FC3 encrypted filesystem femto-howto

Tim Largy tim.largy at gmail.com
Mon Apr 11 01:06:44 UTC 2005


Setting up an encrypted file system on Fedora Core 3
----------------------------------------------------------------------------

[This procedure was performed on a Fedora Core 3 system with the 2.6.10 kernel.]

FC3 ships with a package called cryptsetup. If you have it, get rid of
it now to avoid confusion later:

[root at divya ~]# rpm -e cryptsetup

Obtain Clemens Fruhwirth's enhanced version of cryptsetup with the
LUKS extension, available at http://luks.endorphin.org/dm-crypt. The
version I used was called "cryptsetup-luks-1.0.tar.bz2". Build and
install the enhanced cryptsetup package:

[root at divya ~]# bunzip2 -k cryptsetup-luks-1.0.tar.bz2
[root at divya ~]# cd cryptsetup-luks-1.0
[root at divya cryptsetup-luks-1.0]# ./configure
[root at divya cryptsetup-luks-1.0]# make
[root at divya cryptsetup-luks-1.0]# make install

Create the dm-crypt mapping:

[root at divya ~]# cryptsetup -y luksFormat <device> 
[root at divya ~]# cryptsetup luksOpen <device> <name>

where <device> is the partition you wish to place your encrypted
volume on (for example /dev/hda5 for the 5th partition on hda), and
<name> is arbitrary. By the way your partition type doesn't matter for
any of this.

The first command above will prompt you for your passphrase. Choosing
a good passphrase is VERY important. Long, random passphrases are best
but I don't know how long/random a passphrase needs to be to be
"good." (Does anybody else know?) After executing the above commands
you should have the device /dev/mapper/<name>

Suppose that you chose "crackme" for the mapping name. Create your
ext3 file system and mount it:

[root at divya ~]# mke2fs -vjL crackme /dev/mapper/crackme
[root at divya ~]# mkdir /crackme
[root at divya ~]# mount /dev/mapper/crackme /crackme

Now you have a ext3 file system that will behave as any other; that is
to say, ordinary file permissions govern which users have access to
what files. When you are done using your encrypted volume, unmount the
file system and remove the dm-crypt mapping via:

[root at divya ~]# umount /crackme; cryptsetup luksClose crackme

but if you happen to leave your file system mounted when you shut down
you are OK.

Getting your file system back:

[root at divya ~]# cryptsetup luksOpen <device> crackme
[root at divya ~]# mount /dev/mapper/crackme /crackme

References:

http://www.saout.de/misc/dm-crypt
http://luks.endorphin.org/dm-crypt




More information about the fedora-list mailing list