Using loop-aes on DSLForum: Other Help Topics Topic: Using loop-aes on DSL started by: WoofyDugfock Posted by WoofyDugfock on Nov. 10 2004,08:24
Loop-aes 1.6i-1 is included in DSL. Does anyone have any experience creating an encrypted partition (or just directory) with this on DSL? I've found it's very easy within DSL to mount an encrypted directory (.img) on removable media that has already been created (by a later version of loop-aes) using Knoppix-MiB's wizard - but that is rather inflexible. Creating an AES256-encrypted partition within DSL from scratch is proving a bit beyond me. I've looked at the lengthy: < http://www.ibiblio.org/pub....TO.html > and also the loop-aes README file referred to on that page (which is written for versions 2.0+ not 1.6). For example: the "tail" command is not recognised by my bash shell, although "head" seems to be. So I can't create the initial keys in the first place as instructed by the README. I've also looked at the heavyweight < http://mail.nl.linux.org/linux-crypto/ > but that doesn't have a search function and is not targeted at newbies anyway. Posted by clacker on Nov. 10 2004,23:24
Woffy, it is pretty confusing, but do-able in dsl.The head and tail commands both exist in the main distribution on the liveCD (0.8.3) . Are you sure it wasn't uuencode command that was causing the error? I had to install the shareutils package from debian to get that to work. This isn't the most secure of examples, since it doesn't encrypt the swap space or anything like that, but here is a simple example of encypting a floppy with dsl:
shred scrambles (and destroys) all data on the floppy so you don't want any files on it when you start. now put what you want into /mnt/efs. When you're done unmount /mnt/efs and type losetup -d /dev/loop1. When you start over again, to access that disk do:
and you can see your files again. There are so many week points to what I just posted, but I'm hoping that it gives you a place to start given that you've used it before elsewhere. Naturally, you would want a different phrase after the -S that "damnsmall" since we all know that now. You do need a minimum 20 charecter password, preferably not onetwothreeonetwothree. That's what the following line spits out (but you need uuencode from the shareutils deb) head -c 45 /dev/random | uuencode -m - | head -2 | tail -1 I had trouble making key files and reading them into losetup. Do you know how to do that? Posted by WoofyDugfock on Nov. 11 2004,08:43
Thanks mucho Clacker. There have been a few posts by others requesting info on encryption within dsl but no responses, probably because these were vague.Yes I don't have the shareutils deb installed so that's it - no uuencode! (I have gnu-utils.dsl so I assumed it'd be in there). I'll try your suggestion above and post later. Detailed instructions for creating keys etc are in the links in my first post - you need GnuPG of course. Not all of the examples supplied are intended for v < 2.0. Apparently the main difference between versions < 2.0 and 2.0+ is losetup/mount support for loop in multi-key mode. The README cautions against trying to use multi-key gpg keyfiles with old single-key aware losetup/mount. Hence DSL's v1.6i-1 is not suitable for multi-keys and could create problems if used on an encrypted partition created with multi-keys. It's very surprising to me that there appears to be no easy front-end GUI around for loop-aes, other than KnoppixMiB's built-in one, which is powerful but limited in some ways. For example, it will encrypt the entire home directory and put it in an .img file, which is useful, and mount this at boot time with the correct passphrase. But it will only use ext2 on the mounted .img (no choice of eg FAT32 offered). Now, loop-aes is compatible with CrossCrypt in Windows, so if desired the .img can be mounted under Windows, which seems a useful feature. But the CrossCrypt GUI does not recognise ext2 and wants to reformat the mounted image ie wipe the lot, which seems something of an oversight! (CrossCrypt's filedisk.exe commandline might have more options here, I dunno). Just a few thoughts ... |