Tuesday, May 28, 2019
linux encryption Essay -- essays research papers
. Contents .I. INTRO- nigh II. ENCRYPTING- Containers- Drives- Files APPENDIX . I. INTRO .-= About =-This is a quick rundown on how to encrypt files, containers, and drives under Linux. The use of loopback encrypted filesystems and openssl is explainedand examples are given. This paper should have you encrypting in no time. Thefollowing control conditions were done outpouring kernel 2.6.9.. ENCRYPTING .Ill outline how to create encrypted containers and drives using the loopback filesystem support and file encryption via openssl.-= Containers =-This is essentially creating a filesystem within a file and mounting it as a device. Containers vastly decrease the tedious task of individually encryptingfiles since you simply move your files into the mount point and then unmount and they nicely encrypted.First, you need to create a void file using the dd command.dd if=/dev/urandom of=crypto.img bs=1M count=50- The first parameter uses the /dev/urandom device to create the file withrando m data to make it more gruelling to distinguish between free spaceand encrypted data. The /dev/zero device can be used but is not advised.- The second parameter of=crypto.img defines the name to be given to thefile and this can be changed to suit your preference.- The third parameter bs=1M instructs the dd command to create the file in1MB blocks. I recommend you retract this value as 1M- The nett parameter defines the size of the file in relation to the bs parameter. Since bs=1M and count=50 the file impart be 50MB hence changingthe count value to 100 would yield a 100MB file and so on. It is worthmentioning that the file can be resized once created this will beexplained in the appendix.Second, the file must be associated to a loop device and encrypted.losetup -e aes256 /dev/loop0 crypto.img- The parameter -e aes256 at the beginning instructs losetup on whichcipher to use. The cipher casing is dependent on what your kernel supports.In this example the AES 256 bit cipher is used but you can use othercipher types such as blowfish interchangeably.- The second parameter /dev/loop0 is the device to which we bind the file too. Binding the file will allow us to format the file with filesystem. - The final pa... ...utputs at password.txt.enc. (This is a rather redundant explanationbut oh well)Now to decrypt a file.openssl enc -d -aes-256-cbc -in password.txt.enc -out password.txt- The enc -d -aes-256-cbc part of the command specifies which cipher to usefor decryption.- The -in password.txt parameter specifies which file to decrypt.- The final parameter instructs openssl to output the decryption into afile. This parameter can omitted and the file will be decrypted tostdout.. APPENDIX .-= Resizing containers =-If you formatted your container with the ext2 filesystem you can resize it with the ext2resize app.First, increase the size of the container. In this example the file acting as the encrypted container is called crypto.img and its size is incremented by20MB.d d if=/dev/urandom bs=1M count=20 crypto.img- The of= parameter is omitted and instead is used at the end of the command to append 20MB to the crypto.img file.Second, bind the file to a loop device.losetup -e aes256 /dev/loop0 crypto.imgThird, extend the ext2 filesystem within the container.ext2resize /dev/loop0That is all thats needed to resize your encrypted container.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment