FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 09-04-2008, 05:25 PM
Alexander Golovin
 
Default encrypted partition question

I was trying to encrypt my ext3 partition /dev/hda6, that's what I did:

1. I've added modules: aes, dm_mod, dm_crypt, to /etc/modules
2. Created the cryptographic device mapper: cryptsetup -y create crypt /dev/hda6 (entered passphrase twice)
3. Changed this options:
echo "crypt /dev/hda6" >> /etc/crypttab; echo "/dev/mapper/crypt /mnt/crypt ext3 defaults 0 1" >> /etc/fstab
4. Created mount directory; mkdir /mnt/crypt
5. Created a filesystem on the mapped device: mkfs.ext3 /dev/mapper/crypt

So, when I've tryied to mount /mnt/crypto It was mounted without passphrase question, but it was mounted.
But , after reboot I've tried to mount my partition, and that what I have now:
# mount /mnt/crypt/
mount: special device /dev/mapper/crypt does not exist

And I don't have a crypt file in /dev/mapper/ directory.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 09-04-2008, 05:48 PM
Andrea Bicciolo
 
Default encrypted partition question

Alexander,

a far as I know the mapping should be recreated each time you reboot
using /sbin/cryptsetup. We are using luks extension and at each reboot
we need to issue cryptsetup luksOpen </dev/name> <mappername>.


Then we can mount /dev/mapper/mappername.

Hope this help,
Andrea

Alexander Golovin ha scritto:

I was trying to encrypt my ext3 partition /dev/hda6, that's what I did:

1. I've added modules: aes, dm_mod, dm_crypt, to /etc/modules
2. Created the cryptographic device mapper: cryptsetup -y create crypt /dev/hda6 (entered passphrase twice)
3. Changed this options:
echo "crypt /dev/hda6" >> /etc/crypttab; echo "/dev/mapper/crypt /mnt/crypt ext3 defaults 0 1" >> /etc/fstab

4. Created mount directory; mkdir /mnt/crypt
5. Created a filesystem on the mapped device: mkfs.ext3 /dev/mapper/crypt

So, when I've tryied to mount /mnt/crypto It was mounted without passphrase question, but it was mounted.
But , after reboot I've tried to mount my partition, and that what I have now:

# mount /mnt/crypt/
mount: special device /dev/mapper/crypt does not exist

And I don't have a crypt file in /dev/mapper/ directory.




--
Andrea Bicciolo
a.bicciolo@mtouch.it
----------------------------------------------------------
MediaTouch 2000 Srl
Digital media per la comunicazione e la formazione
Official Moodle Partner for Italy
Company site: http://www.mediatouch.it
Moodle services site: http://mediatouch.moodle.com
-----------------------------------------------------------
V.Michele di Lando,10 - 00162 Roma - Italy
Tel.+39.6.9028.6188 - Fax +39.6.6227.7062 - voip 6898531160
-----------------------------------------------------------


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 09-04-2008, 05:50 PM
"Cassiano Leal"
 
Default encrypted partition question

On Thu, Sep 4, 2008 at 2:25 PM, Alexander Golovin <alex.golovin@mail.ru> wrote:



*I was trying to encrypt my ext3 partition /dev/hda6, that's what I did:



1. I've added modules: aes, dm_mod, dm_crypt, to /etc/modules

2. Created the cryptographic device mapper: cryptsetup -y create crypt /dev/hda6 (entered passphrase twice)

3. Changed this options:

echo "crypt /dev/hda6" >> /etc/crypttab; echo "/dev/mapper/crypt /mnt/crypt ext3 defaults 0 1" >> /etc/fstab
try putting

crypt /dev/hda6 none luks

in /etc/crypttab

*

4. Created mount directory; mkdir /mnt/crypt

5. Created a filesystem on the mapped device: mkfs.ext3 /dev/mapper/crypt



*So, when I've tryied to mount /mnt/crypto It was mounted without passphrase question, but it was mounted.

But , after reboot I've tried to mount my partition, and that what I have now:

# mount /mnt/crypt/

mount: special device /dev/mapper/crypt does not exist



And I don't have a crypt file in /dev/mapper/ directory.


Hope it helps.

Cheers,
Cassiano Leal
 
Old 09-04-2008, 06:03 PM
Maciej Korzeń
 
Default encrypted partition question

Alexander Golovin wrote:

[...]
2. Created the cryptographic device mapper: cryptsetup -y create crypt /dev/hda6 (entered passphrase twice)
[...]


cryptoloop is not the best choice:
http://mareichelt.de/pub/texts.cryptoloop.php.
:-)

--
Maciej Korzeń
maciek@korzen.org, mkorzen@gmail.com




--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 09-04-2008, 06:26 PM
"Cassiano Leal"
 
Default encrypted partition question

On Thu, Sep 4, 2008 at 2:48 PM, Andrea Bicciolo <a.bicciolo@mtouch.it> wrote:

Alexander,



a far as I know the mapping should be recreated each time you reboot using /sbin/cryptsetup. We are using luks extension and at each reboot we need to issue cryptsetup luksOpen </dev/name> <mappername>.

/etc/crypttab should make the use of this command unecessary. The passphrase will then be asked at boot time.

Cheers,
Cassiano Leal

P.S.: Please, do not top post on the list. tx
*




Then we can mount /dev/mapper/mappername.



Hope this help,

Andrea



Alexander Golovin ha scritto:


*I was trying to encrypt my ext3 partition /dev/hda6, that's what I did:



1. I've added modules: aes, dm_mod, dm_crypt, to /etc/modules

2. Created the cryptographic device mapper: cryptsetup -y create crypt /dev/hda6 (entered passphrase twice)

3. Changed this options: echo "crypt /dev/hda6" >> /etc/crypttab; echo "/dev/mapper/crypt /mnt/crypt ext3 defaults 0 1" >> /etc/fstab

4. Created mount directory; mkdir /mnt/crypt

5. Created a filesystem on the mapped device: mkfs.ext3 /dev/mapper/crypt

*So, when I've tryied to mount /mnt/crypto It was mounted without passphrase question, but it was mounted. But , after reboot I've tried to mount my partition, and that what I have now:

# mount /mnt/crypt/

mount: special device /dev/mapper/crypt does not exist



And I don't have a crypt file in /dev/mapper/ directory.








--

Andrea Bicciolo

a.bicciolo@mtouch.it

----------------------------------------------------------

MediaTouch 2000 Srl

Digital media per la comunicazione e la formazione

Official Moodle Partner for Italy

Company site: http://www.mediatouch.it

Moodle services site: http://mediatouch.moodle.com

-----------------------------------------------------------

V.Michele di Lando,10 - 00162 Roma - Italy

Tel.+39.6.9028.6188 - Fax +39.6.6227.7062 - voip 6898531160

-----------------------------------------------------------





--

To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 09-04-2008, 08:22 PM
Alex Samad
 
Default encrypted partition question

On Thu, Sep 04, 2008 at 08:03:48PM +0200, Maciej Korzeń wrote:
> Alexander Golovin wrote:
>> [...]
>> 2. Created the cryptographic device mapper: cryptsetup -y create crypt /dev/hda6 (entered passphrase twice)
>> [...]
>
> cryptoloop is not the best choice:
> http://mareichelt.de/pub/texts.cryptoloop.php.
> :-)

it seems that was true for pre 2.6.10. not saying dm-crypt is better
than loop-aes, not sure what the status is now



>
> --
> Maciej Korzeń
> maciek@korzen.org, mkorzen@gmail.com
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

--
It's very glamorous to raise millions of dollars, until it's time for the
venture capitalist to suck your eyeballs out.
-- Peter Kennedy, chairman of Kraft & Kennedy.
 
Old 09-04-2008, 08:23 PM
Alexander Golovin
 
Default encrypted partition question

Hi Cassiano!

You've written:
"a far as I know the mapping should be recreated each time you reboot
using /sbin/cryptsetup. We are using luks extension and at each reboot
we need to issue cryptsetup luksOpen </dev/name> <mappername>.
/etc/crypttab should make the use of this command unecessary. The
passphrase will then be asked at boot time."

Can you describe how to we need do that?



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 09-04-2008, 08:48 PM
"Cassiano Leal"
 
Default encrypted partition question

On Thu, Sep 4, 2008 at 5:23 PM, Alexander Golovin <alex.golovin@mail.ru> wrote:



*Hi Cassiano!
Hi!
*
You've written:

"a far as I know the mapping should be recreated each time you reboot

using /sbin/cryptsetup. We are using luks extension and at each reboot

we need to issue cryptsetup luksOpen </dev/name> <mappername>.


The text above was actually from
Andrea Bicciolo, to which I replied:*



/etc/crypttab should make the use of this command unecessary. The

passphrase will then be asked at boot time."

*Can you describe how to we need do that?
To me it seems that what you've described in your first e-mail is pretty much ok.

The problem you're facing is that the encrypted volume is not being de-crypted and this is the reason why the device (the actual partition inside the encrypted vol) is not being mapped into /dev/mapper.


In step 3 (from your original e-mail) you are inserting only two fields into /etc/crypttab, but this file mandates four fields: target, source device, key file and options.

- Target is the device that will be created in /dev/mapper (in your example, "crypt" without the quotes);

- Source device is the actual device or partition (/dev/hda6) that's encrypted
- Key file is where the system will read the key to de-crypt the volume. If set to "none", you will be asked for a passphrase, which I assume is your case

- Options can be many things. For LUKS, just put "luks". For more options, refer to "man /etc/crypttab"

My guess is that if you correct your step 3 to include all four fields in /etc/crypttab you will be automatically asked for the passphrase next time you boot the machine, so edit the file and substitute:


crypt /dev/hda6

for

crypt /dev/hda6 none luks

Save the file and reboot. If it does not work, post back your experience.

My experience with manually encrypted partitions is somewhat limited, but overall it should work as I described.


Cheers,
Cassiano Leal
 
Old 09-04-2008, 11:20 PM
Alexander Golovin
 
Default encrypted partition question

I've used cryptsetup with luks options, saved new data, rebooted my
system, asked about passphrase in the boot level, and now I have mounted
my crypto partition with saved data.

That's what I did step by step:

1. I've added modules: aes, dm_mod, dm_crypt, to /etc/modules
2. Created the cryptographic device mapper: cryptsetup -y luksFormat /dev/hda6
2. Opened LUKS device as mapping <name>: cryptsetup luksOpen /dev/hda6 crypt
3. Created ext3 file system on device mapper: mkfs.ext3 /dev/mapper/crypt
4. Added "crypt /dev/hda6 none luks" to /etc/crypttab
5. Added "/dev/mapper/crypt /mnt/crypt ext3 defaults 0 0" to /etc/fstab and created /mnt/crypt mount directory
6. Removed LUKS mapping: cryptsetup luksClose crypt

Thanks everybody for the help, and great respect.








--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 09-06-2008, 11:28 AM
Daniel Dickinson
 
Default encrypted partition question

On Thu, 4 Sep 2008 17:48:34 -0300
"Cassiano Leal" <cassianoleal@gmail.com> wrote:

> options, refer to "man /etc/crypttab"
>
> My guess is that if you correct your step 3 to include all four
> fields in /etc/crypttab you will be automatically asked for the
> passphrase next time you boot the machine, so edit the file and
> substitute:
>
> crypt /dev/hda6
>
> for
>
> crypt /dev/hda6 none luks

You may also need to 'update-initramfs -u'

--
And that's my crabbing done for the day. Got it out of the way early,
now I have the rest of the afternoon to sniff fragrant tea-roses or
strangle cute bunnies or something. -- Michael Devore
GnuPG Key Fingerprint 86 F5 81 A5 D4 2E 1F 1C http://gnupg.org
The C Shore: http://www.wightman.ca/~cshore
 

Thread Tools




All times are GMT. The time now is 01:37 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org