FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 12-08-2007, 06:30 AM
"Peter Kay"
 
Default FAQ about encrypting harddrive using key on USB key?

Hello everyone,

I'm trying to become a new debian user, and am still kinda fuzzy on
where the best place to go for FAQs and help are, so bear with me...

I'm trying to set up my laptop with debian on an encrypted / partition
(and I'll have encrypted swap, too). I would like the encryption key
to be stored on an encrypted USB drive that can boot enough of the
system to run debian. So I want to need 2 things to boot: the USB
stick (which will be bootable and take control from the OS) and a
passphrase to unencrypt the USB drive.

I had found a FAQ on how to do this a long time ago, but my desktop
died, so I lost the link. Searching recently, I found what seemed to be
an appropriate link to it (using google) on http://debianhelp.org/, but that
website seemed to be down, so I'm not sure where to go.

In the meantime, of course, the cat ate my power cable (again), so my
laptop is currently DOA and I lost my 1st attempt to post this, but once
I get a replacement adapter, I'd like to get debian up and running!

Does anyone know of a mirror to debianhelp.org, or what happened to it?

Is there a different FAQ I should be using?

Thanks all, and I hope to soon join you in debian-land.

--Peter


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-08-2007, 04:45 PM
Ron Johnson
 
Default FAQ about encrypting harddrive using key on USB key?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/08/07 01:30, Peter Kay wrote:
> Hello everyone,
>
> I'm trying to become a new debian user, and am still kinda fuzzy on
> where the best place to go for FAQs and help are, so bear with me...
>
> I'm trying to set up my laptop with debian on an encrypted / partition
> (and I'll have encrypted swap, too). I would like the encryption key
> to be stored on an encrypted USB drive that can boot enough of the
> system to run debian. So I want to need 2 things to boot: the USB
> stick (which will be bootable and take control from the OS) and a
> passphrase to unencrypt the USB drive.
>
> I had found a FAQ on how to do this a long time ago, but my desktop
> died, so I lost the link. Searching recently, I found what seemed to be
> an appropriate link to it (using google) on http://debianhelp.org/, but that
> website seemed to be down, so I'm not sure where to go.
>
> In the meantime, of course, the cat ate my power cable (again), so my
> laptop is currently DOA and I lost my 1st attempt to post this, but once
> I get a replacement adapter, I'd like to get debian up and running!
>
> Does anyone know of a mirror to debianhelp.org, or what happened to it?
>
> Is there a different FAQ I should be using?
>
> Thanks all, and I hope to soon join you in debian-land.

http://luks.endorphin.org/

Install cryptsetup and read /usr/share/doc/cryptsetup/CryptoRoot.HowTo.

Slightly OT, but do you *really* need /boot, /usr, /bin, etc, to be
encrypted?

ISTM that only /home, /tmp & swap files/partitions (and /var?) need
be partitioned. That way, you could still boot the machine and do
maintenance if you misplaced your dongle.

- --
Ron Johnson, Jr.
Jefferson LA USA

"Your mistletoe is no match for my TOW missile." Santa-bot
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHWtg0S9HxQb37XmcRAqQuAJ4pyHVoxZOsFuwjOwrF9/xYuFq2hgCgiU07
Npaiu9s9AenYIphLMjUyfZg=
=Ivaw
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-08-2007, 06:18 PM
"Peter Kay"
 
Default FAQ about encrypting harddrive using key on USB key?

On Dec 8, 2007 12:45 PM, Ron Johnson <ron.l.johnson@cox.net> wrote:
> > [ I want to encrypt laptop, with key on USB drive]
> > Is there a different FAQ I should be using?
> >
> > Thanks all, and I hope to soon join you in debian-land.
>
> http://luks.endorphin.org/
>
> Install cryptsetup and read /usr/share/doc/cryptsetup/CryptoRoot.HowTo.

Thanks, I'll check that out.

>
> Slightly OT, but do you *really* need /boot, /usr, /bin, etc, to be
> encrypted?
>
> ISTM that only /home, /tmp & swap files/partitions (and /var?) need
> be partitioned. That way, you could still boot the machine and do
> maintenance if you misplaced your dongle.

Of course, if I lose all copies of the dongle, being able to do maintenance
isn't terribly useful... Besides, the truly paranoid understand that someone
could slip a keylogger into /usr/bin/perl! Ideally,


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-08-2007, 06:25 PM
Ron Johnson
 
Default FAQ about encrypting harddrive using key on USB key?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/08/07 13:18, Peter Kay wrote:
> On Dec 8, 2007 12:45 PM, Ron Johnson <ron.l.johnson@cox.net> wrote:
>>> [ I want to encrypt laptop, with key on USB drive]
>>> Is there a different FAQ I should be using?
>>>
>>> Thanks all, and I hope to soon join you in debian-land.
>> http://luks.endorphin.org/
>>
>> Install cryptsetup and read /usr/share/doc/cryptsetup/CryptoRoot.HowTo.
>
> Thanks, I'll check that out.
>
>> Slightly OT, but do you *really* need /boot, /usr, /bin, etc, to be
>> encrypted?
>>
>> ISTM that only /home, /tmp & swap files/partitions (and /var?) need
>> be partitioned. That way, you could still boot the machine and do
>> maintenance if you misplaced your dongle.
>
> Of course, if I lose all copies of the dongle, being able to do maintenance
> isn't terribly useful... Besides, the truly paranoid understand that someone
> could slip a keylogger into /usr/bin/perl! Ideally,

If They have physical access to the machine, then They can install a
physical keylogger.

- --
Ron Johnson, Jr.
Jefferson LA USA

"Your mistletoe is no match for my TOW missile." Santa-bot
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHWu+yS9HxQb37XmcRAsThAKCiQiE0MTw5FI3Fg1tm/fOZ2sXKOwCZARun
gaQHMEk5iUAQhqFO164/Em8=
=HKfp
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-15-2007, 12:44 AM
"s. keeling"
 
Default FAQ about encrypting harddrive using key on USB key?

Ron Johnson <ron.l.johnson@cox.net>:
>
> On 12/08/07 01:30, Peter Kay wrote:
> >
> > I'm trying to set up my laptop with debian on an encrypted / partition
> > (and I'll have encrypted swap, too). I would like the encryption key
>
> http://luks.endorphin.org/
>
> Install cryptsetup and read /usr/share/doc/cryptsetup/CryptoRoot.HowTo.

Cool.

> Slightly OT, but do you *really* need /boot, /usr, /bin, etc, to be
> encrypted?

/boot is where grub/menu.lst is. Of course you know that it can
password protect itself. /usr contains /usr/local. /etc contains
both shadow and dhclient.conf, which contains the unique string my ISP
demands I hand to them when I connect.

If you're considering encrypting your hard drive, you're already
seriously security conscious (or paranoid), so extreme measures will
not appear expensive.

To the OP, grml.org has already done the Linux/Debian bit for you.
It's a Debian Sid downstream distro which specializes in this sort of
thing, slickly installing on usb keys, et al, with bleeding edge
software. I'd bet that'd be the quickest path.


--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
- - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 08:13 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org