/[cvs]/jonen/notes/notes_2004-06.twingle
ViewVC logotype

Diff of /jonen/notes/notes_2004-06.twingle

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 1.1 by jonen, Wed Jun 2 22:45:38 2004 UTC revision 1.5 by jonen, Mon Jun 14 23:24:39 2004 UTC
# Line 1  Line 1 
1  <hr/>  <hr/>
2    
3   Debian-stable and AES-loop(crypto-api) file-system encryption(kernel 2.6.x):   Debian-stable/testing and AES-loop(crypto-api) file-system encryption(kernel 2.6.x):
4    - read:    - read:
5       http://www.mirrors.wiretapped.net/security/cryptography/filesystems/loop-aes/loop-AES.README       http://www.mirrors.wiretapped.net/security/cryptography/filesystems/loop-aes/loop-AES.README
6       http://www.sdc.org/~leila/usb-dongle/readme.html       http://www.sdc.org/~leila/usb-dongle/readme.html
7       http://www.kerneli.org/howto/node3.php       http://www.kerneli.org/howto/node3.php
8       http://www.linuxsecurity.com/docs/HOWTO/Encryption-HOWTO/       http://www.linuxsecurity.com/docs/HOWTO/Encryption-HOWTO/
9         http://debid.vlsm.org/share/HOWTO/Encrypted-Root-Filesystem-HOWTO
10    - updated/new packages needed for 2.6:    - updated/new packages needed for 2.6:
11          coreutils          coreutils
12          modconf          modconf
# Line 17  Line 18 
18          util-linux (testing)          util-linux (testing)
19    - new packages needed for crypto-swap script:    - new packages needed for crypto-swap script:
20          sharutils (uuencode)          sharutils (uuencode)
21      - create random passphrase/seed
22        #: head -c ${LENGTH} /dev/urandom | uuencode -m - | head -n 2 | tail -n 1
23    - create encrypted fs:    - create encrypted fs:
24         (passphrase need min 20 characters!!)
25        echo ${PASSPHRASE} | losetup -p 0 -e aes-256 ${LOOPDEV} ${DEVICE}        echo ${PASSPHRASE} | losetup -p 0 -e aes-256 ${LOOPDEV} ${DEVICE}
26      - with special seed:      - with special seed:
27        echo ${PASSPHRASE} | losetup -p 0 -S ${SEED} -e aes-256 ${LOOPDEV} ${DEVICE}        echo ${PASSPHRASE} | losetup -p 0 -S ${SEED} -e aes-256 ${LOOPDEV} ${DEVICE}
# Line 51  Line 55 
55      swapon ${LOOPDEV}      swapon ${LOOPDEV}
56      #------------------------ crypto-swap end --------------------------------------      #------------------------ crypto-swap end --------------------------------------
57        
58    - mounting encrypted file sytems at boot-time    - mounting encrypted file-systems at boot-time
59     - for interactive key-passphrase, add following at /etc/fstab:     - for interactive key-passphrase, add following at /etc/fstab:
60         /dev/hda6   <mount-point>   <fs-type>   defaults,loop=/dev/loop6,encryption=AES256   0   0         /dev/hda6   mount-point   fs-type   defaults,loop=/dev/loop6,encryption=AES256   0   0
61            
62       with this method you have to enter your passphrase at boot-time (when the encrypted fs will be mounted)       with this method you have to enter your passphrase at boot-time (when the encrypted fs will be mounted)
63            
# Line 66  Line 70 
70      # loop device name      # loop device name
71      LOOPDEV=/dev/loop3      LOOPDEV=/dev/loop3
72    
73      PASSPHRASE="WSyPeR1gh07fvoyNZjtxo7Y6F4o="      PASSPHRASE="YOUR_PASSPHRASE"    # min 20 characters
74      SEED="NUmdxSWIbPdYijbdo/0v"      SEED="YOUR_SEED"
75    
76      case "$1" in      case "$1" in
77        start)        start)
# Line 84  Line 88 
88      esac      esac
89      exit 0      exit 0
90      #------------------------ prepare-cryptofs.sh end --------------------------------------      #------------------------ prepare-cryptofs.sh end --------------------------------------
91    
92    
93    
94      FreeBSD(stable) - port update bugs (06.2004)
95       BUG: php4 won't comile with e.g. gettext,imap,mcrypt
96       FIX: Add a '-lc_r' to the libraries php is linked against.
97         (from http://lists.freebsd.org/pipermail/freebsd-ports/2003-September/004231.html)
98          - for php4, do:
99           export LDDFLAGS='-lc_r'
100          change entries at Makefiles of following ports:
101           - gettext at /Makefile:
102              change
103                LDFLAGS="-L${LOCALBASE}/lib"
104              to
105                LDFLAGS="-lc_r -L${LOCALBASE}/lib"
106           - libxml2 at /Makefile:
107              change
108                LDFLAGS="-L${LOCALBASE}/lib"
109              to
110                LDFLAGS="-lc_r -L${LOCALBASE}/lib"
111           - cclient at work/libc-client/Makefile:
112              change
113                EXTRALDFLAGS=
114              to
115                EXTRALDFLAGS=-lc_r
116              
117                
118        
119  <hr/>  <hr/>
120  $Id$  $Id$
Legend:
Removed from v.1.1  
changed lines
  Added in v.1.5
MailToCvsAdmin">MailToCvsAdmin
 ViewVC Help
Powered by ViewVC 1.1.26 RSS 2.0 feed