Mon, 07 Nov 2005
Offline Portable Encrypted Filesystems, Part 1
More on the Cruzer Micro. It's
tiny
and
fast. I've
been making great use of it under Linux with the
pmount
utility. Especially the -s argument which mounts in a read-optimized mode
and lets you rip out the mounted drive without damaging the filesystem.
But what about security? Wouldn't it be nice to have a encrypted filesystem on
the disk so sensitive files can be stored offline, portably? The disk comes
packaged with some bullshit Windows "freeware" applications to make an
encrypted filesystem but to no surprise they have licence restrictions and
limited functionality unless you purchase the "pro" version. The 2.6 Linux
kernel already contains an API for encrypted filesystems and lacks the licence
restrictions of previously mentioned Windows apps. This is my starting point.
In a nutshell, here's the process I found for doing this, the main drawback
being the necessity of a root shell.
- load cryptoloop kernel module
- decrypt filesystem against loopback driver
- enter password
- mount loopback filesystem
- use filesystem
- unmount filesystem
- encrypt filesystem by disabling loopback driver
This process is documented in the
Linux
loopback encrypted filesystem howto. Ignore everything about compiling your
kernel. This document is old and all the utilities are in the 2.6 kernel and
Debian stable. If you don't already know, a loopback filesystem is a single
file that can be mounted as if it is a physical disk partition. The advantage
of doing this on the USB key is you can keep the vfat filesystem on the key for
insecure files and have a single encrypted loopback file you mount when needed.
The filesystem can contain passwords and access information since it's
protected by encryption and a password that only you know.
Stay tuned for syncing your home directory to the encrypted filesystem, making
your Linux desktop truly portable and secure.
posted at: 12:48 | path:
/privacy |
permanent link to this entry
