Re: Encrypted Loopback Filesystem

[Thiago Rondon <thiago.rondon@gmail.com>]

Right. As I can see, you need to load modules (how to read the data?) to 
do that. The way to you read the data now is the module in memory of 
your machine. If you stolen, the "how to read this data" go out.

-Thiago Rondon

On Wed, 04 Aug 2004 10:32:44 -0700, Lei Yang <leiyang@nec-labs.com> wrote:
> Thank you Gylnn, everything is pretty clear now :-)
> 
> So if I want something to be safe, I put them in /mnt/crypt. While the
> filesystem is mounted, I can access all the data and file in /mnt/crypt
> without problem. If the machine is unplugged or stolen, /mnt/crypt no
> longer works, right?
> 
> 
> 
> 
> On Tue, 2004-08-03 at 17:58, Glynn Clements wrote:
> > Lei Yang wrote:
> >
> > > I am trying to play around loopback device and want to set up an
> > > encrypted loopback filesystem. I did the following things:
> > >
> > > 1. losetup -e serpent /dev/loop0 /etc/crypt
> > > /ect/crypt: Is a directory
> > >
> > > So I tried: losetup -e serpent /dev/loop0 /etc/cryptfile and this time
> > > cryptfile is a plain txt file.
> >
> > It should be a filesystem image; or, at least, it needs to be large
> > enough to have a filesystem image subsequently created on it, e.g.
> >
> >       dd if=/dev/zero of=/etc/cryptfile bs=1m count=20
> >
> > for a 20Mb "device".
> >
> > > Enter passwd...
> > >
> > > 2. mkfs -t ext2 /dev/loop0
> > > 3. mount -t ext2 /dev/loop0 /mnt/crypt
> > >
> > > After this, how do I verify that anything happened that has enabled
> > > encryption? I can't understand where the encrypted filesystem lies in
> > > here:( Plus, when we say 'encrypted', which file is on earth encrypted?
> > > Is that files and data in /mnt/crypt are encrypted form of
> > > /etc/cryptfile? Really confused.
> >
> > After the above sequence, /etc/cryptfile will be an encrypted ext2
> > filesystem. Any files which are created beneath /mnt/crypt will
> > actually be stored in /etc/cryptfile.
> >
> > If you examine /etc/cryptfile directly with e.g. less, the contents
> > should be unintelligible (because they are encrypted). Once you
> > run:
> >
> >       umount /mnt/crypt
> >       losetup -d /dev/loop0
> >
> > the only way to recover those files will be to re-do steps 1 and 3
> > above, which will require the encryption key.
> >
> > Similarly, if someone steals the machine then, assuming that they had
> > to unplug it, they won't be able to recover the data without the
> > encryption key.
> >
> > OTOH, while the encrypted filesystem is mounted, the files which are
> > on it remain accessible. So the encryption doesn't provide any
> > protection against someone accessing the individual files while the
> > encrypted filesystem is mounted.
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> 
> 
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>