Linux Encryption
Essay by review • February 8, 2011 • Research Paper • 1,428 Words (6 Pages) • 1,077 Views
.: Contents :.
I. INTRO
- About
II. ENCRYPTING
- Containers
- Drives
- Files
APPENDIX
.: I. INTRO :.
[-=] About [=-]
This is a quick rundown on how to encrypt files, containers, and drives under
Linux. The use of loopback encrypted filesystems and openssl is explained
and examples are given. This paper should have you encrypting in no time. The
following commands were done running kernel 2.6.9.
.: ENCRYPTING :.
I'll outline how to create encrypted containers and drives using the loopback
filesystem support and file encryption via openssl.
[-=] Containers [=-]
This is essentially creating a filesystem within a file and mounting it as a
device. Containers vastly decrease the tedious task of individually encrypting
files since you simply move your files into the mount point and then unmount
and they nicely encrypted.
First, you need to create a blank file using the dd command.
dd if=/dev/urandom of=crypto.img bs=1M count=50
- The first parameter uses the /dev/urandom device to create the file with
random data to make it more difficult to distinguish between free space
and encrypted data. The /dev/zero device can be used but is not advised.
- The second parameter of=crypto.img defines the name to be given to the
file and this can be changed to suit your preference.
- The third parameter bs=1M instructs the dd command to create the file in
1MB blocks. I recommend you leave this value as 1M
- The final parameter defines the size of the file in relation to the bs
parameter. Since bs=1M and count=50 the file will be 50MB hence changing
the count value to 100 would yield a 100MB file and so on. It is worth
mentioning that the file can be resized once created this will be
explained in the appendix.
Second, the file must be associated to a loop device and encrypted.
losetup -e aes256 /dev/loop0 crypto.img
- The parameter -e aes256 at the beginning instructs losetup on which
cipher to use. The cipher type is dependent on what your kernel supports.
In this example the AES 256 bit cipher is used but you can use other
cipher types such as blowfish interchangeably.
- The second parameter /dev/loop0 is the device to which we bind the file
too. Binding the file will allow us to format the file with filesystem.
- The final parameter specifies which file to bind to the loop device.
Third, format the file with a filesystem and detach from loop device.
mkfs -t ext2 /dev/loop0
- The first parameter -t ext2 instructs mkfs to format the file with the
ext2 filesystem. This is recommended as it allows you to resize the file
if need be.
- The last parameter points toward the /dev/loop0 device on which the file
was bound.
losetup -d /dev/loop0
- This command detaches and frees the /dev/loop0 device.
Fourth, mounting your encrypted filesystem.
mount -o encryption=aes256 crypto.img crypto_home
- Using the mount the command the first parameter to be entered is
encryption=aes256 which will tell the mount command which cipher to use.
The value must be the cipher which you used to encrypt the file.
- The second parameter specifies location of file to mount.
- The third parameter designates the folder on which to mount the file.
Once mounted you can move files into the mount point and create files
within it and when you are done simply unmount the file.
[-=] Drives [=-]
First, assuming you formated your drive bind the drive to a loopback device.
losetup -e aes256 /dev/loop0 /dev/sda1
- The parameter -e aes256 at the beginning instructs losetup on which
cipher to use. The cipher type is dependent on what your kernel supports.
In this example the AES 256 bit cipher is used but you
...
...