[PLUG] Encrypted loopback device?, CFS (Re: Cryptographic filesystem?)
Karl M. Hegbloom
karlheg at microsharp.com
Wed Mar 20 17:40:31 UTC 2002
[ Moved to plug-crypto PLEASE]
>>>>> "alan" == alan <alan at clueserver.org> writes:
[WRT: latest Mandrake advertises cryptographic filesystem support,
Karl has asked how they implemented that, and mentions that
Debian has shipped CFS for ages.]
alan> I believe they are using the loopback crypto stuff.
Uhmm... so it's just a "loop" file block device on a kernel that has
the crypto patch and "losetup" is run to insert a crypto layer?
alan> CFS has the unfortunate problem of having name conflicts
alan> with portions of ssh.
Do you mean binary file name conflicts? I wonder how the Debian
package deals with that? I imagine they've renamed some of the
binaries, unless it is logical to either offer alternatives (via
"update-alternatives") or divert the SSH version (via "dpkg-divert"
calls in postinst and prerm).
karlheg> Does the installer offer that, or is it an add on package
karlheg> you select later? How do they present it to you?
alan> Probably an option when you lay out the file systems
alan> initially. I have not seen an option to "upgrade" to it on
alan> upgrade.
Hmmm. So they put the looped files into one of the other
filesystems, or can you mount a partition with the encryption?
Can you put a loopback device into "/etc/fstab"? How? Can anyone
provide an example?
When do you type the passphrase? What about a machine that must boot
standalone?
Are the crypto filesystems for users, or only system wide?
alan> BTW, SuSE has had an encrypted filesystem option for a
alan> while.
Ok, so how do they do it? Is anyone actually using it?
--
mailto: (Karl M. Hegbloom) karlheg at microsharp.com
Free the Software http://www.debian.org/social_contract
http://www.microsharp.com
phone://USA/WA/360-260-2066
More information about the PLUG
mailing list