User:Jebba/Cryptsetup

Contents

Intro

Cryptsetup is a good way to use an encrypted filesystem with a gnulinux system. I have made kernel modules and built the cryptsetup program so it can be used with Maemo.

Kernel

You need some kernel modules to use cryptsetup. You can build your own kernel or use mine. This wiki has instructions on installing my custom kernel.

Userspace tools

You'll need to install cryptsetup from the extras-devel repository.


Create cryptfile

Set up a file to use: 

#!/bin/sh
set -x
CRYPTSIZE=4
LOOPFILE=/dev/loop0
CRYPTNAME=cryptfooz
CRYPTFILE=/home/user/MyDocs/$CRYPTNAME
echo "warning going to erase $CRYPTFILE"
read ok
dd if=/dev/urandom of=$CRYPTFILE bs=1M count=$CRYPTSIZE
cryptsetup remove $CRYPTNAME
losetup -d $LOOPFILE
losetup $LOOPFILE $CRYPTFILE
cryptsetup -v \
	--key-size=256 \
	--cipher=twofish-cbc-essiv:sha256 \
	create \
	$CRYPTNAME \
	$LOOPFILE
mkfs.ext3 -j -m0 /dev/mapper/$CRYPTNAME
mkdir -p /mnt/$CRYPTNAME
mount -o noatime /dev/mapper/$CRYPTNAME /mnt/$CRYPTNAME
chown user:users /mnt/$CRYPTNAME
ls -la /mnt/$CRYPTNAME

With this, you can now copy files to /mnt/cryptfooz and they'll be encrypted.

Umount

(Untested, but should just be like this) 

# cryptfooz or whatever you named it above
umount /mnt/cryptfooz

# Then remove it from cryptsetup
cryptsetup remove cryptofooz

# Then freeup the loopback
losetup -d /dev/loop0

Mount

So the next time you want to mount it, just run: 

#!/bin/sh
set -x
CRYPTSIZE=4
LOOPFILE=/dev/loop0
CRYPTNAME=cryptfooz
CRYPTFILE=/home/user/MyDocs/$CRYPTNAME
cryptsetup remove $CRYPTNAME
losetup -d $LOOPFILE
losetup $LOOPFILE $CRYPTFILE
cryptsetup -v \
	--key-size=256 \
	--cipher=twofish-cbc-essiv:sha256 \
	create \
	$CRYPTNAME \
	$LOOPFILE
mount -o noatime /dev/mapper/$CRYPTNAME /mnt/$CRYPTNAME
ls -la /mnt/$CRYPTNAME

See Also

Retrieved from "http://wiki.maemo.org/User:Jebba/Cryptsetup"