您的位置:首页 > 运维架构 > Linux

linux mount an encrypted disk/diskimgfile

2013-03-27 16:31 465 查看


How
can I encrypt a device with loop-aes under Linux?

up
vote2down
votefavorite

1

Using Fedora/Ubuntu, how can I do it?

linux encryption
shareimprove
this question
asked May 29 '11 at 18:08





LanceBaynes

917325109

I believe dm-crypt/luks is the preferred method of block device encryption. It's more portable
across OSes, and a little easier to recover from lost metadata (since it stores the metadata with the partition). – Keith May
30 '11 at 6:21


1 Answer

activeoldestvotes

up
vote1down
voteaccepted
You need patched kernel, losetup and mount. The package is usually called util-linux, you can get the patches from here.
If you don't want to boot from a loop-aes device it's really simple:
# Write 65 lines of random data to keyfile.txt This will be used as a key for
# the data on the disk and your password will be as a key for this file.
# You will need this file and the password to access your data.
# Keep them safe.
gpg -c --cipher-algo aes256 --digest-algo sha512 < keyfile.txt > keyfile.gpg
rm keyfile.txt # Better if you never write this to disk in the first place.
losetup -e aes256 -H sha512 -K keyfile.gpg /dev/loopX /dev/sdXX
mke2fs -t ext4 /dev/loopX
mount /dev/loopX /mnt

# To mount it later
mount -o loop=/dev/loopX,encryption=aes256,hash=sha512,gpgkey=keyfile.gpg /dev/sdXX /mnt


If you want to encrypt the root partition then I recommend reading the extensive documentation.
Basically you will need to create an initramfs and store it on an unencrypted boot partition.

You can store the keyfile.gpg (and the boot partition if you decide to encrypt the root) on a removable USB device.

内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航