iB::Topic::Using loop-aes on DSL

	Damn Small Linux :: Damn Small Linux Board The DSL Forums

» Welcome Guest
[ Log In :: Register ]

Damn Small Linux Board » Damn Small Linux » Other Help Topics » Using loop-aes on DSL

		Mini-ITX Boards Sale, Fanless BareBones Mini-ITX, Bootable 1G DSL USBs, 533MHz Fanless PC <-- SALE $200 each!
		Get The Official Damn Small Linux Book. DSL Market , Great VPS hosting provided by Tektonic

[ Track this topic :: Email this topic :: Print this topic ]

Topic: Using loop-aes on DSL, Partition encryption

< Next Oldest | Next Newest >

WoofyDugfock Offline

Group: Members
Posts: 146
Joined: Sep. 2004

Posted: Nov. 10 2004,08:24

Loop-aes 1.6i-1 is included in DSL.
Does anyone have any experience creating an encrypted partition (or just directory) with this on DSL?

I've found it's very easy within DSL to mount an encrypted directory (.img) on removable media that has already been created (by a later version of loop-aes) using Knoppix-MiB's wizard - but that is rather inflexible.

Creating an AES256-encrypted partition within DSL from scratch is proving a bit beyond me.
I've looked at the lengthy:
http://www.ibiblio.org/pub....TO.html

and also the loop-aes README file referred to on that page (which is written for versions 2.0+ not 1.6).

For example: the "tail" command is not recognised by my bash shell, although "head" seems to be.
So I can't create the initial keys in the first place as instructed by the README.

I've also looked at the heavyweight http://mail.nl.linux.org/linux-crypto/
but that doesn't have a search function and is not targeted at newbies anyway.

--------------
"We don't need no stinkin' Windows"

http://news.zdnet.co.uk/software/linuxunix/0,39020390,39149796,00.htm

clacker

Group: Members
Posts: 570
Joined: June 2004

Posted: Nov. 10 2004,23:24

Woffy, it is pretty confusing, but do-able in dsl.

The head and tail commands both exist in the main distribution on the liveCD (0.8.3) . Are you sure it wasn't uuencode command that was causing the error? I had to install the shareutils package from debian to get that to work.

This isn't the most secure of examples, since it doesn't encrypt the swap space or anything like that, but here is a simple example of encypting a floppy with dsl:

Code Sample

sudo su
shred -n 1 -v /dev/fd0
losetup -e aes256 -S "damnsmalllinux" /dev/loop1 /dev/fd0
# password: onetwothreeonetwothree
mke2fs -j /dev/loop1
mkdir /mnt/efs
mount /dev/loop1 /mnt/efs

shred scrambles (and destroys) all data on the floppy so you don't want any files on it when you start. now put what you want into /mnt/efs. When you're done unmount /mnt/efs and type losetup -d /dev/loop1. When you start over again, to access that disk do:

Quote

sudo su
losetup -e aes256 -S "damnsmall" /dev/loop1 /dev/fd0
# password: onetwothreeonetwothree
mkdir /mnt/efs
mount /dev/loop1 /mnt/efs

and you can see your files again. There are so many week points to what I just posted, but I'm hoping that it gives you a place to start given that you've used it before elsewhere. Naturally, you would want a different phrase after the -S that "damnsmall" since we all know that now. You do need a minimum 20 charecter password, preferably not onetwothreeonetwothree. That's what the following line spits out (but you need uuencode from the shareutils deb)

head -c 45 /dev/random | uuencode -m - | head -2 | tail -1

I had trouble making key files and reading them into losetup. Do you know how to do that?

WoofyDugfock Offline

Group: Members
Posts: 146
Joined: Sep. 2004

Posted: Nov. 11 2004,08:43

Thanks mucho Clacker. There have been a few posts by others requesting info on encryption within dsl but no responses, probably because these were vague.

Yes I don't have the shareutils deb installed so that's it - no uuencode! (I have gnu-utils.dsl so I assumed it'd be in there).

I'll try your suggestion above and post later.

Detailed instructions for creating keys etc are in the links in my first post - you need GnuPG of course. Not all of the examples supplied are intended for v < 2.0. Apparently the main difference between versions < 2.0 and 2.0+ is losetup/mount support for loop in multi-key mode. The README cautions against trying to use multi-key gpg keyfiles with old single-key aware losetup/mount. Hence DSL's v1.6i-1 is not suitable for multi-keys and could create problems if used on an encrypted partition created with multi-keys.

It's very surprising to me that there appears to be no easy front-end GUI around for loop-aes, other than KnoppixMiB's built-in one, which is powerful but limited in some ways. For example, it will encrypt the entire home directory and put it in an .img file, which is useful, and mount this at boot time with the correct passphrase. But it will only use ext2 on the mounted .img (no choice of eg FAT32 offered). Now, loop-aes is compatible with CrossCrypt in Windows, so if desired the .img can be mounted under Windows, which seems a useful feature. But the CrossCrypt GUI does not recognise ext2 and wants to reformat the mounted image ie wipe the lot, which seems something of an oversight! (CrossCrypt's filedisk.exe commandline might have more options here, I dunno).

Just a few thoughts ...

--------------
"We don't need no stinkin' Windows"

http://news.zdnet.co.uk/software/linuxunix/0,39020390,39149796,00.htm

2 replies since Nov. 10 2004,08:24

< Next Oldest | Next Newest >

[ Track this topic :: Email this topic :: Print this topic ]

Damn Small Linux Board » Damn Small Linux » Other Help Topics » Using loop-aes on DSL