On Sunday 24 September 2006 16:35, Carlos E. R. wrote:
Hi,
I'm trying to create an encrypted filesystem via Yast partitioner in SuSE 10.1, using a file mounted via the loop device. I have done this before, in fact I have two such things created under 9.3 running; but I can't (couldn't) with 10.1, it is creating a plain non encrypted filesystem instead.
Or so it seemed.
Looking carefully again, after several runs, I noticed that it was mounting the filesystem as plain non encrypted, but it was in fact creating an encrypted one with the appropriate entry en /etc/cryptotab instead of in /etc/fstab - whereas in 9.3 it created then in /etc/fstab instead, and in 8.x they were created in /etc/cryptotab. This criteria change is very confusing. Perhaps Yast could ask where the user wanted to define it - feature request, perhaps?
It's not only a config file difference; an encrypted filesystem defined in /etc/fstab can be mounted with the command mount, but one defined in /etc/cryptotab is mounted via the command "/etc/init.d/boot.crypto start", which is less comfortable for manual mount after boot (and it mounts all devices listed, even if already mounted).
/etc/cryptotab sample line:
/dev/loop3 /file3 /crypta3 ext3 twofish256 acl,user_xattr
/etc/fstab, the equivalent sample line:
/file3 /crypta3 ext3 noauto,acl,user_xattr,loop=/dev/loop3,encryption=twofish256 0 0
Both work with the same file, I tried. I'll stay with the second one. But in 9.3 the fstab line was instead (incompatible):
/file2 /crypta2 ext3 noauto,acl,user_xattr,loop=/dev/loop2,encryption=twofish256,phash=sha512,it ercountk=100
Comments?
Also, how would I create the equivalent encrypted filesystem manually; docus, howtos?
Tks.
-- Cheers, Carlos Robinson
Hello there I see you're a little surprised because of that "small" change in SU10, aren't you ? It's is about docs you should check first man page of << losetup >> command. But before that fallowing steps will led you to setup manually encrypted file system on your partition: 1. create loop device with additional optional that says it's encrypted (USE: losetup), for example : # losetup -e aes-256 /dev/loop0 /dev/hda9 (or) # losetup -e aes-256 /dev/loop2 /mnt/encrfs.raw 2. make file system you want file/partition had (USE: mkfs.xxx), for example: # mkfs.ext3 /dev/hda9 (or) # mkfs.ext3 /mnt/encrfs.raw 3. you can mount now you partition of encrypted file with file system (USE: mount), for example: # mount -o loop0 --encryption=aes-256 -t ext3 /dev/hda9 /mnt/encrpart (or) # mount -o loop2 --encryption=aes-256 -t ext3 /mnt/encrfs.raw /mnt/encrfs ...that's it ! you should now enjoy because of your protected encryption TIP: If you don't want encrypt all partition (device fs), you have opportunity to encrypt choosen folder, using << encfs >> command. Of course, if you don't know what it can do for you should check its man page or search internet sources. TIP: if you want encrypt only specified file you can use << gpg >> command. Greetings from PoLaNd and gOOd lUCK