Filesystem encryption
Install software:
emerge device-mapper emerge cryptsetup-luks
create the key:
tr -cd [:graph:] </dev/urandom |head -c128 > /root/myhm_sdb1_key
Setup the partition
cryptsetup -v --cipher aes-cbc-essiv:sha256 --key-size 256 luksFormat /dev/sdb1 /root/myhm_sdb1_key
Answer YES
Opening the partition:
cryptsetup --key-file /root/myhm_sdb1_key luksOpen /dev/sdb1 crypt-sdb1
Create the filesystem:
/sbin/mkfs.ext3 -j /dev/mapper/crypt-sdb1
Mount the filesystem:
mkdir /mnt/sdb1 mount /dev/mapper/sdb1 /mnt/sdb1
Adding the filesytem to /etc/conf.d/cryptfs add the following:
target=crypt-sdb1 source='/dev/sdb1' key='/root/myhm_sdb1_key'
Adding the filesytem to /etc/fstab, add the following:
/dev/mapper/crypt-sdb1 /mnt/sdb1 auto noauto,noatime 0 0
Optional:
Encrypt the Keys using gpg:
cat <KEYFILE> | gpg --symmetric -a >./<KEYFILE>.gpg
Decrypt the Keys using gpg:
gpg --quiet --decrypt <KEYFILE>.gpg
Additional Information:
Copy data using cpio (using the -xdev option to stay in local filesystem):
cd <SOURCE-DIR> && find ./ -xdev -print0 | cpio -pa0V <TARGET-DIR>
Copy data using tar (using the l option to stay in local filesystem):
(cd <SOURCE-DIR> >> /dev/null; tar clf - .)|(cd <TARGET-DIR> >> /dev/null; tar xvf -)
Copy data using rsync (using the x option to stay in local filesystem):
rsync -avH --progress -x <SOURCE-DIR> <TARGET-DIR>
Last modified 17 years ago
Last modified on 02/22/08 17:37:04
