Re: Cryptoloop and kernel 2.6?

[Bradley Hook <bhook@kssb.net>]

Just for kicks I went and did a cryptoloop-device on my slack9.1 box. 
Fairly easy, no patches required, and you can *almost* follow the 
directions at:

http://tldp.org/HOWTO/Loopback-Encrypted-Filesystem-HOWTO.html

A quick run-down of what to do:

1) Grab the 2.6 kernel from ftp://ftp.kernel.org

2) Configure the kernel:
   a) Turn on 'Code maturity level options'/'Prompt for development 
and/or incomplete code/drivers'
   b) Turn on 'Device Drivers'/'Block devices'/'Loopback device support' 
as well as the sub-item 'Cryptoloop Support'
   c) Under 'Cryptographic options' make sure to turn on the crypto 
algorithms you intend to use. The HOWTO recommends serpent, and that is 
what i tested with, though you should be able to use just about any 
algorithm you want.
Note: If you compile any of these options as modules, you will probably 
want to create a shell-script that will modprobe or insmod them.

3) Compile your new kernel, use your bootloader to make the new kernel 
bootable. Reboot.

4) Create your encrypted file, if you don't already have one:
$ dd if=/dev/urandom of=/home/myuser/cryptfile bs=1M count=10
If I understand this correctly, this creates a 10MB file of garbage, 
which is what you want. You can change the size of 'count' if you need 
to create a larger file.

5) Create your loopback device (loop, cryptoloop, and your algorithm 
modules must be loaded at this point):
$ losetup -e serpent /dev/loop0 /home/myuser/cryptfile
Note: A normal user can't do this by default.
Note2: As stated in the HOWTO, you only get one chance to enter the 
password. It will create the loopback device even if you enter the wrong 
password, but the contents of /dev/loop0 will essentially be garbage.

6) Create your filesystem, for example:
$ mke2fs /dev/loop0

7) You *should* now be able to mount your filesystem with:
$ mount -t ext2 /dev/loop0 /some/mount/point
Note: add the ability for users to mount /dev/loop0 to fstab if you 
don't want to su each time you want to use your encrypted filesystem, 
though you'll probably by using su to run losetup.

8) To unmount and secure your file:
$ umount /dev/loop0
$ losetup -d /dev/loop0
Note: 'losetup -d [device]'  removes the loopback device

Also, as a side note, Slackware9.1 comes with util-linux-2.12. I didn't 
upgrade or patch util-linux in any way.

And that's basically it.

~Brad

Benjamin Walkenhorst wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello everybody,
> 
> I use Slackware 9.1 for desktop and work. I currently use linux-2.4.22 
> plus the cryptoapi and -loop patches.
> I use a cryptoloop-device for my diary.
> 
> Now I would like to upgrade my kernel to 2.6, but cryptoloop does not 
> work with 2.6 - I upgraded util-linux to 2.12, but it still does not 
> work. What am I doing wrong? Do I have to patch util-linux-2.12? If I 
> understand correctly, the patch for cryptoloop is already included in 
> 2.12. 
> 
> Thank you very much,
> 
> Kind regards,
> 
> Benjamin
> 
> - -- 
> Benjamin Walkenhorst
> eMail: krylon@gmx.net
> http://www.krylon.de
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (NetBSD)
> 
> iD8DBQFAAZ26/JWwsvZUqOwRAuW+AJ9ibNsi5RjJvwUIKgW7mx9GI7YBOwCfWWw1
> 4UAtbswKuANmKSKSs2GIKMs=
> =VDyi
> -----END PGP SIGNATURE-----
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>