Encrypted files and disk partitions


+--------------------------------------
| Idea

	"They that can give up essential liberty
	to obtain a little temporary safety deserve
	neither liberty nor safety."
			     -- B. Franklin, 1759


	And to protect your liberty try following...



  ----- How to create and use encrypted file -----


+------------------------------------------------------
| Source

	For more informations look at: Cryptoloop-HOWTO


+--------------------------------------
| How to


1. create a file intended to encrypt

	dd if=/dev/urandom of=./encrypted.aes bs=1k count=100000

2. load required modules

	/sbin/modprobe cryptoloop
	/sbin/modprobe aes

	( Use "cat /proc/crypto" to find which crypto modules are ready to use.
	  For permanent use put modprobe commands into /etc/rc.local )

3. set the loop device up

	/sbin/losetup -e aes /dev/loop0 /data/encrypted.aes

	( The command prompts for a password. )

4. create file system in the encrypted file

	/sbin/mkfs.ext3 /dev/loop0

5. mount the encrypted file

	mkdir /mnt/crypto
	mount -t ext3 /dev/loop0 /mnt/crypto/

6. unmount and detach the loop device

	umount /mnt/crypto/
	/sbin/losetup -d /dev/loop0


X. common using

	mount ./encrypted.aes /mnt/crypto/ -oencryption=aes

	( The command prompts for a password. )

	...

	umount /mnt/crypto/





  ----- How to create encrypted disk partition -----


+------------------------------------------------------
| Sources and inspirations

	dm-crypt
	LUKS
	Root.Cz
	Security-portal.Cz


+--------------------------------------
| How to


Partition to encrypt (for example): /dev/sdc1

1. check the partition and wipe it with random data

	badblocks -c 10240 -s -w -t random -v /dev/sdc1

  or ( better but very slow wiping )

	dd if=/dev/urandom of=/dev/sdc1

2. load required modules (if not loaded automatically)

	/sbin/modprobe dm-crypt aes-[platform] sha256 lrw xts

	( aes-[platform] - for example aes-i586 )

3. encrypt the partition

	cryptsetup -c aes-xts-plain -s 512 -y luksFormat /dev/sdc1

	( -c aes-xts-plain -s 512 ... optimal
	  -c aes-lrw-benbi -s 384 ... kernel older than 2.6.24
	  -c aes-cbc-essiv:sha256 -s 256 ... kernel older than 2.6.20 )

	( The command prompts for a password. )
	  
4. map the partition to /dev/mapper/encrypted

	cryptsetup luksOpen /dev/sdc1 encrypted

	( The command prompts for a password. )

5. build ext3 filesystem on the encrypted partition

	mkfs.ext3 /dev/mapper/encrypted

    or

	mkfs.ext3 -L __disk-label__ /dev/mapper/encrypted

6. mount the partition

	mkdir /mnt/encrypted
	mount /dev/mapper/encrypted /mnt/encrypted

6. unmount and cancel the luks mapper

	umount /dev/mapper/encrypted
	cryptsetup luksClose encrypted


X1. common using

	cryptsetup luksOpen /dev/sdc1 encrypted

	( The command prompts for a password. )

	mount /dev/mapper/encrypted /mnt/encrypted

	...

	umount /dev/mapper/encrypted
	cryptsetup luksClose encrypted

    or

	External encrypted disks can be mounted automatically in modern GNU/Linux distributions.

	( After attaching the disk system prompts for a password. )


X2. encrypted filesystem checking

	cryptsetup luksOpen /dev/sdc1 encrypted

	( The command prompts for a password. )

	e2fsck /dev/mapper/encrypted

	cryptsetup luksClose encrypted


Enjoy:-)