-
Senior Member
registered user
Portable Loopback-Encrypted-Filesystem
This allows you to create encrypted containers that you can mount and unmount, and move between machines as needed. This functionality is similar to pgpdisk or bestcrypt. This has been tested on the live cd and a hardrive install using Knoppix 3.2 June 6 2003.
As root:
Make a mount point for the encrypted filesystem as follows:
mkdir /mnt/crypt
Edit '/etc/fstab', adding an entry for your mount point as follows:
/dev/loop0 /mnt/crypt ext2 user,noauto,rw,loop 0 0
Create your encrypted file as follows:
dd if=/dev/urandom of=/etc/cryptfile bs=1M count=10
This creates a 10M encryption "container" in /etc called cryptfile.
You can adjust size, location, and name to your preferences.
Next, run losetup as follows:
losetup -e aes /dev/loop0 /etc/cryptfile
You only have one chance to enter the 20 character password, be careful.
-=Note: optional test=-
If you want to double-check your password, use the command:
losetup -d /dev/loop0
to deactivate your loop device. Next you will run losetup again to test your password, as follows:
losetup -e aes /dev/loop0 /etc/cryptfile
-=end optional test=-
Make your ext2 filesystem as follows:
mkfs -t ext2 /dev/loop0
Now you can mount the encrypted filesystem with:
mount -t ext2 /dev/loop0 /mnt/crypt
When you're done, you can unmount and protect your filesystem as follows:
umount /dev/loop0
losetup -d /dev/loop0
Slick, no?
-
Senior Member
registered user
Encrytped Container for regular (joe) user
The above works fine for the root user, but I wanted something where "joe user" could mount, unmount, and read / write to the encrypted container. After a little trial and effort, here is what I have come up with...
This example shows how to create an ext2 file system on encrypted file. This example creates a 5 MB file (/mnt/msdos/scratch/cryptfile) for storage and a directory (/mnt/crypt) as a mount point.
A couple of notes: This example is intentionally simple to help you understand basic loop encryption, but is also vulnerable to optimized dictionary attacks. Also, the "losetup -e" command asks for a 20 character encryption password, make up one and don't forget it.
Execute the following commands (as root), modifying paths and filenames for your purposes:
dd if=/dev/zero of=/mnt/msdos/scratch/cryptfile bs=4k count=1280
losetup -e AES128 -T /dev/loop1 /mnt/msdos/scratch/cryptfile
mkfs -t ext2 /dev/loop1
losetup -d /dev/loop1
mkdir /mnt/crypt
cd /mnt/crypt
chown knoppix.knoppix *
chown knoppix.knoppix .
chown knoppix.knoppix ..
cd ..
chown knoppix.knoppix crypt
Next, add this to your /etc/fstab file (all one line):
/mnt/msdos/scratch/cryptfile /mnt/crypt ext2 noauto,users,exec,loop=/dev/loop1,encryption=AES128 0 0
Exit the root account, to your joe user account (knoppix in this example).
Now regular users should be able to mount the file system as follows (after answering the password prompt correctly).
mount /mnt/crypt
The can then unmount it like this:
umount /mnt/crypt
The only thing that needs done now is to create a desktop icon that will let users mount and unmount the container. Creating an icon that shows the "disk" as mounted and lets you unmount is no problem, but when you go to mount it, you will get an error because the password is needed. Currently, I am mounting (as joe user) from a terminal, then using the icon (or command line) to dismount. If anyone comes up with anything a little more user friendly that is tested and working, please post.
-
Junior Member
registered user
nice. you can also do the same thing on the floppy drive. of course u cant have a 10mb file but hey 1.44mb is enough for small documents. plus u could create a script on the floppy to mount it
-
How do I send the password automatically for attaching the encrypted file to the loopbackdevice.
I want the password to come from the output of another program.
Any ideas?
-
The answer to my own question is, use the -p option.
You can search google for "losetup -p" for more information, or just use my example below.
echo <password> | losetup -p0-e AES128 /dev/loop0 /file
-
Junior Member
registered user
well thats all fine and dandy if only you can see this <password> but what if others use it?
-
this doesn't appear to work with 2.6 ... ?
this doesn't appear to work with 2.6 ... ?
-
IS there a way to use this command and a USB Stick? Mount the USB stick and make sure anything tranfered to it or anything on it is encrypted. These file would have to be able to then be decrypted before being sent. This would be a safeguard in case the usb stick was lost after moving the data to it.
thanks,
Gary
-
For anyone interested, this helped me solve my problems:
http://unit.aist.go.jp/itri/knoppix/...n/index20.html
-
Senior Member
registered user
crossplatform tool (Win/Linux) for AES containers
Since my work PC is Windows 2000, I have been wanting to use my same AES containers created on Linux in my Windows environment, and vice versa. Found a most excellent tool called CrossCrypt for this very purpose.
http://www.scherrer.cc/crypt/
It is command line driven, so you may want to use the GUI overlay designed for it.
http://www.sdean12.org/CrossCryptGUI.htm
Finally, there is also a utility that let's you manage your containers from a system tray icon.
http://www.sdean12.org/zipped2/SecureTrayUtil391.zip
The system tray also supports other Win32 FOSS and commercial encrypted containers you might be using (freeOETF, bestcrypt, E4M, pgpdisk, scramdisk, and truecrypt) as well as adds shredder functionality, and integrates into the Windows shell pretty well.
Similar Threads
-
By Incubii in forum Ideas
Replies: 0
Last Post: 03-03-2004, 05:42 AM
-
By e1000 in forum Customising & Remastering
Replies: 0
Last Post: 02-18-2004, 06:31 AM
-
By MorskNorsk in forum The Lounge
Replies: 2
Last Post: 12-28-2003, 09:10 PM
-
By Incubii in forum Hdd Install / Debian / Apt
Replies: 4
Last Post: 07-16-2003, 08:04 AM
-
By beforewisdom in forum Hdd Install / Debian / Apt
Replies: 4
Last Post: 06-28-2003, 09:10 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Knoppix 9.1 Live Linux GNU Bootable USB Flash Drive USA
$19.99
Knoppix NSM 1.2
$8.50
Knoppix Live GNU Linux System 9.1 on Bootable CD / DVD / USB Flash Drive
$9.99
Knoppix Linux Bootable OS v8.6 "Original Live Operating System" 32G USB Stick
$20.30
Hamshack Live DVD-ROM
$12.00
Linux Knoppix 4.0.2 Installation Disc
$39.99
KNOPPIX 9.1 LINUX INSTALL & LIVE DVD
$9.99
Acer Aspire One 9 inch Netbook ZG5 512MB RAM 8GB SSD HD Knoppix Linux WiFi VGA
$79.99
Knoppix Linux Bootable OS v8.6 "Original Live Operating System" 16G USB Stick
$19.95