User:Jebba/Cryptsetup
Contents |
Intro
Cryptsetup is a good way to use an encrypted filesystem with a gnulinux system. I have made kernel modules and built the cryptsetup program so it can be used with Maemo.
Kernel
You need some kernel modules to use cryptsetup. You can build your own kernel or use mine. This wiki has instructions on installing my custom kernel.
Userspace tools
You'll need to install cryptsetup from the extras-devel repository.
Create cryptfile
Set up a file to use:
#!/bin/sh set -x CRYPTSIZE=4 LOOPFILE=/dev/loop0 CRYPTNAME=cryptfooz CRYPTFILE=/home/user/MyDocs/$CRYPTNAME echo "warning going to erase $CRYPTFILE" read ok dd if=/dev/urandom of=$CRYPTFILE bs=1M count=$CRYPTSIZE cryptsetup remove $CRYPTNAME losetup -d $LOOPFILE losetup $LOOPFILE $CRYPTFILE cryptsetup -v \ --key-size=256 \ --cipher=twofish-cbc-essiv:sha256 \ create \ $CRYPTNAME \ $LOOPFILE mkfs.ext3 -j -m0 /dev/mapper/$CRYPTNAME mkdir -p /mnt/$CRYPTNAME mount -o noatime /dev/mapper/$CRYPTNAME /mnt/$CRYPTNAME chown user:users /mnt/$CRYPTNAME ls -la /mnt/$CRYPTNAME
With this, you can now copy files to /mnt/cryptfooz and they'll be encrypted.
Umount
(Untested, but should just be like this)
# cryptfooz or whatever you named it above umount /mnt/cryptfooz # Then remove it from cryptsetup cryptsetup remove cryptofooz # Then freeup the loopback losetup -d /dev/loop0
Mount
So the next time you want to mount it, just run:
#!/bin/sh set -x CRYPTSIZE=4 LOOPFILE=/dev/loop0 CRYPTNAME=cryptfooz CRYPTFILE=/home/user/MyDocs/$CRYPTNAME cryptsetup remove $CRYPTNAME losetup -d $LOOPFILE losetup $LOOPFILE $CRYPTFILE cryptsetup -v \ --key-size=256 \ --cipher=twofish-cbc-essiv:sha256 \ create \ $CRYPTNAME \ $LOOPFILE mount -o noatime /dev/mapper/$CRYPTNAME /mnt/$CRYPTNAME ls -la /mnt/$CRYPTNAME
See Also
- [1] - old, but lots of copying from my old page there.