1 |
reader@×××××××.com <reader@×××××××.com> yazmış: |
2 |
> Nick <gentoo-user@××××××.uk> writes: |
3 |
> |
4 |
> >> dm-crypt[1] and loop-aes[2] are two alternatives. The former has been |
5 |
> >> very reliable for me so far. |
6 |
> >> |
7 |
> >> [1] http://www.saout.de/misc/dm-crypt/ |
8 |
> > |
9 |
> > Yep, I've been using dm-crypt with LUKS for a while now, without any |
10 |
> > problems whatsoever. Asks mer for the passphrase when I bootup, then |
11 |
> > merrily continues on its way. You can also use a USB disk or some |
12 |
> > other medium to store the passphrase. |
13 |
> > |
14 |
> > It's been a while since I set it up, so I'm rather rusty on how it |
15 |
> > all fits together now, but follow |
16 |
> > http://gentoo-wiki.com/SECURITY_System_Encryption_DM-Crypt_with_LUKS |
17 |
> > and you'll go far. |
18 |
> |
19 |
> Thanks for some real world input.. |
20 |
> |
21 |
> Am I write in thinking dm-crypt does not support using a regular file |
22 |
> (not a partition) as the base of encrypted file system? |
23 |
|
24 |
Well, you can create a regular file, mount it as a loopback device and |
25 |
encrypt it. Here is an example: |
26 |
|
27 |
# Create a disk image: |
28 |
dd if=/dev/zero of=/tmp/disk1.img count=50 bs=1M |
29 |
# Set up a loop device |
30 |
losetup /dev/loop/0 /tmp/disk1.img |
31 |
# encrypt it |
32 |
cryptsetup luksFormat /dev/loop/0 |
33 |
# then open it with luksOpen |
34 |
cryptsetup luksOpen /dev/loop0 test |
35 |
# create a filesystem |
36 |
mkfs.whatever /dev/mapper/test |
37 |
# mount it |
38 |
mount /dev/mapper/test /path/to/test |
39 |
|
40 |
and write a script to do the last three steps or do it via |
41 |
/etc/conf.d/cryptfs. |
42 |
|
43 |
-- |
44 |
ali polatel (hawking) |
45 |
I don't drink, I don't like it, it makes me feel too good. |
46 |
-- K. Coates |
47 |
-- |
48 |
gentoo-user@g.o mailing list |