Hi all,
In an attempt to create an encrypted partition on my Slackware 12 system (not the root or swap partition, just a standard partition on a secondary drive to store all my important data). I would like this partition to be visible in KDE system:/media but require a password to open/decrypt it for use after booting into KDE.


I have been working with the "README_CRYPT.TXT" written by Alien_Bob; but after following the readme and (I think) adapting as necessary, I am a little stumped as to why it is not working.

What I have done so far:

1. Create a 5Gb ext3 partition as /dev/hdb6, label crypt.

2. Reboot for partition table to update and KDE to 'see' new partition.

3. Open root terminal in kde, type:

After rebooting the computer, I have .. well .. nothing?

The crypt partition is no longer appearing in KDE system:/media. If I open a root terminal and type mount, there is no mention of /dev/hdb6 being mounted anywhere?

I then made a directory /mnt/crypt and attempted to mount /dev/hdb6 manually:
So then I followed up with 'dmesg | tail' and was presented with this:
What does that mean?
Did I miss an important step in the encryption process somewhere?


I am very new to encryption so if anyone could offer suggestions or solutions to this, I would really appreciate it.

Thanks very much in advance for any help.

Regards

Orbit

A lot of comments to make on your story.. but I do not have all that much time, so I am giving you some pointers so that it will be easier to do what you want.

* You do not have to use LVM if you want disk encryption. In your case, it may just add to the confusion. It will not hurt either

* When you encrypt the partition /dev/hdb6 using cryptsetup, you make it inaccessible using the "mount /dev/hdb6" command. Instead, you will have to mount the mapped device that is created as "/dev/mapper/crypt" after you run "cryptsetup luksOpen /dev/hdb6 crypt" and enter a passphrase.

* The format of /etc/crypttab is not well-documented. You made a mistake by running . The correct syntax would be * I do not see you mentioning that you formatted the partition with a filesystem - something like is required before you can mount the partition using Hope this helps.

Eric

Hello Alien Bob,

Yes indeed, your comments did the trick, I adjusted the password string and did the mkfs as you suggested and the encryption is now working, thank you very much for your help!

I have set the encrypted partition label, and also have '/dev/mapper/crypt' now mounting and unmounting via HAL so it shows up and is usable in KDE system:/media as the 'Crypt' drive.


However, after exploring this cryptsetup partition encryption, I have some security concerns about my data.

These are:

1. Cryptsetup requires a password (which is written in plain english) in the file '/etc/crypttab' or without it the system pauses at the password prompt, and will not automatically boot.

2. I also tried entering the password into the 'cryttab' file to automate the system boot, but then setting chmod on '/etc/crypttab' to 100600 (read-write only by root, denied to other users), this would seem to 'protect' the file from other users viewing it while in Slackware; but after booting with SLAX, I was able to navigate straight to the file and read it's content and my password (ouch).

3. Even after either having the password written in the 'crypttab' file, or manually entering each time (yuk) the password to continue the system boot, it seems that the encrypted partition is automatically left Wide-Open for reading by anyone while the system is booted. To me this seems like a major security hole and it seems to negate the whole point of the encryption (which only works when the system is turned off?).


Therefore, do you know anyway that cryptsetup can be configured, so that the boot is automated without having the password written in the file or requiring user boot input?

My Goal:
What I am after; by default the partition is 'unmounted and encrypted' during boot and normal operation of the system. But .. If I actually want to use that partition while in KDE , I can click on it in system:/media and it will mount as it does now, but with the addition of requesting a password to access the drive?

Do you think this addition is possible? Any suggestion on how you think this may be done?

I look forward to your thoughts on this matter.

Regards

Orbit

Hello again,

Never mind, I've sorted it out.

What I have done is used the LUKS frontend Krypt

This program gives me a graphical frontend to control the LUKS encrypted partitions. It does require a slight modification of the existing system to use it; in that you have to remove the '/etc/crypttab' file (not a bad thing at all).

I have noticed that it does encrypt & decrypt the partition quite well, even working in with HAL to show up the new volume, it can quickly be configured to give a password prompt only for when you want to access your encrypted partition, without passwords being stored on your system, so it is very good.

It does seem to have one small bug; if you encrypt/decrypt the partition too many times in one session, the program gets 'confused' and stops controlling. To overcome this, simply close the program and re-open it, and it runs well again.

Maybe this helps someone else.

Cheers

Orbit