[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Help trying to setup an encypted filesystem.
Thomas,
Thanks for the info.
I tried a fresh install of the kernel (2.4.26) and patched it with:
patch-cryptoloop-jari-2.4.22.0
Then I turned on crypto loop device in the Block Devices menu.
I recompiled. All went smoothly.
But losetup still doesn't recognize any of the crypto ciphers.
Here's the output:
% losetup -e aes -k 256 /dev/loop7 /etc/encrypted.data
The cipher does not exist, or a cipher module needs to be loaded into the
kernel
ioctl: LOOP_SET_STATUS: Invalid argument
That's the same output that I had before when I was just using the
crypto API stuff (without jari's patch for cryptoloop).
I then looked, and I saw that when I selected the cryptoloop module,
it disabled the crypto API for me. And I don't see any modules at:
% cat /proc/crypto
(Ie, nothing appears when I cat it.)
So apparently this means you can have one or the other, but not
both, eh? Either you use cryptoloop or you use the built-in Crypto API?
This doesn't make sense at all. Why use cryptoloop? What does it
do? I thought the Crypto API did everything?
And do I need a particular version of losetup (util-linux package)?
If so, which one? And do I need to patch it with a patch file? If
so, which one?
Someone suggested I use loop-aes? I have to check into that.
But does that mean that it only supports AES and not blowfish etc?
If so, I want blowfish and the rest. I don't just want AES. Having
a fast version of AES is nice, but not necessary.
I dunno. I've been patching my kernels with the crypto patches
since kernel 2.0.x. It's never been easy. And nobody ever seems
to have a nice readme.txt file available to do it. I'm always left to
beg for help on this mailing list. It's frustrating.
Steve
From: Thomas Sjögren <thomas@xxxxxxxxxxxxxxxxxxxx>
Reply-To: thomas@xxxxxxxxxxxxxxxxxxxx
To: Lohan Knight <lohan_knight@xxxxxxxxxxx>
CC: linux-crypto@xxxxxxxxxxxx
Subject: Re: Help trying to setup an encypted filesystem.
Date: Mon, 21 Jun 2004 13:06:15 +0200
On Sun, Jun 20, 2004 at 11:54:38PM -0500, Lohan Knight wrote:
> So what do I have to do to get kernel 2.4.26 to the point where
> I can create an encrypted filesystem? I don't care too much
> about backwards compatibility.
The kernel, as you said, contains the crypto but it doesn't support
cryptoloop.
Try
http://www.kernel.org/pub/linux/kernel/people/hvr/testing/patch-cryptoloop-jari-2.4.22.0
or you might want to consider loop-aes instead.
> Does anyone have a step by
> step list of instructions on how to do that?
this is for creating a encrypted /tmp using the vanilla crypto stuff in the
kernel + the cryptoloop-jari
patch, works for 2.4.26:
patch, configure, compile and reboot the kernel
losetup -e aes -k 256 /dev/loop0 <your partition or file[1]>
mkfs -t ext2 /dev/loop0
mount -o nosuid,nodev -t ext2 /dev/loop0 /tmp
chmod 1777 /tmp
[1] dd if=/dev/urandom of=/tmpcrypt bs=1M count=<size of /tmp in M> for
example
/Thomas
--
== thomas@xxxxxxxxxxxxxxxxxxxx | thomas@xxxxxxxxxxxx
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--
<< signature.asc >>
_________________________________________________________________
Get fast, reliable Internet access with MSN 9 Dial-up ? now 3 months FREE!
http://join.msn.click-url.com/go/onm00200361ave/direct/01/
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/