|
Crypto partition on Fedora Core 3
Introduction
Here are some notes on how to get a crypto partition running under Fedora Core 3. We are going so use dm-crypt (device mapper crypto support) which is part of Fedora Core. There is no need for any third-party repository to get the software. I will assume that /dev/sda1 is the partition you want to crypt. Execute the following as root.
Cleaning up
Before you start you have to cleanup the hard drive to give the least amount of information to a potential attacker. You can do this with two methods:
- You can write random data to the target partition. Do this with dd if=/dev/urandom of=/dev/sda1. Do NOT use /dev/random or you will suck down entropy resources. This approach is safe but pretty slow. I got about 2 MB/sec.
- Another approach is to create a junk crypto partition, fill it up and then create the real crypto partition. For this create a crypto partition with dd if=/dev/random bs=1 count=100 | tr -d '[\000\012]' | dd bs=1 count=64 | openssl aes-256-cbc | cryptsetup -c aes-cbc-essiv:sha256 create data /dev/sda1 and then fill up that partition with dd if=/dev/zero of=/dev/mapper/data. This will also take some time. I got about 10 MB/sec with this approach. Afterwards remove the crypto partition with cryptsetup remove data
Creating the crypto partition
I will assume for now that you want to type in a passphrase and do not want to have a keyfile. Then execute:
cryptsetup -c aes-cbc-essiv:sha256 create data /dev/sda1
and type in your passphrase. Now create a filesystem on the crypto partiotion. For ext3 do mkfs.ext3 /dev/mapper/data. Now you can mount the crypto partition with mount /dev/mapper/data /mnt/data (or whatever). Remove the crypto drive after usage with cryptsetup remove data (after unmounting it of course).
|
|
