Encrypted Filesystems using Loop Device
I am in the process of setting up several encrypted filesystems on a linux server of mine for different clients. I am running gentoo-2.6.9-r1 on a p4.
I've been researching into on how to setup a encrypt and am now comfortable with the basic process. I do however have some questions that maybe someone could help me with.
Here's a simple example:
1) mkdir /fs
2) losetup -e aes-cbc-256 /dev/loop1 /disk-aes
*** Entered pwd "testing"
3) mkfs -t reiserfs /dev/loop1
4) mount -t reiserfs -o loop,encryption=aes-cbc-256,acl /disk-aes /fs
*** Entered pwd "testing"
This successfully mounts /fs to file /disk-aes. So far so good. After further reading and testing I discovered that step 4 could also be expressed as:
4) mount -t reiserfs /dev/loop1 /fs
This does not ask me for a pwd again so is kinda handy unless I'm doing something completely bad or wrong?
Next step is I would love to somehow auto mount this in fstab (rather than using an unsecure shell script). The reason for this is that the machine is unattended for much of the time - if it resets then those filesystems will be unavailable. After much searching I came up with "hashalot"
Now based on what I've read step 2 would look something like this:
2b) sha256 | losetup -p0 -e aes-cbc-256 /dev/loop1 /disk-aes
This works ok as well - the big problem now is how to set that up in fstab? And why do this anyway? I realize it has something todo with hashing the password, making things even more twisted. But how does that help in fstab?
I've tried various entries but nothing seems to work. I am not sure how to continue. My fallback position is simply to create a very unsecure shell script and run it at boot time or play around with the keygen parm in fstab...
Hope this isn't too confusing.
TIA,
E.
|