Welcome! Log In Create A New Profile

Advanced

Security Freak? Encrypt folders or /home !

Posted by gplgeek 
Security Freak? Encrypt folders or /home !
August 24, 2007 09:47AM
Install needed crypto stuff
apt-get install cryptsetup libpam-mount

Create your partition as normal, for the example we use /dev/sdb4
gparted

If you don't restart your system you probably will get errors, though you may not. If you skip this step I will not try to support your problems/questions/comments.


(dd if=/dev/random of=/dev/sdb4, put random charactors over your partition if you really really want security by making it impossible to figure out what is and is not data)

Start creating the encryption mapping
cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb4

Now check the info on your new encrypted setup!
cryptsetup luksDump /dev/hda3
You should be using slot 0 for your key but you can store up to 8 keys there. (0-7)

Check mapper device.
ls /dev/mapper/
"control"

Now we unlock
cryptsetup luksOpen /dev/sdb4 MyFolder
"Enter LUKS passphrase: "
"key slot 0 unlocked."
"Command successful."

Partition your encrypted system.
mkfs.reiserfs -l home /dev/mapper/MyFolder

Mow mount your encrypted folder!
mount /dev/mapper/MyFolder /MySecretFolder/


To close it at any time
cryptsetup luksClose home

If you want to mount it as home do the following 2 things.

Add this to both /etc/pam.d/common-auth and
/etc/pam.d/common-session
@include common-pammount

Add this to /etc/pam.d/common-session
volume yourusernamehere crypt - /dev/sdb4 /home cipher=aes - -

To add users/keys
cryptsetup luksAddKey /dev/sdb4

To delete keys
cryptsetup luksDelKey /dev/sdb4 0

This information was ripped from a "secureme.sh" shell script originally released under the WTFPL licence. I was asked to help work on this shell script and thought that it might be nice to post it on the forums here. It is reported to work on debian etch 4.0 as well as Elive Gem and Ubuntu 7.04


If anyone tries it and has problems please append all avaliable information in the form of a reply.
Sorry, only registered users may post in this forum.

Click here to login