Re: File encryption

To: debian-user@lists.debian.org
Subject: Re: File encryption
From: Florian Kulzer <florian@molphys.leidenuniv.nl>
Date: Sun, 28 Jan 2007 17:21:47 +0100
Message-id: <[🔎] 20070128162147.GA8568@bavaria>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 45BCBB5F.4060501@snowpetrel.net>
References: <[🔎] 45BCBB5F.4060501@snowpetrel.net>

On Sun, Jan 28, 2007 at 15:03:59 +0000, Mark Crean wrote:
> If wonder if anyone's got experience or advice to share about a good way 
> of using file encryption on Debian Etch? There seem to be a lot of 
> different methods, but which one might suit the following:
> 
> I only want to encrypt a single folder with personal stuff in it. Around 
> 200 files or so. (The Truecrypt virtual disk/containers idea sounds 
> ideal, but I don't want to use Truecrypt. It's not in the Debian 
> repositories and I'm looking for something that has full Debian 
> support.) I guess I could use pgp but I'm wondering if there is 
> something else that offers the virtual disk/containers idea or similar.

The Debian package "cryptsetup" with built-in LUKS support (Linux
Unified Key Setup, see http://luks.endorphin.org) will probably meet
your requirements and it is relatively easy to use.

A nice and concise tutorial can be found here:

http://www.hermann-uwe.de/blog/howto-disk-encryption-with-dm-crypt-luks-and-debian

The above link explains how to use an encrypted filesystem on a USB
hard disk, i.e. how to encrypt an entire partition. If you do not want to
set up a separate partition for your encrypted folder then you can
create the encrypted filesystem inside a "container file". (This
container file can be on any of your already existing partitions - as
long as your user has read/write access, of course.) The only addition
as compared to encrypting an entire partition is using a loopback
device to mount the container file. You can find more information here:

http://feraga.com/node/51

Debian Administration also has good tutorials (as usual):

http://www.debian-administration.org/articles/469
http://www.debian-administration.org/articles/428

(The second link goes much further than you want to go, but it might be
 an interesting read nonetheless.)

Two more things:

1) Some of the links above are a bit outdated in that they claim that
   you need cryptsetup from unstable if you want LUKS support. This is
   no longer true, the version currently in Etch supports it as well.
   (In fact, Etch has the same version as Sid right now.)

2) pmount supports LUKS; this means that you can mount and unmount your
   encrypted file system as a normal user and you will be automatically
   prompted for the passphrase. (No need for fstab entries, but you can
   put an entry into /etc/crypttab if you want the volume to be mounted
   automatically during boot.)

-- 
Regards,
          Florian

Reply to:

Follow-Ups:
- Re: File encryption
  - From: Mark Crean <mcrean@snowpetrel.net>

References:
- File encryption
  - From: Mark Crean <mcrean@snowpetrel.net>

Prev by Date: Re: A simple question FORK! Something that bugs me about net-installs and security
Next by Date: Re: File encryption
Previous by thread: Re: File encryption
Next by thread: Re: File encryption
Index(es):
- Date
- Thread