linux encryption

1042 Words3 Pages

.: Contents :.

I. INTRO
- About

II. ENCRYPTING
- Containers
- Drives
- Files

APPENDIX

.: I. INTRO :.

[-=] About [=-]

This is a quick rundown on how to encrypt files, containers, and drives under
Linux. The use of loopback encrypted filesystems and openssl is explained and examples are given. This paper should have you encrypting in no time. The following commands were done running kernel 2.6.9.

.: ENCRYPTING :.

I'll outline how to create encrypted containers and drives using the loopback filesystem support and file encryption via openssl.

[-=] Containers [=-]

This is essentially creating a filesystem within a file and mounting it as a device. Containers vastly decrease the tedious task of individually encrypting files since you simply move your files into the mount point and then unmount and they nicely encrypted.

First, you need to create a blank file using the dd command.

dd if=/dev/urandom of=crypto.img bs=1M count=50

- The first parameter uses the /dev/urandom device to create the file with random data to make it more difficult to distinguish between free space and encrypted data. The /dev/zero device can be used but is not advised.

- The second parameter of=crypto.img defines the name to be given to the file and this can be changed to suit your preference.

- The third parameter bs=1M instructs the dd command to create the file in
1MB blocks. I recommend you leave this value as 1M

- The final parameter defines the size of the file in relation to the bs parameter. Since bs=1M and count=50 the file will be 50MB hence changing the count value to 100 would yield a 100MB file and so on. It is worth mentioning that the file can be resized once created this will be explained in the appendix.

Second, the file must be associated to a loop device and encrypted.

losetup -e aes256 /dev/loop0 crypto.img

- The parameter -e aes256 at the beginning instructs losetup on which cipher to use. The cipher type is dependent on what your kernel supports.
In this example the AES 256 bit cipher is used but you can use other cipher types such as blowfish interchangeably.

- The second parameter /dev/loop0 is the device to which we bind the file too. Binding the file will allow us to format the file with filesystem.

- The final pa...

... middle of paper ...

...utputs at password.txt.enc. (This is a rather redundant explanation but oh well)

Now to decrypt a file.

openssl enc -d -aes-256-cbc -in password.txt.enc -out password.txt

- The enc -d -aes-256-cbc part of the command specifies which cipher to use for decryption.

- The -in password.txt parameter specifies which file to decrypt.

- The final parameter instructs openssl to output the decryption into a file. This parameter can omitted and the file will be decrypted to stdout. .: APPENDIX :.

[-=] Resizing containers [=-]

If you formatted your container with the ext2 filesystem you can resize it with the ext2resize app.

First, increase the size of the container. In this example the file acting as the encrypted container is called crypto.img and its size is incremented by
20MB.

dd if=/dev/urandom bs=1M count=20 >> crypto.img

- The of= parameter is omitted and instead >> is used at the end of the command to append 20MB to the crypto.img file.

Second, bind the file to a loop device.

losetup -e aes256 /dev/loop0 crypto.img

Third, extend the ext2 filesystem within the container.

ext2resize /dev/loop0

That is all thats needed to resize your encrypted container.

Open Document