Re: filesystem encryption

To: debian-user@lists.debian.org
Subject: Re: filesystem encryption
From: Mark Zimmerman <mark@foresthaven.com>
Date: Sat, 15 Mar 2003 07:57:01 -0700
Message-id: <[🔎] 20030315145700.GA8902@rmi.net>
In-reply-to: <[🔎] 20030315191907.0b086b21.y2kbug@ms25.hinet.net>
References: <[🔎] 20030315191907.0b086b21.y2kbug@ms25.hinet.net>

On Sat, Mar 15, 2003 at 07:19:07PM +0800, Robert Storey wrote:
> I've been considering creating a partition on my hard drive with an
> encrypted filesystem for storing my financial data. Looking through the
> literature on how to do this, it appears that there are several
> competing systems around. This is something I've never done before, so
> I'm a little perplexed about which system is best.
> 
> Right now, the most up-to-date information I have comes from an article
> in LinuxFormat Magazine, December 2001 (pages 30-37). It was the cover
> story in that particular edition, and I think you can still download it
> as a PDF file from their web site (www.linuxformat.co.uk).
> 
> Anyway, they seem to favor installing the cryptoapi modules at
> http://cryptoapi.sourceforge.net, plus the utilities at
> http://www.kernel.org/pub/linux/utils/util-linux. It looks rather
> complicated, but I'm willing to try it.
> 
> My question is whether or not this is the best way to go? The
> LinuxFormat article is more than a year out of date. I've looked through
> the Debian (stable) packages list, and it says nothing about cryptoapi,
> though a search on the word "crypt" reveals a number of other
> cryptographic packages such as cfs 1.4.1-7 which is also a cryptographic
> filesystem.
> 

If you are willing to upgrade to testing, you can do all of the
cryptoapi stuff with debian packages. Here is a quick summary of what
it takes (this assumes that you already have a kernel-source package
and kernel-package):

1) apt-get install cryptoapi-core-source cryptoloop-source.
2) Unpack them.
3) Rebuild your kernel with make-kpkg and PATCH_THE_KERNEL=YES.
4) Use make-kpkg to build the crypto module packages.
5) Install the new kernel and the crypto debs.
6) Reboot.

You are now all set up. The util-linux things are already there. I
just went through this process so I can get more wordy if you need it.

One suggestion for preparing for making backups: Make your loopback
file(s) 650MB so you can burn it directly onto a CD. That way, you
have an encrypted backup copy and you can mount the CD through the
loopback device and use it directly.

-- Mark

Attachment: pgp8xFnDac_bW.pgp
Description: PGP signature

Reply to:

References:
- filesystem encryption
  - From: Robert Storey <y2kbug@ms25.hinet.net>

Prev by Date: Re: considered harmful (was [off topic] Learning Shell from an old UNIX book)
Next by Date: Re: Two Debian Release Cycle Issues
Previous by thread: filesystem encryption
Next by thread: programm to controll runlevel and services
Index(es):
- Date
- Thread