wiki:Filesystem_encryption

Filesystem encryption

Install software:

emerge device-mapper
emerge cryptsetup-luks

create the key:

tr -cd [:graph:] </dev/urandom |head -c128 > /root/myhm_sdb1_key

Setup the partition

cryptsetup -v --cipher aes-cbc-essiv:sha256 --key-size 256 luksFormat /dev/sdb1 /root/myhm_sdb1_key

Answer YES
Opening the partition:

cryptsetup --key-file /root/myhm_sdb1_key luksOpen /dev/sdb1 crypt-sdb1

Create the filesystem:

/sbin/mkfs.ext3 -j /dev/mapper/crypt-sdb1

Mount the filesystem:

mkdir /mnt/sdb1
mount /dev/mapper/sdb1 /mnt/sdb1

Adding the filesytem to /etc/conf.d/cryptfs add the following:

target=crypt-sdb1
source='/dev/sdb1'
key='/root/myhm_sdb1_key'

Adding the filesytem to /etc/fstab, add the following:

/dev/mapper/crypt-sdb1  /mnt/sdb1       auto            noauto,noatime  0 0

Optional:
Encrypt the Keys using gpg:

cat <KEYFILE> | gpg --symmetric -a >./<KEYFILE>.gpg

Decrypt the Keys using gpg:

gpg --quiet --decrypt <KEYFILE>.gpg

Key on sshfs

Additional Information:
Copy data using cpio (using the -xdev option to stay in local filesystem):

cd <SOURCE-DIR> && find ./ -xdev -print0 | cpio -pa0V <TARGET-DIR>

Copy data using tar (using the l option to stay in local filesystem):

(cd <SOURCE-DIR> >> /dev/null; tar clf - .)|(cd <TARGET-DIR> >> /dev/null; tar xvf -)

Copy data using rsync (using the x option to stay in local filesystem):

rsync -avH --progress -x <SOURCE-DIR> <TARGET-DIR>
Last modified 14 years ago Last modified on 02/22/08 17:37:04