[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: automating cryptoapi startup & shutdown

To: Ben Slusky <sluskyb@paranoiacs.org>
Subject: Re: automating cryptoapi startup & shutdown
From: Wayne F Davis <wfdavis@seas.upenn.edu>
Date: Tue, 11 Jun 2002 15:20:06 -0400 (EDT)
cc: linux-crypto@nl.linux.org
In-Reply-To: <20020611184720.GA2069@paranoiacs.org>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org
Sender: linux-crypto-bounce@nl.linux.org

On Tue, 11 Jun 2002, Ben Slusky wrote:

> On Tue, 11 Jun 2002 13:08:12 -0400, Wayne F Davis wrote:
> > Now, I want to automate some of the steps (losetup, modules, mount).  What
> > is the best way to go about doing this?  I would like to load the modules
> > on boot via modules.conf and have the mount command handle the losetup.
> > On shutdown, I would like the umounting to handle the losetup.  Is there
> > a way to do this easily (via modules.conf & /etc/fstab)?  (I tried a few
> > things, but was getting some errors, so I figured I'd ask here.)
>
> This can be done, with a patched util-linux package. Such a package is
> standard with RedHat and Debian, and possibly others; if your mount(8)
> man page does not mention the "encryption" and "keybits" options, then
> get the patch at
> <URL:ftp://ftp.kernel.org/pub/linux/kernel/people/hvr/util-linux-patch-int/>
> and build it yourself.

I do have the updated util-linux package.

> Now, to mount /dev/hda7 as /home with 128-bit AES encryption, add to
> your modules.conf:
> 	alias cipher-aes-ecb cipher-aes
> 	alias cipher-aes-cbc cipher-aes
> and to your fstab:
> 	/dev/hda7 /home ext3 defaults,loop,encryption=aes,keybits=128 1 0

my modules.conf includes:
alias cipher-aes-ecb cipher-aes
alias cipher-aes-cbc cipher-aes

my fstab:
/dev/loop0 /mnt/crypt ext3 defaults,loop,encryption=aes,keybits=128 1 0

---

However, I can't mount the drive using mount ...
# mount /mnt/crypt
ioctl: LOOP_SET_FD: Device or resource busy

First, I have to setup the loopback device with losetup, after loading
the modueles:
# modprobe cipher-aes
# modprobe cryptoloop
# losetup -e aes /dev/loop0 /path/cryptfile

Then, I can mount it:
mount /dev/loop0 /mnt/crypt

--

Is there anyway I can simplify this?  So that I can just type mount
/mnt/crypt and type in my password (w/o scripting it)?

Thank,
Wayne

>
> Note the 0 in the fsck-pass column, since you can't fsck it. Which isn't
> too much of a problem if you use a journaling filesystem.
>
> HTH,
>
>

-- 
Wayne Davis - wfdavis@seas.upenn.edu - PGP Key Available

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: automating cryptoapi startup & shutdown
  - From: Ben Slusky <sluskyb@paranoiacs.org>

References:
- Re: automating cryptoapi startup & shutdown
  - From: Ben Slusky <sluskyb@paranoiacs.org>

Prev by Date: Re: automating cryptoapi startup & shutdown
Next by Date: Re: automating cryptoapi startup & shutdown
Prev by thread: Re: automating cryptoapi startup & shutdown
Next by thread: Re: automating cryptoapi startup & shutdown
Index(es):
- Date
- Thread