Hard drive encryption [solved]

[malfist]

I want to play around with some security tools, one of my friends sparked an interest in me for harddrive encryption/email encryption/25 char long passwords and I haven't had any luck to find a program for linux to encrypt the harddrive/partitions/file containers. I found truecrypt outside of the repos on sourceforge but it needed the kernal source but I've already installed it. Are there any good ones in the repos that I missed?

 

 

[moved from Software by spinynorman]

[orts]

I'm not quit sure how to make encryption on a folder, but in my repos I can se "bcrypt" and "mcrypt"

 

Regarding harddrive encryption, then open MCC (ALT + F2 typr mcc) type your root password when promt.

Go to Mount Points open Create, Delete and resize harddisk partitions, click on the partition you want to encrypt, and unmount it.

Still marked you click on Toogle to expert mode click on Options in the new window mark encrypted click ok, new window again type the wanted password click ok, and mount the partition again, restart and now you'll have to type a password for that partition every time you start your computer.

[pmpatrick]

I haven't tried mcc in a while, but it used to use cryptoloop for the encryption. Cryptoloop has been deprecated as it had some security problems, was slow and relatively inflexible. The modern approach to encryption in linux is with cryptsetup with LUKS support. Here are two articles that discuss the topic in detail:

 

http://polishlinux.org/howtos/encrypted-ho...ition-in-linux/

 

http://feraga.com/library/howto_use_crypts..._luks_support_0

 

It uses the dm-crypt kernel module which has been part of the kernel from 2.6 onward so you have excellent native kernel support and don't need to compile any kernel modules. You can do entire partitions or file containers with cryptsetup as more fully discussed in the above articles. I believe cryptsetup is installed by default in mdv2007.1 but if not the rpm is available if you have setup the usual urpmi repos(main, contrib, plf-free, plf-nonfree). Cryptsetup has been available for every distro I've tried recently except slackware and there I used the static tarball:

 

http://luks.endorphin.org/dm-crypt

 

You just unpack it and put the executable in path as it is entirely self-contained.

[orts]

Does cryptsetup-luks have the possibilliti to encrypt folders?

 

But there is no reason for installing cryptsetup-luks if it only can make encryption on partitions, as I specified in my first answer diskdrake creates excactly the same.

[pmpatrick]

Does cryptsetup-luks have the possibilliti to encrypt folders?

 

In effect, yes. You don't have to encrypt an entire partition with cryptsetup. You can create encrypted "containers" inside an existing partition with cryptsetup and move whatever sensitive stuff, including folders, into the encrypted container. You can also grant different users access to the container and give them separate passwords for access and revoke a user's password/access without effecting the other authorized users. Cryptsetup is also faster and less resource intensive than cryptoloop in my experience. Finally, cryptoloop is deprecated, meaning it is no longer being actively maintained as of kernel 2.6.4. As such, sooner or later, cryptoloop support will be dropped from the kernel. You are much better off using dm-crypt/crypsetup/LUKS going forward.

 

mcrypt can't directly do folders either as it will only encrypt a single file. Typically with mcrypt, you tar up a folder or several files making the collection into one large tar file and then encrypt that single tar file with mcrypt. It's more for archiving since to access the data you have decrypt and then untar the resulting tar file to get at the original data.

[malfist]

I'm a programmer so I know the danger of using depreciated stuff, I'll check out cryptsetup. In ubuntu I had XKeyPass too and that doesn't seem to be in the repos and I had the ability to right-click and encrypt a folder (don't know how or why I got that feature) but does cryptsetup do that too?

[malfist]

How can I set the size of the encrypted container?

[pmpatrick]

The procedure is given in detail here:

 

http://feraga.com/library/howto_use_crypts..._luks_support_0

 

But in general, you create the container using the dd command and set the size there, eg:

 

# dd if=/dev/urandom of=containerfile bs=1M count=<number of megabytes>

 

This has been adequate for my purposes but you may need a more dynamic system that can change size on the fly. For that take a look at encfs:

 

http://en.wikipedia.org/wiki/EncFS

 

EncFS is a user space encrypted filesystem that uses the FUSE library. I'm not that familiar with encfs but it may be more what you are looking for. The encfs rpm is available for mdv2007.1. There's also a kde front end for encfs, K-EncFS:

 

http://www.kde-apps.org/content/show.php/K...S?content=54078

 

Again, I haven't used this tool so I can't be of much help here but it may be worth checking out. Don't see an rpm for it so you would have to compile from source.

Edited July 24, 2007 by pmpatrick

[malfist]

Can't run kencfs2. I can install it but when I try to run it it says:

User specific directories for K-EncFS are present
User specific encrypted directory for K-EncFS present
Traceback (most recent call last):
 File "/usr/local/lib/kencfs2/kencfs.py", line 18, in ?
from kdecore import KApplication, KIcon, KIconLoader, KCmdLineArgs, KAboutData
ImportError: No module named kdecore

So I do:

[root@jerome kencfs2]# urpmi kdecore
no package named kdecore
The following packages contain kdecore: 
libkdecore4
libkdecore4-devel

and both packages are installed :( can i get this to work? (I use GNOME, I really don't like KDE)

 

Malfist

Edited July 25, 2007 by malfist

[adamw]

You probably need python-kde .

[malfist]

That worked, that was what I needed.