LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Enterprise (https://www.linuxquestions.org/questions/linux-enterprise-47/)
-   -   Encrypted file systems (https://www.linuxquestions.org/questions/linux-enterprise-47/encrypted-file-systems-290508/)

hamish 02-15-2005 09:56 AM
Encrypted file systems
 
Hello

I have a server in colocation. Every evening a number of business backup their work onto my server. The server is physically secure, however, I'm currently interested in making the partitions encrypted (the partition on which their data is stored -- eg /home).

Firstly, how does encyption work on a file system? that is, if someone steals my computer, I understand that the cannot access the data in /home without a password/passphrase. Does this passphrase have to be entered at boot up, or when the use logs into /home??

Because the server is in colocation, I cannot type in a passphrase when the system boots up, unless I can add it to lilo.conf somehow.

Secondly, all of the backups are automatic and specifically do not require user input. Thus, the encyption passphrase cannot be entered by the user when they log on.

My questions:
- if I'm right in thinking that a password/passphrase is entered at some point in bootup, how can I do this?
- can I just use a standard ext3 filesystem and then apply encryption to it? I read about this:

Code:
mount -t ext3 /dev/sda1 /mnt/crypto/ -oencryption=aes-256
- my disks are in RAID 1, will this matter?
- can anyone suggest a way of doing this? And direct me to a how to?

thank you very much
Hamish

Matir 02-15-2005 12:26 PM
Encrypted file systems are independent of RAID. It's just a file system, like any other. The passphrase is needed at the time the system is mounted. Providing it from a script, though possible, makes no sense: anyone with the computer could then get the passphrase from the script and decrypt the partition. Also, if the box is remotely compromised while running, the mounted system will be just as accessable as one without encryption.

hamish 02-15-2005 12:41 PM
hey
Quote:
Also, if the box is remotely compromised while running, the mounted system will be just as accessable as one without encryption.
But presumably this is always the case with encryption?

What I was considering was not encrypting root or boot partitions, just the home partitions. Thus, I can boot the computer up without need for password, and then manually remount the home partitions.

Would that work ok?

Also, I've read quite a bit about /dev/loop0 and the encrypted partition (say, /dev/sda1) stuff on this webpage http://www.linux.com/howtos/Cryptolo...ce-setup.shtml

I'm not quite sure I understand the difference between /dev/loop0 and /dev/sda1 . Can anyone shed some light on this?

Thanks
hamish


All times are GMT -5. The time now is 05:33 PM.