lvm and cryptsetup
Hi: I would appreciate comments on this problem. I want to learn, not just solve the problem.
I would like to backup a directory structure greater than 4GB in an encrypted usb device, under the following restrictions: keep the usb device formatted as FAT32, with a single partition; leave some unencrypted space for ordinary use. Since FAT32 is limited to 4GB files, I thought I could create two or more files and mount a logical volume with them. It worked for the first time, but not anymore. I am failing somewhere, but I cannot figure out how to improve. It follows what I have done: Create three files, two limited to 4Gb and another one (it could have been the three same size): Code:
dd if=dev/urandom of=/media/usbdevice/0 bs=1M count=2000 Code:
su Code:
for i in `seq 0 1 2`;do cryptsetup --key-file="/home/fooname/passwordfile" luksOpen /dev/loop$i cryptfun$i ;done Code:
pvcreate /dev/mapper/cryptfun0 /dev/mapper/cryptfun1 /dev/mapper/cryptfun2 Code:
mkfs -t ext2 /dev/vgpendrive_fooname/lvol0 Code:
mount /dev/vgpendrive_fooname/lvol0 /mnt/lvm Code:
chown root:fooname /mnt/lvm Code:
su fooname Now, I want undo each step: Code:
su Code:
for i in `seq 0 1 2`;do losetup /dev/loop$i /media/usbdevice/$i;done Quote:
Code:
mount -t ext2 /dev/vgpendrive_fooname/lvol0 /mnt/lvm Quote:
Aditional information: Code:
uname -a Quote:
Code:
lvcreate --version Quote:
Greetings. |
Just a small thought - did you actually create the filesystem in your second attempt? I miss the mkfs command, you did use it in the first attempt. Since you recreate everything, including the encryption, all information including the filesystem information has been erased.
Hope this helps, Lucas |
When you wanted to "repeat" the steps, did you expect to find all data intact? If not, you forgot to run mkfs (as Lucas above said).
If you did, too bad, it's not going to work this way. I don't know for sure but some of the LVM commands (most probably lvcreate) gave different result the second time than the first time and your data is gone. I wouldn't bother with cryptsetup & LVM over loopback. Too much hassle and too little gain. Maybe you could use truecrypt, which works on file-based storage natively as opposed to cryptsetup which works on block devices. |
Thank you for your comments. That is the point, I expected to find the data intact! This works without lvm:
1st step: dd if=dev/urandom of=/media/usbdevice/0 bs=1M count=2000; losetup /media/usbdevice/0; cryptsetup luksFormat /dev/loop0; cryptsetup luksOpen /dev/loop0 somename; mkfs -t ext2 /dev/mapper/somename; mount /dev/mapper/somename mnt/mntpoint; cp data /mnt/mntpoint; umount /mnt/mntpoint; cryptsetupluksClose /dev/mapper/somesame; losetup -d /dev/loop0 2nd step All the above except luksFormat and mkfs. Copied data are intact. I susepct that vgremove is important to understand. After running this command, it asks if I am sure. Perhaps vgremove cannot be used if data must be preserved. However, without removing the volume, luksClose and losetup -d fail. |
Try vgexport and vgimport instead of vgremove & vgcreate. They are designed to keep your data intact while fiddling with underlying PVs.
|
Solved: encrypted file system greater than 4 GB in a single partition FAT32 usb device
Thank you! It works!
This is what I did: After mounting the logical volume as described above, I run: umount /dev/vgpendrive_fooname/lvol0 vgchange -a n vgpendrive_fooname vgexport vgpendrive_fooname for i in `seq 0 1 2`;do cryptsetup luksClose cryptfun$i ;done for i in `seq 0 1 2`;do losetup -d /dev/loop$i ;done umount /media/usbdevice Data are supposed to be protected. When the data must be accessed again, mount or hotplug the usb device and: for i in `seq 0 1 2`;do losetup /dev/loop$i /media/usbdevice/$i;done for i in `seq 0 1 2`;do cryptsetup --key-file="/home/fooname/password" luksOpen /dev/loop$i cryptfun$i ;done pvscan vgchange -a y vgpendrive_otavio mount /dev/vgpendrive_fooname/lvol0 /mnt/lvm Data are intact in /mnt/lvm! We have got an encrypted file system greater than 4 GB in a single partition FAT32 usb device ;-) Only use vgremove and pvremove if data can be lost. Greetings |
All times are GMT -5. The time now is 04:16 AM. |