[NBLUG/talk] Crypt Filesystems

Walter Hansen gandalf at sonic.net
Tue Jul 25 14:15:52 PDT 2006


> Walter Hansen wrote:
>> I'm doing full disk backups that go offsite. I was thiniking what would
>> happen if one of these backups fell into the wrong hands (I'm sure that
>> the fate of the universe would be changed and evil would abound (in
>> other
>> words they'd say 'Cool! A 250gb SATA! I'll wipe it and put porn on
>> it!').
>> Anyway a nice drop in solution would be some sort of encrypted file
>> system. I'd imagine it would probably work something like raid with ext3
>> used on top. Speed isn't really a concern as I use a rsync at midnight
>> to
>> bring the drive up to date.
>>
>> I seem to remember it was a meeting topic about a year ago, but I didn't
>> make it. I see that there are buch listed online and was wondering if
>> anyone who's dabbled might have comments or suggestions.
>>
>> Walter - Trying to make his backup system really nice.
>
> I'm the one that spoke on this subject last year.
>
> I suggest you take a look at http://loop-aes.sf.net
>
> Read their documentation and ask questions here. I'll help you through it.
>
> Best,
> jacob appelbaum


I've read through a bit of the docs and it looks like it does what I want,
so here are questions:

I'd rather not have to type in a passphrase when mounting drives. Is there
a way to auto-enter the passphrase or not require one? The filesystem
would be a mirror of a non-encrypted file system on the main system. I'm
only concerned with it being encrypted when it leaves the machine.

In the one readme it says that I'll have to re-compile the kernal. Is this
really nessicary, or this mistaken? I seem to remember another doucment
saying that they were making it so it wouldn't reqire compiling. I'm using
debian 2.6.8-11-amd64-k8.

And on the debian thread apt-cashe search aes returns several packages
that seem to be the right thing:

aespipe - AES-encryption tool with loop-AES support
loop-aes-ciphers-source - Ciphers for the loop-AES encryption Linux kernel
module
loop-aes-source - AES-encryption loopback Linux kernel module
loop-aes-utils - Tools for mounting and manipulating filesystems





More information about the talk mailing list