Reference: |
Linux /
Dm-crypt
Device-Drivers/Multi-Device Support(RAID and LVM)/Device mapper support and Crypt target support
Device-Drivers/Block-devices/Loopback device support
Cryptographic options/AES cipher algorithm
dmsetup and cryptsetup
maybe: libgcrypt7-dev libdevmapper and hashalot
modprobe aes-x86_64 (or aes_i56 for other cpu type) modprobe dm_mod modprobe dm_crypt You can do this automatically in /etc/rc.local during boot-up. Test if AES module is running: cat /proc/crypto Test if dm_crypt is running: dmsetup targets crypt v1.5.0
With program cryptsetup you can create, remove, resize a device. To cipher /dev/sdc2 with 256-bit-aes use (be aware that all data on this partition will be lost): cryptsetup create mysecuredata /dev/sdc2 Afterwards you find the virtual device /dev/mapper/mysecuredata and you can format it with ext2: mkfs.ext2 /dev/mapper/mysecuredata mount /dev/mapper/mysecuredata /mnt/mysecuredata To deactivate the device: umount /mnt/mysecuredata cryptsetup remove mysecuredata To reactivate the device: cryptsetup create mysecuredata /dev/sdc2 mount /dev/mapper/mysecuredata /mnt/mysecuredata With dm-crypt you can also cipher a container or a swap-device. Container: dd if=/dev/urandom of=container bs=1024k count=10 losetup /dev/loop4 container cryptsetup -y create container /dev/loop4 mkfs.ext2 /dev/mapper/container mount /dev/mapper/container /mnt/container ... umount ... cryptsetup remove container losetup -d /dev/loop4 SWAP-device: vim /etc/init.d/mountall.sh
replace swapon -a 2 /dev/null with
cryptsetup -c blowfish -s 64 -d /dev/urandom create swap0 /dev/hda4
mkswap /dev/mapper/swap0
swapon /dev/mapper/swap0
After next boot test the loop device with: ls -lA /dev/mapper | grep swap0 and if swap device is being used: cat /proc/swaps /dev/mapper/swap0 ... |