Sunday, September 9, 2007

Encrypted File Systems

The need to encrypt filesystems is to make ur data more secure and safe.
The whole steps include
1) Creating a partition with the fdisk utility ( pre-requisite :-( )
2) Selecting a cipher.
3) Setting up a loop device using the losetup command.
4) Detaching the loop back device
5) Mouting the parition

alright... lets get started..!

let me assume u have created the partition /dev/hda7

first of all we need to shred the partition
#shred -n 1 /dev/hda7
this command would overwrite /dev/hda7 only once!
-OR-
we can use the dd command to overwrite the device..
#dd if=/dev/urandom of=/dev/hda7 bs=1M

Now we need to select a cipher for the encyption
u can list the available ciphers by cat /proc/crypto
here i am using the serpent cipher
make sure u have got the serpent cipher modules inbuilt in ur kernel!
otherwise try
#modprobe serpent
#modprobe cryptoloop ( to setup the loop device described in the next step )

the next step is to setup a loop device using the losetup command.

#losetup -e serpent /dev/loop0 /dev/hda7

It prompts u for a passphrase. DONOT forget the passphrase as its not easy to change
the passphrase as it is hashed to create the encryption key.

Now create a filesystem on the loopback device and mount it.

#mke2fs -j /dev/loop0

#mkdir /cryptfs

#mount -t ext3 /dev/loop0 /cryptfs

once we have mounted the partition, we can then detach the
loop back device frm the partition.

#umount /cryptfs

#losetup -d /dev/loop0

Now mount the partition,

#mount -o encryption=serpent /dev/hda7 /cryptfs

the passphrase which we have given during the loop device setup will be asked
and u need to enter it correctly to mount the device.

1 comment:

deepu said...

this is really good this i got in that site