Advertisement
Guest User

Cryptsetup - Nice tutorial for beginners (ripTC)

a guest
Jun 7th, 2014
929
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.67 KB | None | 0 0
  1. ================================== PREPARATION ==================================
  2.  
  3. This preparation could be necessary, because some distributions don't have
  4. the latest version of cryptsetup in their repository, and old versions suck :P
  5.  
  6. === First of all, remove old version of cryptsetup from your computer:
  7.  
  8. sudo apt-get remove cryptsetup ( for Ubuntu-based Linux distributions )
  9.  
  10. === Update your system and install compilers for building software from source:
  11.  
  12. sudo apt-get update && sudo apt-get upgrade && sudo apt-get install build-essential
  13.  
  14. === Then, download these files - dependencies of cryptsetup (official repositories listed) :
  15.  
  16. http://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/
  17. ftp://sources.redhat.com/pub/lvm2/
  18. http://rpm5.org/files/popt/
  19. ftp://ftp.gnupg.org/gcrypt/libgcrypt/
  20. ftp://ftp.gnupg.org/gcrypt/libgpg-error/
  21.  
  22. Sort by date to find out the latest versions of dependencies!
  23.  
  24. === After downloading, install the software in the following order:
  25. LVM2 , popt, libgpg-error, libgcrypt, cryptsetup
  26.  
  27. ===== To install each software,
  28. 1) unpack the archive with source
  29. 2) use "cd" command to go inside the source directory
  30. 3) Run these three commands:
  31. ./configure && make && sudo make install
  32.  
  33. === If you would like to run "cryptsetup benchmark" command, and encountered an error
  34. caused ".so" files from old cryptsetup version - problem could be solved in this way:
  35.  
  36. sudo cp /usr/local/lib/libgcrypt.so* /lib/i386-linux-gnu/
  37. sudo cp /usr/lib/libcryptsetup.so* /lib/
  38.  
  39. ================================== ENCRYPTION ==================================
  40.  
  41. === Before encrypting the partition, you need to format it by filling with random data
  42. (but, as result, files at this partition would be lost, so you NEED to backup them)
  43.  
  44. === Install and run "pv" application (unlike dd/if/of, you could monitor the progress of filling) :
  45.  
  46. sudo apt-get install pv ( for Ubuntu-based Linux distributions )
  47. pv /dev/urandom | sudo dd of=/dev/<DevName>
  48.  
  49. ( <DevName> has the following format : /dev/sdXY , X is letter and Y is number )
  50.  
  51. === Encrypt in strong way ( serpent is much better than AES, although slower ; xts is better than cbc ; essiv is better than plain64 ) :
  52.  
  53. sudo cryptsetup -v --cipher serpent-xts-essiv:sha256 --hash sha512 --use-urandom --key-size 512 --iter-time=5000 luksFormat <DevName>
  54.  
  55. === Open the encrypted partition:
  56.  
  57. sudo cryptsetup luksOpen <DevName> <Title>
  58.  
  59. ( <Title> would be assigned to this partition at device mapper;
  60. could be anything, e.g. "illuminati" )
  61.  
  62. === Create new filesystem at this partition:
  63.  
  64. sudo mkfs.ext4 /dev/mapper/<Title>
  65.  
  66. === Create new mount point (<MountPoint> could be the same as <Title>) :
  67.  
  68. sudo mkdir /media/<MountPoint>
  69.  
  70. === Mount new partition to your mount point:
  71.  
  72. sudo mount /dev/mapper/<Title> /media/<MountPoint>
  73.  
  74. ... do anything with your partition, could return files that you previously backup'ed ...
  75.  
  76. Note: if you want to be able work with partition using User's privileges, not Admin
  77. (e.g. create text files at Nautilus) change permissions of access with "chmod" command
  78.  
  79. === Unmount your partition:
  80.  
  81. sudo umount /media/<MountPoint>
  82.  
  83. === Close encrypted device:
  84.  
  85. sudo cryptsetup luksClose /dev/mapper/<Title>
  86.  
  87. ================================== USAGE ==================================
  88.  
  89. Later, you could access your encrypted partition in five simple steps:
  90.  
  91. 1) Open encrypted device - sudo cryptsetup luksOpen <DevName> <Title>
  92. 2) Mount your partition - sudo mount /dev/mapper/<Title> /media/<MountPoint>
  93. ... do anything with your partition and files there ...
  94. 4) Unmount your partition - sudo umount /media/<MountPoint>
  95. 5) Close encrypted device - sudo cryptsetup luksClose /dev/mapper/<Title>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement