Kernel Setup:
Device Drivers > Multi-device support (RAID and LVM) > Device Mapper Support (dm-mod)
Device Drivers > Multi-device support (RAID and LVM) > Crypt Target Support (dm-crypt)
Cryptographic Options > (Select cyphers .. ex. aes, twofish)
Userspace tools needed:
cryptsetup.sh
libdevmapper
cryptsetup.sh Syntax:
Syntax: cryptsetup [<OPTIONS>] <action> <name> [<device>]
<OPTIONS>:
-c <cipher> (see /proc/crypto)
-h {plain/<hash>} (see hashalot)
-y (verifies the passphrase by asking for it twice)
-d <file> (read key from file
e.g. /dev/urandom; useful for swap devices.
If set, the parameters -h and -y will be ignored)
-s <keysize> (in bits) (WARNING: in bytes for cryptsetup.sh)
-b <size> (in sectors)
-o <offset> (in sectors)
-p <skipped> (in sectors)
<action> is one of:
create - create device
remove - remove device
reload - modify active device
resize - resize active device
status - show device status
<name> is the device to create under /dev/mapper/
<device> is the encrypted device
Create crypto physical device (sized by existing partition):
cryptsetup.sh -c aes -h plain -y -b `blockdev --getsize \
/dev/hdb2` create cryptvol1 /dev/hdb2
Copy over data:
dd if=/dev/hdb2 of=/dev/mapper/cryptvol1 bs=4k
http://www.linux.com/article.pl?sid=04/06/07/2036205
http://www.saout.de/misc/dm-crypt/
No comments:
Post a Comment