[PLUG] Encrypted loopback device?, CFS (Re: Cryptographic filesystem?)

Karl M. Hegbloom karlheg at microsharp.com
Wed Mar 20 17:40:31 UTC 2002


 [ Moved to plug-crypto PLEASE]

>>>>> "alan" == alan  <alan at clueserver.org> writes:

 [WRT: latest Mandrake advertises cryptographic filesystem support,
       Karl has asked how they implemented that, and mentions that
       Debian has shipped CFS for ages.]

    alan> I believe they are using the loopback crypto stuff.

 Uhmm... so it's just a "loop" file block device on a kernel that has
 the crypto patch and "losetup" is run to insert a crypto layer?

    alan> CFS has the unfortunate problem of having name conflicts
    alan> with portions of ssh.

 Do you mean binary file name conflicts?  I wonder how the Debian
 package deals with that?  I imagine they've renamed some of the
 binaries, unless it is logical to either offer alternatives (via
 "update-alternatives") or divert the SSH version (via "dpkg-divert"
 calls in postinst and prerm).

    karlheg> Does the installer offer that, or is it an add on package
    karlheg> you select later?  How do they present it to you?

    alan> Probably an option when you lay out the file systems
    alan> initially.  I have not seen an option to "upgrade" to it on
    alan> upgrade.

 Hmmm.  So they put the looped files into one of the other
 filesystems, or can you mount a partition with the encryption?

 Can you put a loopback device into "/etc/fstab"?  How?  Can anyone
 provide an example?

 When do you type the passphrase?  What about a machine that must boot
 standalone?

 Are the crypto filesystems for users, or only system wide?

    alan> BTW, SuSE has had an encrypted filesystem option for a
    alan> while.

 Ok, so how do they do it?  Is anyone actually using it?

-- 
mailto: (Karl M. Hegbloom) karlheg at microsharp.com
Free the Software  http://www.debian.org/social_contract
http://www.microsharp.com
phone://USA/WA/360-260-2066




More information about the PLUG mailing list