On Sat, Mar 15, 2003 at 07:19:07PM +0800, Robert Storey wrote: > I've been considering creating a partition on my hard drive with an > encrypted filesystem for storing my financial data. Looking through the > literature on how to do this, it appears that there are several > competing systems around. This is something I've never done before, so > I'm a little perplexed about which system is best. > > Right now, the most up-to-date information I have comes from an article > in LinuxFormat Magazine, December 2001 (pages 30-37). It was the cover > story in that particular edition, and I think you can still download it > as a PDF file from their web site (www.linuxformat.co.uk). > > Anyway, they seem to favor installing the cryptoapi modules at > http://cryptoapi.sourceforge.net, plus the utilities at > http://www.kernel.org/pub/linux/utils/util-linux. It looks rather > complicated, but I'm willing to try it. > > My question is whether or not this is the best way to go? The > LinuxFormat article is more than a year out of date. I've looked through > the Debian (stable) packages list, and it says nothing about cryptoapi, > though a search on the word "crypt" reveals a number of other > cryptographic packages such as cfs 1.4.1-7 which is also a cryptographic > filesystem. > If you are willing to upgrade to testing, you can do all of the cryptoapi stuff with debian packages. Here is a quick summary of what it takes (this assumes that you already have a kernel-source package and kernel-package): 1) apt-get install cryptoapi-core-source cryptoloop-source. 2) Unpack them. 3) Rebuild your kernel with make-kpkg and PATCH_THE_KERNEL=YES. 4) Use make-kpkg to build the crypto module packages. 5) Install the new kernel and the crypto debs. 6) Reboot. You are now all set up. The util-linux things are already there. I just went through this process so I can get more wordy if you need it. One suggestion for preparing for making backups: Make your loopback file(s) 650MB so you can burn it directly onto a CD. That way, you have an encrypted backup copy and you can mount the CD through the loopback device and use it directly. -- Mark
Attachment:
pgp8xFnDac_bW.pgp
Description: PGP signature