Main Menu
My Stuff
| Partition/Image encryption with DM-Crypt-LUKS |
 |
 |
 |
Page 1 of 2  Encrypting your file system or some part of it can be a nice thing, especially on laptops. This small howto describes the few steps you have to make to encrypt your "home" partition on a Gentoo Linux. There are several methods and implementation for encryption, look here for details:
Kernel and modulesFirst of all, if you don't have the necessary modules in your kernel, please use one of the above guides. If your kernel is as it should be, then load necessary modules (if not build in kernel). The modules you should load depends on the algorithm you want to use for encryption!# modprobe dm-crypt # required # modprobe dm-mod # required # modprobe aes Necessary toolsMake sure you have emerged:# emerge sys-fs/cryptsetup-luks sys-auth/pam_mount Encrypting SWAPThe first thing you can try to encypt is the swap partition. You don’t want stuff that has been swapped from your soon encrypted home partition to be readable. With the new baselayout, it is extremely easy:File: /etc/conf.d/cryptfs ## swap # Swap partitions. These should come first so that no keys make their # way into unencrypted swap. # If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom # If no makefs is given then mkswap will be assumed swap=crypt-swap source='/dev/sda2' File: /etc/fstab . . /dev/mapper/crypt-swap none swap sw 0 0 . That’s it. In short, this uses a random passphrase to encrypt your swap. The encrypted swap partition resides in the logical device /dev/mapper/crypt-swap. After shutdown, the partition is fully encrypted and the passphrase lost - the system will create a new one on each startup. Now reboot to make the system use the encrypted swap partition. # ls -1 /dev/mapper/ control crypt-swap NB. The swap partition is encrypted with a random password, suspend2 users wil not be able to use the swap partiotion (suspend2disk).
|
Who's Online
We have 3 guests onlineShare this!
