ReviewEssays.com - Term Papers, Book Reports, Research Papers and College Essays
Search

Linux Encryption

Essay by   •  February 8, 2011  •  Research Paper  •  1,428 Words (6 Pages)  •  1,077 Views

Essay Preview: Linux Encryption

Report this essay
Page 1 of 6

.: Contents :.

I. INTRO

- About

II. ENCRYPTING

- Containers

- Drives

- Files

APPENDIX

.: I. INTRO :.

[-=] About [=-]

This is a quick rundown on how to encrypt files, containers, and drives under

Linux. The use of loopback encrypted filesystems and openssl is explained

and examples are given. This paper should have you encrypting in no time. The

following commands were done running kernel 2.6.9.

.: ENCRYPTING :.

I'll outline how to create encrypted containers and drives using the loopback

filesystem support and file encryption via openssl.

[-=] Containers [=-]

This is essentially creating a filesystem within a file and mounting it as a

device. Containers vastly decrease the tedious task of individually encrypting

files since you simply move your files into the mount point and then unmount

and they nicely encrypted.

First, you need to create a blank file using the dd command.

dd if=/dev/urandom of=crypto.img bs=1M count=50

- The first parameter uses the /dev/urandom device to create the file with

random data to make it more difficult to distinguish between free space

and encrypted data. The /dev/zero device can be used but is not advised.

- The second parameter of=crypto.img defines the name to be given to the

file and this can be changed to suit your preference.

- The third parameter bs=1M instructs the dd command to create the file in

1MB blocks. I recommend you leave this value as 1M

- The final parameter defines the size of the file in relation to the bs

parameter. Since bs=1M and count=50 the file will be 50MB hence changing

the count value to 100 would yield a 100MB file and so on. It is worth

mentioning that the file can be resized once created this will be

explained in the appendix.

Second, the file must be associated to a loop device and encrypted.

losetup -e aes256 /dev/loop0 crypto.img

- The parameter -e aes256 at the beginning instructs losetup on which

cipher to use. The cipher type is dependent on what your kernel supports.

In this example the AES 256 bit cipher is used but you can use other

cipher types such as blowfish interchangeably.

- The second parameter /dev/loop0 is the device to which we bind the file

too. Binding the file will allow us to format the file with filesystem.

- The final parameter specifies which file to bind to the loop device.

Third, format the file with a filesystem and detach from loop device.

mkfs -t ext2 /dev/loop0

- The first parameter -t ext2 instructs mkfs to format the file with the

ext2 filesystem. This is recommended as it allows you to resize the file

if need be.

- The last parameter points toward the /dev/loop0 device on which the file

was bound.

losetup -d /dev/loop0

- This command detaches and frees the /dev/loop0 device.

Fourth, mounting your encrypted filesystem.

mount -o encryption=aes256 crypto.img crypto_home

- Using the mount the command the first parameter to be entered is

encryption=aes256 which will tell the mount command which cipher to use.

The value must be the cipher which you used to encrypt the file.

- The second parameter specifies location of file to mount.

- The third parameter designates the folder on which to mount the file.

Once mounted you can move files into the mount point and create files

within it and when you are done simply unmount the file.

[-=] Drives [=-]

First, assuming you formated your drive bind the drive to a loopback device.

losetup -e aes256 /dev/loop0 /dev/sda1

- The parameter -e aes256 at the beginning instructs losetup on which

cipher to use. The cipher type is dependent on what your kernel supports.

In this example the AES 256 bit cipher is used but you

...

...

Download as:   txt (7 Kb)   pdf (95.4 Kb)   docx (12.1 Kb)  
Continue for 5 more pages »
Only available on ReviewEssays.com