--- jonen/notes/notes_2004-06.twingle 2004/06/10 19:13:40 1.3
+++ jonen/notes/notes_2004-06.twingle 2004/06/14 23:24:39 1.5
@@ -1,6 +1,6 @@
- Debian-stable and AES-loop(crypto-api) file-system encryption(kernel 2.6.x):
+ Debian-stable/testing and AES-loop(crypto-api) file-system encryption(kernel 2.6.x):
- read:
http://www.mirrors.wiretapped.net/security/cryptography/filesystems/loop-aes/loop-AES.README
http://www.sdc.org/~leila/usb-dongle/readme.html
@@ -19,7 +19,7 @@
- new packages needed for crypto-swap script:
sharutils (uuencode)
- create random passphrase/seed
- #: head -c /dev/urandom | uuencode -m - | head -n 2 | tail -n 1
+ #: head -c ${LENGTH} /dev/urandom | uuencode -m - | head -n 2 | tail -n 1
- create encrypted fs:
(passphrase need min 20 characters!!)
echo ${PASSPHRASE} | losetup -p 0 -e aes-256 ${LOOPDEV} ${DEVICE}
@@ -55,9 +55,9 @@
swapon ${LOOPDEV}
#------------------------ crypto-swap end --------------------------------------
- - mounting encrypted file sytems at boot-time
+ - mounting encrypted file-systems at boot-time
- for interactive key-passphrase, add following at /etc/fstab:
- /dev/hda6 defaults,loop=/dev/loop6,encryption=AES256 0 0
+ /dev/hda6 mount-point fs-type defaults,loop=/dev/loop6,encryption=AES256 0 0
with this method you have to enter your passphrase at boot-time (when the encrypted fs will be mounted)
@@ -70,8 +70,8 @@
# loop device name
LOOPDEV=/dev/loop3
- PASSPHRASE="" # min 20 characters
- SEED=""
+ PASSPHRASE="YOUR_PASSPHRASE" # min 20 characters
+ SEED="YOUR_SEED"
case "$1" in
start)
@@ -117,5 +117,5 @@
-$Id: notes_2004-06.twingle,v 1.3 2004/06/10 19:13:40 jonen Exp $
+$Id: notes_2004-06.twingle,v 1.5 2004/06/14 23:24:39 jonen Exp $
\ No newline at end of file