Re: encrypted filesystem on pre-existing filesystem?
Hello,
Am Sam, 2002-10-19 um 08.32 schrieb Bill Wagner:
> I've got a few boxes running testing/unstable and I'd like to test
> running encrypted filesystems on some of them.
>
> My question is if it's possible to set up a pre-existing reiserfs or
> ext3 filesystem for encryption.
Yes it is possible.
> From what I've seen, it's more or less
> mounting it as loopback with losetup but it appears you've got to set up
> the encryption before creating the filesystem.
Well, sort of :)
You create a new file (with the size of the soon-to-be encrypted FS)
*ontop* of your regular ReiserFS (or ext2/3, JFS...) with the dd
command.
ie: dd if=/dev/urandom of=~/.crypto bs=1024k count=10
Thats will create a 10Mb File.
For the next step you need to have a kernel supporting cryto and a
patched mount/losetup.
Set up a loop-device for this file with:
losetup -e ciphername /dev/loop0 ~user/.crypto
Now make some FS on that file:
mke2fs /dev/loop0 (or mk.reiserfs..)
Thats basically it. I'd recommend reading the "Encryption HOWTO" to make
things a bit clearer.
> Is it typically best to
> use the 'AES' encryption with a extremely long pass phrase, BTW?
I am no expert for ciphers. I personally use the Twofish cipher with
one hell of a long pass phrase ;)
> PS: Will this ever be an option available at install time (or is it
> already and I just missed it?)
>
I dont know an answer to that.
--
Matthias Hentges <eebe@gmx.net>
Reply to: