1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 04/28/2014 04:57 PM, Walter Dnes wrote: |
5 |
> I want to set up my notebook for use whilst travelling. I intend to |
6 |
> have an innocuous /home/waltdnes partion on the notebook, and have the |
7 |
> "real" $HOME (a copy of my desktop machine's $HOME) on a 128 gigabyte |
8 |
> USB key. When I want to access it, I'll mount the USB key over |
9 |
> /home/waltdnes. That protects against the notebook being lost/stolen. |
10 |
> The next question is how do I guard the data on the USB key. I'm |
11 |
> looking at using cryptsetup to encrypt the USB key. Some interesting |
12 |
> stuff on Google... http://sleepyhead.de/howto/?href=cryptpart shows how |
13 |
> to use cryptsetup with and without LUKS. |
14 |
> |
15 |
> ======================================================================== |
16 |
> dm-crypt without LUKS |
17 |
> |
18 |
> # cryptsetup -y create sdc1 /dev/sdc1 # or any other partition like /dev/loop0 |
19 |
> # dmsetup ls # check it, will display: sdc1 (254, 0) |
20 |
> # mkfs.ext3 /dev/mapper/sdc1 # This is done only the first time! |
21 |
> # mount -t ext3 /dev/mapper/sdc1 /mnt |
22 |
> # umount /mnt/ |
23 |
> # cryptsetup remove sdc1 # Detach the encrypted partition |
24 |
> |
25 |
> Do exactly the same (without the mkfs part!) to re-attach the partition. |
26 |
> If the password is not correct, the mount command will fail. In this |
27 |
> case simply remove the map sdc1 (cryptsetup remove sdc1) and create it |
28 |
> again. |
29 |
> ======================================================================== |
30 |
> |
31 |
> I did a --pretend emerge of cryptsetup, and I see that it pulls in |
32 |
> lvm2 as a dependancy, presumably to enable the /dev/mapper/* entries. |
33 |
> Any comments on whether I'm better off with or without LUKS? I also |
34 |
> intend to use ext2, because I understand that a journalling fs is murder |
35 |
> on USB keys. |
36 |
> |
37 |
|
38 |
|
39 |
I suggest with LUKS. Also I suggest using ext4 and disabling the |
40 |
journal (mkfs.ext4 -O ^has_journal). Gentoo has some pretty good init |
41 |
scripts for dmcrypt that you can use to mount your usb key when ready, |
42 |
check it out in /etc/conf.d/dmcrypt. |
43 |
|
44 |
- -Zero |
45 |
-----BEGIN PGP SIGNATURE----- |
46 |
Version: GnuPG v2.0.22 (GNU/Linux) |
47 |
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ |
48 |
|
49 |
iQIcBAEBAgAGBQJTXwWWAAoJEKXdFCfdEflKgMkP/AjZAEi+ltpEDS320Kf70SFd |
50 |
tIrQrYhNM+DggnX0JlW0C37zM82ecCbfOGqvSGgkgbUtmUznBCKKfa1wbauljQS1 |
51 |
aBlXYv4RfNH/ZJ2ldrnnfd/BHbHLIJIkobXBfFsMS8s7EIQI+IOLr3dbWiYAzqIb |
52 |
eKfqjGAJqlvWK+9MmFTJkZdT3KgQU1KJdvKyq7UK7bt6Fi/3a8zRm7N0UU4h0lQd |
53 |
VQcfUm7Lq6nNUMJldtwp4uL+vxZREFSszSID1blqHQpzxBAHZO8ntSwLq98W0W1P |
54 |
E0fqTbifEu7jBY14ek2jysdPj/bHvNJulUIj6sqTc5qenu8ozwnt0olzkS1M0Yrr |
55 |
vzzF/HKbV70GjSjbx9cSVgv5opyTq+9n3oH5u7L87T0sXQdAch2yW0HpeQlCuYQe |
56 |
EPHt10zP0AtnSlLMIr7D2pVNI2NvsIrWsIdAC9op9ZtxYSnTgruBGyH2xw3QM6XZ |
57 |
A2NAemrbq6J2DGihC0kEBvBDTylUW5RL7WOQuxjmelp27sV2/lqtRTBaWz/cFGrK |
58 |
PvqEZuKkWW9ThpuAdEsSbZNGhf+wka+B8swAOlBXqSVIx5VKmTsxp92wJs3UEzT+ |
59 |
3NyjWx/nmk1IHFAAQqLebcciBKE4/5Ix+9CJ1QHQsvC70iSXcyyBH6YkrHor9bJM |
60 |
X0M40ycF4uss0QtKmWEe |
61 |
=6vUW |
62 |
-----END PGP SIGNATURE----- |