| 1 |
reader@×××××××.com <reader@×××××××.com> yazmış: |
| 2 |
> Nick <gentoo-user@××××××.uk> writes: |
| 3 |
> |
| 4 |
> >> dm-crypt[1] and loop-aes[2] are two alternatives. The former has been |
| 5 |
> >> very reliable for me so far. |
| 6 |
> >> |
| 7 |
> >> [1] http://www.saout.de/misc/dm-crypt/ |
| 8 |
> > |
| 9 |
> > Yep, I've been using dm-crypt with LUKS for a while now, without any |
| 10 |
> > problems whatsoever. Asks mer for the passphrase when I bootup, then |
| 11 |
> > merrily continues on its way. You can also use a USB disk or some |
| 12 |
> > other medium to store the passphrase. |
| 13 |
> > |
| 14 |
> > It's been a while since I set it up, so I'm rather rusty on how it |
| 15 |
> > all fits together now, but follow |
| 16 |
> > http://gentoo-wiki.com/SECURITY_System_Encryption_DM-Crypt_with_LUKS |
| 17 |
> > and you'll go far. |
| 18 |
> |
| 19 |
> Thanks for some real world input.. |
| 20 |
> |
| 21 |
> Am I write in thinking dm-crypt does not support using a regular file |
| 22 |
> (not a partition) as the base of encrypted file system? |
| 23 |
|
| 24 |
Well, you can create a regular file, mount it as a loopback device and |
| 25 |
encrypt it. Here is an example: |
| 26 |
|
| 27 |
# Create a disk image: |
| 28 |
dd if=/dev/zero of=/tmp/disk1.img count=50 bs=1M |
| 29 |
# Set up a loop device |
| 30 |
losetup /dev/loop/0 /tmp/disk1.img |
| 31 |
# encrypt it |
| 32 |
cryptsetup luksFormat /dev/loop/0 |
| 33 |
# then open it with luksOpen |
| 34 |
cryptsetup luksOpen /dev/loop0 test |
| 35 |
# create a filesystem |
| 36 |
mkfs.whatever /dev/mapper/test |
| 37 |
# mount it |
| 38 |
mount /dev/mapper/test /path/to/test |
| 39 |
|
| 40 |
and write a script to do the last three steps or do it via |
| 41 |
/etc/conf.d/cryptfs. |
| 42 |
|
| 43 |
-- |
| 44 |
ali polatel (hawking) |
| 45 |
I don't drink, I don't like it, it makes me feel too good. |
| 46 |
-- K. Coates |
| 47 |
-- |
| 48 |
gentoo-user@g.o mailing list |
Archives