| Brian Epstein on 4 Feb 2006 13:40:54 -0000 |
|
On Thu, 2 Feb 2006, Greg Lopp wrote: I have an installer that appears to mount a crypto'd loopback image. It asks me for a password and then, according to strace, tries to access /proc/crypto/cipher. What kernel are you running on? I think /proc/crypto/cipher has been replaced in later versions of the kernel. Here is the process I use to mount an encrypted loopback image. I am running a 2.6.11 kernel. First, I make sure that the cryptoloop and blowfish modules are loaded (I use blowfish). You can see which algorithms are available by looking in the following directory: $ ls /lib/modules/`uname -r`/kernel/crypto anubis.ko cast6.ko des.ko michael_mic.ko tea.ko arc4.ko crc32c.ko khazad.ko serpent.ko twofish.ko blowfish.ko crypto_null.ko md4.ko sha256.ko wp512.ko cast5.ko deflate.ko md5.ko sha512.ko $ You need to know which algorithm is being used in your image in order to mount it. Next, check and make sure that the modules really loaded: $ lsmod | egrep -e "blowfish|cryptoloop" blowfish 12353 0 cryptoloop 7361 0 loop 19401 1 cryptoloop $ Now, setup your loopback device: $ su # losetup -e blowfish /dev/loop1 /path/to/file.img Password: # Now, mount it up. # mount /dev/loop1 /path/to/mountpoint When you are doing with it, make sure to unmount and destroy the loopback adapter. # umount /path/to/mountpoint # losetup -d /dev/loop1 On an aside, if you are creating a new image, make sure to fill it with random data. For example, if you want a 10meg encrypted partition, use this process. $ su # dd if=/dev/urandom of=/path/to/file.img bs=1024 count=10240 10240+0 records in 10240+0 records out # losetup -e blowfish /dev/loop1 /path/to/file.img Password: enternewpasswordhere # mkfs.ext3 /dev/loop1 mke2fs 1.38 (30-Jun-2005) ... # mount /dev/loop1 /path/to/mountpoint Now interact with /path/to/mountpoint as if it were any other normal path. Remember, the password that you set above is the one and only password for this encrypted filesystem. You only get to set it once, so be careful. I would suggest practicing mounting and umounting before putting important files in there. If you forget the password, or fat-finger it when you created the device, the data inside will be useless junk (as expected). In order to change the password, you will have to create another crypted loop device and copy all the files over. So, make sure it is a really good password. It is quite a pain to move the files around. Lemme know if you need help, ep -- Brian Epstein <ep@epiary.org> Key fingerprint = F9C8 A715 933E 6A64 C220 482B 02CF B6C8 DB7F 41B4 ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|