Crypt your partition with dm_crypt - /usr/portage βeta

Crypt your partition with dm_crypt 3

dm_crypt is the modern replacement for the cryptoloop-stuff. I’d used such a cryptoloop-partition since may but I’m not pleased with the latency and scaling. It is quite too slow. So I tried dm_crypt and now I’m suprised. It feels really faster and is nicer to use (it is handled just like an LVM2-device).

Setup using Gentoo:
PLEASE read any other manual to understand what you’re doing, because otherwise you will surely destroy your data. I’m not responsible, if you make crap!

Install the packages we need:
emerge lvm2 cryptsetup
Select the partitions for LVM:
pvcreate /dev/hda1 /dev/hdb2
Create a volume group (vg_name is free to choose):
vgcreate vg_name /dev/hda1 /dev/hdb2
Create a logical volume (home is a name and free to choose):
lvcreate -n home -L 10GB vg_name
Create a random 32 char long key:
head -c 50 /dev/urandom | uuencode –base64 /dev/stdin | grep -v 'begin' | head -c 32 > /root/crypto/home.key
Encrypt with GnuPG:
gpg –symmetric /root/crypto/home.key
Secure remove the unencrypted key:
shred –remove /root/crypto/home.key
Setup your dm_crypt partition:
gpg –quiet -d /root/crypto/home.key.gpg | cryptsetup -c aes -s 256 -h plain create home /dev/vg_name/home
Create a filesystem (recommended in every case: xfs)
mkfs.xfs /dev/mapper/home
Mount your dm_crypt-partition
mount /dev/mapper/home /home

A small dirty-hack init-script for Gentoo:
depend() { after * }



	start() {
        einfo “Initializing dm_crypted Partition”
        gpg  –quiet -d /root/crypto/home.key.gpg |
                cryptsetup -c aes -s 256 -h plain create home /dev/vg/home”
        eend $?
        einfo “Mounting dm_crypted Partition”
        mount /home
        eend $?

}

stop() { einfo “Umounting dm_crypted Partition” umount /home eend $? einfo “Removing dm_crypted Partition” /bin/cryptsetup remove home eend $? }

Filed under Gentoo, Linux, Security & three comments & three trackbacks

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Andreas replys:
published on September 25^th 2004, 06:42:53 pm
Hi,
thanks for this tutorial. But how did you get your startup script to work?
When i try the same script, gpg complains about /dev/tty not beeing available :-/

cheers,
Andreas

Reply
mastaYoda responses:
published on September 26^th 2004, 06:11:14 pm
The Problem is, that Gentoo supports parallel boot. So you have to configure Gentoo to boot not parallel to make this working. Or: login as root, every time you boot (thats my hotfix until now)

Reply
Lars Strojny returns:
published on June 4^th 2005, 01:29:38 pm
The init-script hack isn’t needed anymore. Something comprehensable is now in ~arch baselayout.

Reply

/usr/portage

Crypt your partition with dm_crypt 3

Trackbacks

Comments

Andreas replys:

mastaYoda responses:

Lars Strojny returns:

Add a Comment & let me know what you think