martin_d 1210682149|%e %b %Y, %H:%M %Z|agohover
Hi folks,
I do not want to encrypt the whole filesystem, thus is there a way to mount a hardware-encrypted container (file) as for example /shares/encrypted?
- Martin
martin_d 1210703164|%e %b %Y, %H:%M %Z|agohover
To answer it myself: It is possible. You can use dd and losetup to set up the container, the rest works as described in the wiki.
edhut 1214159326|%e %b %Y, %H:%M %Z|agohover
I've just started to hack my MyBookWorld and I would also like to encrypt just a part of the data on it (because of the performance hit if all data on the drive is encrypted).
As a relative Unix noob, I would like to see the steps you took described in more detail.
Thanks in advance.
/Ed
andyy 1214304184|%e %b %Y, %H:%M %Z|agohover
Do the following:
dd if=/dev/zero of=/shares/internal/vault.fs bs=1MB count=8000
This command creates an 8GByte file for the container. This takes under 5 minutes. You could use /dev/urandom instead of /dev/zero, but using /dev/uramdom will take around 1 hour per GBytes
Using MyBook's web interface, create a new folder call VAULT and assign access rights to users to access it.
Then create a shell script in /etc/init.d/valut.sh
#!/bin/sh
#
# vault - to start or stop encrypted container
#
DEV=/dev/loop0
DMDEVNAME=vault
DMDEV=/dev/mapper/$DMDEVNAME
FILE=/shares/internal/vault.fs
start() {
if [ `df | grep $DMDEVNAME | wc -l` -eq 0 ]@@
then
read key1
read key2
losetup $DEV $FILE
echo 0 `ls -s $FILE | awk '{ print $1; }' ` ox-crypt $key1 $key2 0 $DEV 0 |/usr/sbin/dmsetup create $DMDEVNAME
#mount $DMDEV /shares/internal/VAULT
fi
}
stop() {
if [ `df | grep $DMDEVNAME | wc -l` -ne 0 ]
then
umount $DMDEV
/usr/sbin/dmsetup remove $DMDEV
losetup -d $DEV
fi
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
restart
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
esac
exit $?
Run the script: /etc/init.d/vault.sh start
This will ask for 2 32-digit keys from the command line (one line per key, no prompt)
After this, execut the command:
mkfs.ext3 -m 1 /dev/mapper/vault
mount /dev/mapper/vault /shares/internal/VAULT
This will mount the encrypted container and you can access it from Windows as a shared drive.
Edit the valut.sh you created and uncomment the line
#mount $DMDEV /shares/internal/VAULT
ie, remove the #
Before you shutdown MyBook, execute
/etc/init.d/vault.sh stop
The every time you power on, run the command /etc/init.d/vault.sh start
and enter the keys and shut down using /etc/init.d/vault.sh stop
If you want to retrieve the keys automatically on boot, check out the original encrypted drive post.
Note that if the encrypted file system is not mounted, you will see no files in the VAULT folder.
Andy
edhut 1214600035|%e %b %Y, %H:%M %Z|agohover
Hi there. Well, I'm close, but not quite there yet. The vault is visible, but I cannot create files in it. I get a write permission when I try it. In the web-interface of the MyBookWorld the VAULT has full access for everyone and I've also tried to chmod the vault.fs file itself to give it RW permissions for all users, but without any luck. Below is a copy/paste of the vault.fs file.
-rwxrwxrwx 1 root root 8000000000 Jun 27 20:22 vault.fs
Hope this is an easy nut to crack :-)
Ed
edhut 1214343116|%e %b %Y, %H:%M %Z|agohover
Hi Andy,
Haven't tried it yet, but thanks in advance for your reply. I think I should be able to get it working now.
Cheers,
Ed