[colug-432] Mounting plaintext FS under encrypted fs

Steve Roggenkamp roggenkamps at acm.org
Tue Jan 25 23:35:31 EST 2011 

There's a couple of ways you can go.  Here's my experience, based on the 
Debian Lenny and Squeeze distros.

1. If you want to encrypt a file system within a file on a removable 
media, you might want to take a look at Truecrypt (truecrypt.org).  It 
works on Windows, Mac, Linux and probably the *BSDs.  I use this for 
removable media encryption.  It's easy to use and provides for what it 
calls hidden volumes.  This is essentially an encrypted volume within a 
volume and provides plausible deniability  Use it to stash stuff you 
really don't want to be found.

2. The cryptsetup(8) provides a Linux package to setup encrypted disk 
partitions using the dm-crypt device mapper.  I use this for my hard 
drives in my netbook and laptop.  The latest Debian distro  has 
integrated encrypted file systems making it easy to setup as a part of 
the installation.  I don't remember if it's a part of the Lenny install 
as it's been a while since I've installed Lenny.  It uses the LUKS 
(Linux Unified Key Setup) to manage the disk encryption keys.  You'll be 
asked for a password upon bootup.  It's relatively easy to setup and 
use.  See http://code.google.com/p/cryptsetup/ for more information.

Hope this helps.

Steve

Joshua Kramer wrote:
>
>> My 'Split' plan was to just encrypted external media, of which most 
>> of are
>> installed all the time. On a Netbook, maybe just encrypt a large SD 
>> card and
>
> Well, if all I wanted to store was documents it wouldn't be a biggie.  
> But then I thought... hey... all the passwords I have stored in the 
> browser, I don't want those floating around either, so I'd like to 
> have my .mozilla directory also encrypted.  It was just easier to 
> encrypt the whole home directory.
>
> It looks like I'm going to need a few hours to study how the 
> fuse-based encryption under RedHat works.  I have a couple of 
> encrypted partitions on my disk but it's not clear how they work.  I 
> can decrypt them if I enter the root password first...
>
> Does anyone know of a good step-by-step document about how this works?
>
> Thanks,
> -Josh
> ------------------------------------------------------------------------
>
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20110125/63d99746/attachment.html

More information about the colug-432 mailing list