PDA

View Full Version : Cryptoloop



tizwoz
5th September 2006, 08:15 PM
I am following this tut: http://www.tldp.org/HOWTO/Cryptoloop-HOWTO/kernel-configuration.html

To enable me to encrypt my files. However, I'm hitting a problem at the very first stage of this, maybe I'm just missing something or haven't got something installed (a dependency / tool or whatever it needs).

The tut says.....


Go to the directory that holds your kernel source tree (usually /usr/src/linux/) and start the configuration:

make menuconfig

My directory isn't /usr/src/linux. It is /usr/src/kernels So I did:


cd /usr/src/kernels
make menuconfig

The output that I got back was:


[tizwoz@localhost kernels]$ make menuconfig
make: *** No rule to make target `menuconfig'. Stop.

Any idea's where I'm going wrong? :confused:

cheerio158
6th September 2006, 02:25 AM
Try this instead: http://fedoranews.org/alex/tutorial/crypto/

I've been doing this since FC2 without any problems. You may have to turn off selinux, thought.

tizwoz
6th September 2006, 03:20 PM
Try this instead: http://fedoranews.org/alex/tutorial/crypto/

I've been doing this since FC2 without any problems. You may have to turn off selinux, thought.

Thankyooooouuuuuuuuuuuuuuu!!!!!!!!!!! :) :) :)

After much buggering about, i've finally managed to do it!! I wanted this on a external hdd (the above were instructions to use space on your com) so with the above website and: http://www.tldp.org/HOWTO/Cryptoloop-HOWTO/ I got the information needed to do this.

Just plugged in the external hdd into a windows laptop, just to test if I did it right, I did :cool: :D Just what I wanted. So if this gets robbed, they hopefully won't get very far.

Also special thanks to ccrvic :) If he hadn't of suggested cryptoloop in the first place I would have never have found it.

Thank you again :)

pjfg
6th September 2006, 09:25 PM
Even better, now that LUKS with HAL support is in FC5 ( http://blog.fubar.dk/?p=64 ) you can even get a password dialog box for you encrypted volumes on the desktop. Instructions are here: http://www.raoul.shacknet.nu/2005/11/10/encrypt-devices-using-dm-crypt-and-luks/

tizwoz
7th September 2006, 10:00 AM
Even better, now that LUKS with HAL support is in FC5 ( http://blog.fubar.dk/?p=64 ) you can even get a password dialog box for you encrypted volumes on the desktop. Instructions are here: http://www.raoul.shacknet.nu/2005/11/10/encrypt-devices-using-dm-crypt-and-luks/


I saw the animated screen shot and I was impressed. Immediately I went to install it and ever since I have loved it! It's just so much more user friendly (or should that be noob friendly?).

I didn't find it as difficult to install as cryptoloop, also, now when I plug my hdd in, I simply get a pop up box asking me for my password and away I go!

Works exactly like Cryptoloop really I guess, just this has a gui password box and prompts you on plugging your device in. I'm only sticking with this as I find it a bit easier :) Thanks for passing that on dude!! :D


-
-
-
-
-

I have a few questions to all you Cryptoloop / Lucks users if I may

This encryption software effectively works by somehow encrypting the software so you only the user with the password can get access to it. I've also tried it in windows, it can't be read there so thats good (it just asks me if I want to format it).

At the moment this is set up to my laptop... (external hdd that is)

1) If my laptop was to be stolen, would the information on my hdd be useless? Even if I had another linux computer / laptop set up (the same way as this) would I simply be able to plug it in my laptop and it would show up? Or would the information be lost forever without my laptop to open it up?

Probably a dunce of a question, but I'm a bit unsure. Oh also and...

2) The Encrypted files that my harddrive hold. Is there any way of transporting them (tar'ing / zipping them up) so I can back them up on another computer and still have the encryption in force? So to open them up, I would have to copy them onto my computer / hdd with linux and my password?

Your replies to the above would be most appreciated :)

pjfg
7th September 2006, 10:15 AM
1) The information on your external hdd is not dependant on your laptop. I share a luks drive between my desktop and laptop with no problems. What is required is: a kernel with the crypto api / device mapper, cryptsetup tool with luks support, and support for the filesystem that you used on the volume. Even if you plug the drive into a system without gnome and hal, you should be able to mount the disk manually using the cli if those requirements are met.

2) I'm afraid only the volume itself is encrypted. Once files are transferred off then they are no longer encrypted (which is the whole point of using this kind of on-the-fly encryption). If you wish to back up the files you'll have to create a second encrypted volume. If you want to look at encrypting individual files which you could move around take a look at gpg.

tizwoz
7th September 2006, 11:31 AM
1) The information on your external hdd is not dependant on your laptop. I share a luks drive between my desktop and laptop with no problems. What is required is: a kernel with the crypto api / device mapper, cryptsetup tool with luks support, and support for the filesystem that you used on the volume. Even if you plug the drive into a system without gnome and hal, you should be able to mount the disk manually using the cli if those requirements are met.

2) I'm afraid only the volume itself is encrypted. Once files are transferred off then they are no longer encrypted (which is the whole point of using this kind of on-the-fly encryption). If you wish to back up the files you'll have to create a second encrypted volume. If you want to look at encrypting individual files which you could move around take a look at gpg.

Ahh right, thank you for clearing that up, I've got a much better understanding of it now :) :) :)

GPG - I might have a play with that and see how it works for what I want to do. I've had a search and look and i'm a wee bit confused. GPG is it the same as GPG keys or what? In my search, i've found that you import a gpg key to install software? or to verify the install or something like that? :confused:

Any pointers? Just need pointing in the right direction :)

pjfg
7th September 2006, 11:39 AM
gpg uses assymetric public/private key pairs, so that it can be used for signing as well as encryption. It can be used on the cli to verify files or encrypt them. If you want a gui, I believe seahorse is the package which provides a front-end to gpg (key management) as well as a right-click gnome desktop encryption option.

tizwoz
8th September 2006, 10:27 PM
Cheers, managed to sort that, thank you :D

tizwoz
6th December 2006, 01:18 PM
Even better, now that LUKS with HAL support is in FC5 ( http://blog.fubar.dk/?p=64 ) you can even get a password dialog box for you encrypted volumes on the desktop. Instructions are here: http://www.raoul.shacknet.nu/2005/11/10/encrypt-devices-using-dm-crypt-and-luks/

Problem...

I have a external hdd encrypted the same way as above (I plug it in, I get prompted for a password, file are accessed etc). Yesterday the power supply stopped working and I haven't got another external hdd to put this into.

A mate is bringing over a desktop for me to install FC5 and try and retrieve my docs back. But, will the same thing work above even if it's plugged in via serial ata (in a desktop) and not by usb?

Atm, I'm still a bit unsure how i'm going to do this. My guess would be to mount the hdd and pray it prompts me for a pw? :confused: :eek:

pjfg
6th December 2006, 01:29 PM
As long as you are using FC5, then yes, it doesn't matter how the drive is plugged in. When you try to access the drive from nautilus then you should be prompted for a password. This is broken on FC6 (bug report has been filed at bugzilla), so I wouldn't recommend an upgrade if this feature is valuable to you.

If by any chance you aren't prompted for a password, don't worry! LUKS volumes can be mounted with a few commands in the terminal. I have the instructions somewhere should you need them.

tizwoz
6th December 2006, 02:55 PM
As long as you are using FC5, then yes, it doesn't matter how the drive is plugged in. When you try to access the drive from nautilus then you should be prompted for a password. This is broken on FC6 (bug report has been filed at bugzilla), so I wouldn't recommend an upgrade if this feature is valuable to you.

If by any chance you aren't prompted for a password, don't worry! LUKS volumes can be mounted with a few commands in the terminal. I have the instructions somewhere should you need them.

Thats very reassuring!! Thanks for the reply. If it's not too much trouble, I'd appreciate if you could dig out those instructions for me. I'm possibly gonne be offline when I do this so will print out everything.

Thanks :) :) :) :)

pjfg
6th December 2006, 03:45 PM
I'm pretty sure it is:

# cryptsetup luksOpen /dev/sda1 usbdisk

Replace /dev/sda1 with the partition which is encrypted. Replace "usbdisk" with whatever you wish; it is userdefined.

Running the above command should ask you for the password of the encrypted volume.

This will create a block device /dev/mapper/usbdisk.

You can now mount the block device:

# mount /dev/mapper/usbdisk /my/mount/point

tizwoz
6th December 2006, 03:53 PM
I'm pretty sure it is:

# cryptsetup luksOpen /dev/sda1 usbdisk

Replace /dev/sda1 with the partition which is encrypted. Replace "usbdisk" with whatever you wish; it is userdefined.

Running the above command should ask you for the password of the encrypted volume.

This will create a block device /dev/mapper/usbdisk.

You can now mount the block device:

# mount /dev/mapper/usbdisk /my/mount/point

Brilliant, thanks ever so much!! :) :) :) :)