[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

FC3 encrypted filesystem femto-howto

From: Tim Largy <tim largy gmail com>
To: fedora-list redhat com
Subject: FC3 encrypted filesystem femto-howto
Date: Sun, 10 Apr 2005 21:06:44 -0400

Setting up an encrypted file system on Fedora Core 3
----------------------------------------------------------------------------

[This procedure was performed on a Fedora Core 3 system with the 2.6.10 kernel.]

FC3 ships with a package called cryptsetup. If you have it, get rid of
it now to avoid confusion later:

[root divya ~]# rpm -e cryptsetup

Obtain Clemens Fruhwirth's enhanced version of cryptsetup with the
LUKS extension, available at http://luks.endorphin.org/dm-crypt. The
version I used was called "cryptsetup-luks-1.0.tar.bz2". Build and
install the enhanced cryptsetup package:

[root divya ~]# bunzip2 -k cryptsetup-luks-1.0.tar.bz2
[root divya ~]# cd cryptsetup-luks-1.0
[root divya cryptsetup-luks-1.0]# ./configure
[root divya cryptsetup-luks-1.0]# make
[root divya cryptsetup-luks-1.0]# make install

Create the dm-crypt mapping:

[root divya ~]# cryptsetup -y luksFormat <device> 
[root divya ~]# cryptsetup luksOpen <device> <name>

where <device> is the partition you wish to place your encrypted
volume on (for example /dev/hda5 for the 5th partition on hda), and
<name> is arbitrary. By the way your partition type doesn't matter for
any of this.

The first command above will prompt you for your passphrase. Choosing
a good passphrase is VERY important. Long, random passphrases are best
but I don't know how long/random a passphrase needs to be to be
"good." (Does anybody else know?) After executing the above commands
you should have the device /dev/mapper/<name>

Suppose that you chose "crackme" for the mapping name. Create your
ext3 file system and mount it:

[root divya ~]# mke2fs -vjL crackme /dev/mapper/crackme
[root divya ~]# mkdir /crackme
[root divya ~]# mount /dev/mapper/crackme /crackme

Now you have a ext3 file system that will behave as any other; that is
to say, ordinary file permissions govern which users have access to
what files. When you are done using your encrypted volume, unmount the
file system and remove the dm-crypt mapping via:

[root divya ~]# umount /crackme; cryptsetup luksClose crackme

but if you happen to leave your file system mounted when you shut down
you are OK.

Getting your file system back:

[root divya ~]# cryptsetup luksOpen <device> crackme
[root divya ~]# mount /dev/mapper/crackme /crackme

References:

http://www.saout.de/misc/dm-crypt
http://luks.endorphin.org/dm-crypt

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]