[opensuse] Using the crypto filesystem
I am trying to mount a file as encrypted filesystem on openSuSE 10.3 following indications from: http://en.opensuse.org/SDB:Using_the_Crypto_File_System#Use_a_file_as_encryp... I am able to execute the first two steps with no problem: 1. dd if=/dev/urandom of=loop_fs bs=1024 count=20000 2. sudo /sbin/losetup -e 3des /dev/loop0 loop_fs but at the third step I get an error and I am not able to figure out what it is: 3. sudo /sbin/mke2fs /dev/loop0 mke2fs 1.40.2 (12-Jul-2007) mke2fs: Device size reported to be zero. Invalid partition specified, or partition table wasn't reread after running fdisk, due to a modified partition being busy and in use. You may need to reboot to re-read your partition table. Can anyone tell me please how to solve this issue? -- Bogdan Cristea -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Am Sonntag, 18. Mai 2008 schrieb Bogdan Cristea:
I am trying to mount a file as encrypted filesystem on openSuSE 10.3 following indications from: http://en.opensuse.org/SDB:Using_the_Crypto_File_System#Use_a_file_as_encryp...
This article is for 10.1!
[...] Can anyone tell me please how to solve this issue?
Use YaST: http://www.novell.com/documentation/opensuse103/opensuse103_reference/index.... Or try: http://en.opensuse.org/Encrypted_Filesystems This one is at least for 10.2. HTH Jan -- Problems are only Opportunities in Disguise. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, 2008-05-18 at 23:30 +0300, Bogdan Cristea wrote:
I am trying to mount a file as encrypted filesystem on openSuSE 10.3 following indications from: http://en.opensuse.org/SDB:Using_the_Crypto_File_System#Use_a_file_as_encryp...
I am able to execute the first two steps with no problem:
1. dd if=/dev/urandom of=loop_fs bs=1024 count=20000
2. sudo /sbin/losetup -e 3des /dev/loop0 loop_fs
but at the third step I get an error and I am not able to figure out what it is:
3. sudo /sbin/mke2fs /dev/loop0 mke2fs 1.40.2 (12-Jul-2007) mke2fs: Device size reported to be zero. Invalid partition specified, or partition table wasn't reread after running fdisk, due to a modified partition being busy and in use. You may need to reboot to re-read your partition table.
Can anyone tell me please how to solve this issue?
I did this and I can mount/umount my "container", I had intended on actually polishing this and doing an RFC for feedback. As user: - deterine where encrypted container will be placed - create dummy file : dd if=/dev/zero of=/encrypted/data.crypt bs=1m count=20480 of= is the path and name of the encrypted container creates a 20Gig dummy file, use dd if=dev/random ..... for a file that looks like it is all data. NOTE file creation time is greatly increased. - create a mount point for the container: mkdir /home/<user-Name>/Documents/data As root: - losetup /dev/loop7 ./data.crypt As user: - create key using /dev/random: cat /dev/random > foo NOTE press CTRL-C after 1 sec to stop filling foo. cat ./foo | cut -b 0-31 > /home/<user-Name>/crypto.key cryptsetup -c aes -d /home/<user-Name>/crypto.key create data.crypt /dev/loop7 As root: - cryptsetup -c aes -d /home/<user-Name>/crypto.key create data.crypt /dev/loop7 - create a file system on the container: mke2fs -j /dev/mapper/data.crypt - mount files system: mount /dev/mapper/data.crypt /home/<user-Name>/Documents/data At this point the container has an encrypted filesystem and is now mountable by root: - losetup /dev/loop7 ./data.crypt - cryptsetup -d /home/<user-Name>/crypto.key create data.crypt /dev/loop7 - mount /dev/mapper/data.crypt /home/<user-Name>/Documents/data -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, May 18, 2008 at 4:30 PM, Bogdan Cristea <cristeab@gmail.com> wrote:
I am trying to mount a file as encrypted filesystem on openSuSE 10.3 following indications from: http://en.opensuse.org/SDB:Using_the_Crypto_File_System#Use_a_file_as_encryp...
I am able to execute the first two steps with no problem:
1. dd if=/dev/urandom of=loop_fs bs=1024 count=20000
2. sudo /sbin/losetup -e 3des /dev/loop0 loop_fs
but at the third step I get an error and I am not able to figure out what it is:
3. sudo /sbin/mke2fs /dev/loop0 mke2fs 1.40.2 (12-Jul-2007) mke2fs: Device size reported to be zero. Invalid partition specified, or partition table wasn't reread after running fdisk, due to a modified partition being busy and in use. You may need to reboot to re-read your partition table.
Can anyone tell me please how to solve this issue?
-- Bogdan Cristea
An alternate solution is to use encfs via fuser instead. It is pretty easy to setup and use. I like it because I can rsync the encrypted files out the backend while having non-encrypted access via the frontside. Greg -- Greg Freemyer Litigation Triage Solutions Specialist http://www.linkedin.com/in/gregfreemyer First 99 Days Litigation White Paper - http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf The Norcross Group The Intersection of Evidence & Technology http://www.norcrossgroup.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun May 18 2008 14:30:56 Bogdan Cristea wrote:
I am trying to mount a file as encrypted filesystem on openSuSE 10.3 [...] Can anyone tell me please how to solve this issue?
YaST2/System/Partitioner helps you accomplish that very easily. Just run "Crypt File / Create Crypt File" and fill up the fields. The file does not have to exist before you run YaST2. The only warning I would give is that, if you mistype your password 3 times or if you don't pay attention at reboot and the encrypted mount times out, then you are left with the mount point empty. I was fooled once and copied things to the unmounted directory and later I wondered where they were, because they are hidden when you mount the encrypted file system. To prevent that, I now create a warning file "do_not_copy_files_here" to recognize when I am seeing the empty mount point, instead of the mounted file system. -- Carlos FL "It is not worth an intelligent man's time to be in the majority. By definition, there are already enough people to do that." - G. H. Hardy -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Bogdan Cristea wrote:
I am trying to mount a file as encrypted filesystem on openSuSE 10.3 following indications from: http://en.opensuse.org/SDB:Using_the_Crypto_File_System#Use_a_file_as_encryp...
I am able to execute the first two steps with no problem:
1. dd if=/dev/urandom of=loop_fs bs=1024 count=20000
2. sudo /sbin/losetup -e 3des /dev/loop0 loop_fs
but at the third step I get an error and I am not able to figure out what it is:
3. sudo /sbin/mke2fs /dev/loop0 mke2fs 1.40.2 (12-Jul-2007) mke2fs: Device size reported to be zero. Invalid partition specified, or partition table wasn't reread after running fdisk, due to a modified partition being busy and in use. You may need to reboot to re-read your partition table.
Can anyone tell me please how to solve this issue?
Hi, I read the link that you gave and the first step is to make sure that you have the "cryptoloop" module installed with any dependencies. "If the commands below get error messages, it may be that you need to load the kernel module which does the encryption: modprobe cryptoloop" -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Yes, you have right, I don't have that module. Thanks On Monday 19 May 2008 20:34:19 name wrote:
Bogdan Cristea wrote:
I am trying to mount a file as encrypted filesystem on openSuSE 10.3 following indications from: http://en.opensuse.org/SDB:Using_the_Crypto_File_System#Use_a_file_as_enc rypted_filesystem
I am able to execute the first two steps with no problem:
1. dd if=/dev/urandom of=loop_fs bs=1024 count=20000
2. sudo /sbin/losetup -e 3des /dev/loop0 loop_fs
but at the third step I get an error and I am not able to figure out what it is:
3. sudo /sbin/mke2fs /dev/loop0 mke2fs 1.40.2 (12-Jul-2007) mke2fs: Device size reported to be zero. Invalid partition specified, or partition table wasn't reread after running fdisk, due to a modified partition being busy and in use. You may need to reboot to re-read your partition table.
Can anyone tell me please how to solve this issue?
Hi, I read the link that you gave and the first step is to make sure that you have the "cryptoloop" module installed with any dependencies. "If the commands below get error messages, it may be that you need to load the kernel module which does the encryption:
modprobe cryptoloop"
-- Bogdan Cristea -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Bogdan Cristea wrote:
Yes, you have right, I don't have that module. Thanks
On Monday 19 May 2008 20:34:19 name wrote:
I am trying to mount a file as encrypted filesystem on openSuSE 10.3 following indications from: http://en.opensuse.org/SDB:Using_the_Crypto_File_System#Use_a_file_as_enc rypted_filesystem
I am able to execute the first two steps with no problem:
1. dd if=/dev/urandom of=loop_fs bs=1024 count=20000
2. sudo /sbin/losetup -e 3des /dev/loop0 loop_fs
but at the third step I get an error and I am not able to figure out what it is:
3. sudo /sbin/mke2fs /dev/loop0 mke2fs 1.40.2 (12-Jul-2007) mke2fs: Device size reported to be zero. Invalid partition specified, or partition table wasn't reread after running fdisk, due to a modified partition being busy and in use. You may need to reboot to re-read your partition table.
Can anyone tell me please how to solve this issue? Hi, I read the link that you gave and the first step is to make sure
Bogdan Cristea wrote: that you have the "cryptoloop" module installed with any dependencies. "If the commands below get error messages, it may be that you need to load the kernel module which does the encryption:
modprobe cryptoloop"
Glad it helped. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Am Montag, 19. Mai 2008 schrieb Bogdan Cristea:
Yes, you have right, I don't have that module. Thanks [...]
You do NOT want this module named cryptoloop! "Cryptoloop has known vulnerabilities and has been deprecated in favor of dm-crypt" http://en.wikipedia.org/wiki/Cryptoloop HTH Jan -- A bore is a man who deprives you of solitude without providing you with company. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Am Montag, 19. Mai 2008 schrieb name:
[...] Hi, I read the link that you gave and the first step is to make sure that you have the "cryptoloop" module installed with any dependencies. "If the commands below get error messages, it may be that you need to load the kernel module which does the encryption:
modprobe cryptoloop"
Please do NOT use cryptoloop: "Cryptoloop has known vulnerabilities and has been deprecated in favor of dm-crypt" http://en.wikipedia.org/wiki/Cryptoloop Gruß Jan -- Government is an association of men who do violence to the rest of us. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (6)
-
Bogdan Cristea -
Carlos F. Lange -
Greg Freemyer -
Jan Ritzerfeld -
Mike McMullin -
name