1 |
I want to set up my notebook for use whilst travelling. I intend to |
2 |
have an innocuous /home/waltdnes partion on the notebook, and have the |
3 |
"real" $HOME (a copy of my desktop machine's $HOME) on a 128 gigabyte |
4 |
USB key. When I want to access it, I'll mount the USB key over |
5 |
/home/waltdnes. That protects against the notebook being lost/stolen. |
6 |
The next question is how do I guard the data on the USB key. I'm |
7 |
looking at using cryptsetup to encrypt the USB key. Some interesting |
8 |
stuff on Google... http://sleepyhead.de/howto/?href=cryptpart shows how |
9 |
to use cryptsetup with and without LUKS. |
10 |
|
11 |
======================================================================== |
12 |
dm-crypt without LUKS |
13 |
|
14 |
# cryptsetup -y create sdc1 /dev/sdc1 # or any other partition like /dev/loop0 |
15 |
# dmsetup ls # check it, will display: sdc1 (254, 0) |
16 |
# mkfs.ext3 /dev/mapper/sdc1 # This is done only the first time! |
17 |
# mount -t ext3 /dev/mapper/sdc1 /mnt |
18 |
# umount /mnt/ |
19 |
# cryptsetup remove sdc1 # Detach the encrypted partition |
20 |
|
21 |
Do exactly the same (without the mkfs part!) to re-attach the partition. |
22 |
If the password is not correct, the mount command will fail. In this |
23 |
case simply remove the map sdc1 (cryptsetup remove sdc1) and create it |
24 |
again. |
25 |
======================================================================== |
26 |
|
27 |
I did a --pretend emerge of cryptsetup, and I see that it pulls in |
28 |
lvm2 as a dependancy, presumably to enable the /dev/mapper/* entries. |
29 |
Any comments on whether I'm better off with or without LUKS? I also |
30 |
intend to use ext2, because I understand that a journalling fs is murder |
31 |
on USB keys. |
32 |
|
33 |
-- |
34 |
Walter Dnes <waltdnes@××××××××.org> |
35 |
I don't run "desktop environments"; I run useful applications |