Results 1 to 3 of 3
I try to make a 'Secure' Data Container without having to install Extra Kernel Modules.. but I have some problems. (I do this since I run OpenVZ and Thus I ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 01-10-2008 #1
Secure Datacontainer (I hope, Coding Flaw somewere)
I try to make a 'Secure' Data Container without having to install Extra Kernel Modules..
but I have some problems. (I do this since I run OpenVZ and Thus I cant run Truecrypt or something like that)
Can someone Correct me were I am wrong?
I can Make a Device doing:
dd if=/dev/zero of=/home/user/storage bs=$1 seek=2047 count=1 mkfs.ext2 /home/user/storage aescrypt /home/user/storage $2
aescrypt is a Small program I wrote that encrypts a file using the AES Algorytmn and replaces it with the original file.
Then I can Mount Device doing:
aescrypt -u /home/user/storage $1 mount /home/user/storage /dev/loop2 mkdir /home/user/storage mount -o bind /dev/loop2 /home/user/storage
the -u makes it to decrypt instead of encrypt.
Now I can just save all my data that I want to be Secure in the /home/user/storage folder (Don't confuse me with the /home/user/storage file they are Different)
Then I can UnMount the Device doing
umount /home/user/storage rm -r /home/user/storage umount /dev/loop2 aescrypt /home/user/storage $1
Making the Files Unreadable again right?
I hope I am right but I have a problem at the Beginning already.
I cant mount my Device to /dev/loop
Since I get:
Application_Server _sxb # mount secure /dev/loop2 mount: unknown filesystem type 'ext2'
Oh and if I do it with ext3 I get:
Application_Server _sxb # mount secure /dev/loop2 mount: secure is not a block device (maybe try `-o loop'?) Application_Server _sxb # mount secure -o /dev/loop2 mount: can't find /home/_sxb/secure in /etc/fstab or /etc/mtab Application_Server _sxb # mount -o loop secure /dev/loop2 mount: Could not find any loop device. Maybe this kernel does not know about the loop device? (If so, recompile or `modprobe loop'.) Application_Server _sxb # modprobe loop FATAL: Could not load /lib/modules/2.6.18-1-openvz/modules.dep: No such file or directory
- 01-10-2008 #2
- Join Date
- Nov 2007
I don't know how your aescrypt script is written, so I can't speak to that...
I use the LUKS-extended dm-crypt/cryptsetup that is available in any newer kernel: LUKS
For example, SuSE 10.3 by default includes the latest 1.0.5 version of cryptsetup-luks.
Without having to write any custom cipher, you can:
1. Use dd to create your volume/file.
2. Format the device as an encrypted volume and set the passphrase:
cryptsetup-luks -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /path/to/file
cryptsetup-luks luksOpen /path/to/file enc-volume
mount /dev/mapper/enc-volume /mnt/name
cryptsetup-luks luksOpen /path/to/file enc-volume mount /dev/mapper/enc-volume /mnt/name
* Note that some distro's (like SuSE) have integrated the LUKS extension directly into cryptsetup, so the binary is just "cryptsetup" and a separate "cryptsetup-luks" is not needed.
- 01-10-2008 #3
- Join Date
- Apr 2004
The file you have created is not a block device so can't normally be used as such. The loop module lets you use a file as a block device. Way back when this was new you had to use losetup to configure the file-to-block-device bit and then use mount separately to mount the loop device to a mount point. Since you are experimenting in this regard, it may be useful for you to google losetup and try it out so you know the full workflow.
In the meantime, loopback devices became more common and the mount command was extended to support them more easily.
mount -o loop /home/user/storage <mount point>
Let us know how you get on,
Chris...To be good, you must first be bad. "Newbie" is a rank, not a slight.