Changes between Initial Version and Version 1 of Filesystem_encryption

Timestamp:

02/22/08 17:37:04 (16 years ago)

Author:

anonymous

Comment:

--

Filesystem_encryption

@@ +1 @@
+= Filesystem encryption =
+Install software:
+{{{
+emerge device-mapper
+emerge cryptsetup-luks
+}}}
+create the key:
+{{{
+tr -cd [:graph:] </dev/urandom |head -c128 > /root/myhm_sdb1_key
+}}}
+
+Setup the partition
+{{{
+cryptsetup -v --cipher aes-cbc-essiv:sha256 --key-size 256 luksFormat /dev/sdb1 /root/myhm_sdb1_key
+}}}
+Answer YES[[BR]]
+Opening the partition:
+{{{
+cryptsetup --key-file /root/myhm_sdb1_key luksOpen /dev/sdb1 crypt-sdb1
+}}}
+Create the filesystem:
+{{{
+/sbin/mkfs.ext3 -j /dev/mapper/crypt-sdb1
+}}}
+Mount the filesystem:
+{{{
+mkdir /mnt/sdb1
+mount /dev/mapper/sdb1 /mnt/sdb1
+}}}
+
+Adding the filesytem to /etc/conf.d/cryptfs add the following:
+{{{
+target=crypt-sdb1
+source='/dev/sdb1'
+key='/root/myhm_sdb1_key'
+}}}
+Adding the filesytem to /etc/fstab, add the following:
+{{{
+/dev/mapper/crypt-sdb1  /mnt/sdb1       auto            noauto,noatime  0 0
+}}}
+
+Optional: [[BR]]
+Encrypt the Keys using gpg:
+{{{
+cat <KEYFILE> | gpg --symmetric -a >./<KEYFILE>.gpg
+}}}
+Decrypt the Keys using gpg:
+{{{
+gpg --quiet --decrypt <KEYFILE>.gpg
+}}}
+
+[wiki:KeySshfs Key on sshfs][[BR]]
+
+Additional Information:[[BR]]
+Copy data using cpio (using the -xdev option to stay in local filesystem):
+{{{
+cd <SOURCE-DIR> && find ./ -xdev -print0 | cpio -pa0V <TARGET-DIR>
+}}}
+Copy data using tar (using the l option to stay in local filesystem):
+{{{
+(cd <SOURCE-DIR> >> /dev/null; tar clf - .)|(cd <TARGET-DIR> >> /dev/null; tar xvf -)
+}}}
+Copy data using rsync (using the x option to stay in local filesystem):
+{{{
+rsync -avH --progress -x <SOURCE-DIR> <TARGET-DIR>
+}}}
+
+