/encrfs.raw
3. you can mount now you partition of encrypted file with file system (USE:
mount), for example:
# mount -o loop0 --encryption=aes-256 -t ext3 /dev/hda9 /mnt/encrpart
(or)
# mount -o loop2 --encryption=aes-256 -t ext3 /mnt/encrfs.raw /mnt/encrfs
...that's it ! you should now enjoy because of your protected encryption
TIP: If you don't want encrypt all partition (device fs), you have opportunity
to encrypt choosen folder, using << encfs >> command. Of course, if you don't
know what it can do for you should check its man page or search internet
sources.
TIP: if you want encrypt only specified file you can use << gpg >> command.
Greetings from PoLaNd and gOOd lUCK
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]