Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ================================== PREPARATION ==================================
- This preparation could be necessary, because some distributions don't have
- the latest version of cryptsetup in their repository, and old versions suck :P
- === First of all, remove old version of cryptsetup from your computer:
- sudo apt-get remove cryptsetup ( for Ubuntu-based Linux distributions )
- === Update your system and install compilers for building software from source:
- sudo apt-get update && sudo apt-get upgrade && sudo apt-get install build-essential
- === Then, download these files - dependencies of cryptsetup (official repositories listed) :
- http://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/
- ftp://sources.redhat.com/pub/lvm2/
- http://rpm5.org/files/popt/
- ftp://ftp.gnupg.org/gcrypt/libgcrypt/
- ftp://ftp.gnupg.org/gcrypt/libgpg-error/
- Sort by date to find out the latest versions of dependencies!
- === After downloading, install the software in the following order:
- LVM2 , popt, libgpg-error, libgcrypt, cryptsetup
- ===== To install each software,
- 1) unpack the archive with source
- 2) use "cd" command to go inside the source directory
- 3) Run these three commands:
- ./configure && make && sudo make install
- === If you would like to run "cryptsetup benchmark" command, and encountered an error
- caused ".so" files from old cryptsetup version - problem could be solved in this way:
- sudo cp /usr/local/lib/libgcrypt.so* /lib/i386-linux-gnu/
- sudo cp /usr/lib/libcryptsetup.so* /lib/
- ================================== ENCRYPTION ==================================
- === Before encrypting the partition, you need to format it by filling with random data
- (but, as result, files at this partition would be lost, so you NEED to backup them)
- === Install and run "pv" application (unlike dd/if/of, you could monitor the progress of filling) :
- sudo apt-get install pv ( for Ubuntu-based Linux distributions )
- pv /dev/urandom | sudo dd of=/dev/<DevName>
- ( <DevName> has the following format : /dev/sdXY , X is letter and Y is number )
- === Encrypt in strong way ( serpent is much better than AES, although slower ; xts is better than cbc ; essiv is better than plain64 ) :
- sudo cryptsetup -v --cipher serpent-xts-essiv:sha256 --hash sha512 --use-urandom --key-size 512 --iter-time=5000 luksFormat <DevName>
- === Open the encrypted partition:
- sudo cryptsetup luksOpen <DevName> <Title>
- ( <Title> would be assigned to this partition at device mapper;
- could be anything, e.g. "illuminati" )
- === Create new filesystem at this partition:
- sudo mkfs.ext4 /dev/mapper/<Title>
- === Create new mount point (<MountPoint> could be the same as <Title>) :
- sudo mkdir /media/<MountPoint>
- === Mount new partition to your mount point:
- sudo mount /dev/mapper/<Title> /media/<MountPoint>
- ... do anything with your partition, could return files that you previously backup'ed ...
- Note: if you want to be able work with partition using User's privileges, not Admin
- (e.g. create text files at Nautilus) change permissions of access with "chmod" command
- === Unmount your partition:
- sudo umount /media/<MountPoint>
- === Close encrypted device:
- sudo cryptsetup luksClose /dev/mapper/<Title>
- ================================== USAGE ==================================
- Later, you could access your encrypted partition in five simple steps:
- 1) Open encrypted device - sudo cryptsetup luksOpen <DevName> <Title>
- 2) Mount your partition - sudo mount /dev/mapper/<Title> /media/<MountPoint>
- ... do anything with your partition and files there ...
- 4) Unmount your partition - sudo umount /media/<MountPoint>
- 5) Close encrypted device - sudo cryptsetup luksClose /dev/mapper/<Title>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement