| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 04/28/2014 04:57 PM, Walter Dnes wrote: |
| 5 |
> I want to set up my notebook for use whilst travelling. I intend to |
| 6 |
> have an innocuous /home/waltdnes partion on the notebook, and have the |
| 7 |
> "real" $HOME (a copy of my desktop machine's $HOME) on a 128 gigabyte |
| 8 |
> USB key. When I want to access it, I'll mount the USB key over |
| 9 |
> /home/waltdnes. That protects against the notebook being lost/stolen. |
| 10 |
> The next question is how do I guard the data on the USB key. I'm |
| 11 |
> looking at using cryptsetup to encrypt the USB key. Some interesting |
| 12 |
> stuff on Google... http://sleepyhead.de/howto/?href=cryptpart shows how |
| 13 |
> to use cryptsetup with and without LUKS. |
| 14 |
> |
| 15 |
> ======================================================================== |
| 16 |
> dm-crypt without LUKS |
| 17 |
> |
| 18 |
> # cryptsetup -y create sdc1 /dev/sdc1 # or any other partition like /dev/loop0 |
| 19 |
> # dmsetup ls # check it, will display: sdc1 (254, 0) |
| 20 |
> # mkfs.ext3 /dev/mapper/sdc1 # This is done only the first time! |
| 21 |
> # mount -t ext3 /dev/mapper/sdc1 /mnt |
| 22 |
> # umount /mnt/ |
| 23 |
> # cryptsetup remove sdc1 # Detach the encrypted partition |
| 24 |
> |
| 25 |
> Do exactly the same (without the mkfs part!) to re-attach the partition. |
| 26 |
> If the password is not correct, the mount command will fail. In this |
| 27 |
> case simply remove the map sdc1 (cryptsetup remove sdc1) and create it |
| 28 |
> again. |
| 29 |
> ======================================================================== |
| 30 |
> |
| 31 |
> I did a --pretend emerge of cryptsetup, and I see that it pulls in |
| 32 |
> lvm2 as a dependancy, presumably to enable the /dev/mapper/* entries. |
| 33 |
> Any comments on whether I'm better off with or without LUKS? I also |
| 34 |
> intend to use ext2, because I understand that a journalling fs is murder |
| 35 |
> on USB keys. |
| 36 |
> |
| 37 |
|
| 38 |
|
| 39 |
I suggest with LUKS. Also I suggest using ext4 and disabling the |
| 40 |
journal (mkfs.ext4 -O ^has_journal). Gentoo has some pretty good init |
| 41 |
scripts for dmcrypt that you can use to mount your usb key when ready, |
| 42 |
check it out in /etc/conf.d/dmcrypt. |
| 43 |
|
| 44 |
- -Zero |
| 45 |
-----BEGIN PGP SIGNATURE----- |
| 46 |
Version: GnuPG v2.0.22 (GNU/Linux) |
| 47 |
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ |
| 48 |
|
| 49 |
iQIcBAEBAgAGBQJTXwWWAAoJEKXdFCfdEflKgMkP/AjZAEi+ltpEDS320Kf70SFd |
| 50 |
tIrQrYhNM+DggnX0JlW0C37zM82ecCbfOGqvSGgkgbUtmUznBCKKfa1wbauljQS1 |
| 51 |
aBlXYv4RfNH/ZJ2ldrnnfd/BHbHLIJIkobXBfFsMS8s7EIQI+IOLr3dbWiYAzqIb |
| 52 |
eKfqjGAJqlvWK+9MmFTJkZdT3KgQU1KJdvKyq7UK7bt6Fi/3a8zRm7N0UU4h0lQd |
| 53 |
VQcfUm7Lq6nNUMJldtwp4uL+vxZREFSszSID1blqHQpzxBAHZO8ntSwLq98W0W1P |
| 54 |
E0fqTbifEu7jBY14ek2jysdPj/bHvNJulUIj6sqTc5qenu8ozwnt0olzkS1M0Yrr |
| 55 |
vzzF/HKbV70GjSjbx9cSVgv5opyTq+9n3oH5u7L87T0sXQdAch2yW0HpeQlCuYQe |
| 56 |
EPHt10zP0AtnSlLMIr7D2pVNI2NvsIrWsIdAC9op9ZtxYSnTgruBGyH2xw3QM6XZ |
| 57 |
A2NAemrbq6J2DGihC0kEBvBDTylUW5RL7WOQuxjmelp27sV2/lqtRTBaWz/cFGrK |
| 58 |
PvqEZuKkWW9ThpuAdEsSbZNGhf+wka+B8swAOlBXqSVIx5VKmTsxp92wJs3UEzT+ |
| 59 |
3NyjWx/nmk1IHFAAQqLebcciBKE4/5Ix+9CJ1QHQsvC70iSXcyyBH6YkrHor9bJM |
| 60 |
X0M40ycF4uss0QtKmWEe |
| 61 |
=6vUW |
| 62 |
-----END PGP SIGNATURE----- |
Archives