Google
  Web www.spinics.net

Re: loop-AES with ReiserFS for file-backed loop?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
> > Thank you for the suggestion.  I just read a similar suggestion for Jari, though I need a more  
> > detailed example to actually implement the suggestion (as in an example fstab and command line  
> > that properly sets up the stack of loops).  I never stacked loops before, and do not yet seem 
to  
> > understand how I would stack loops.  
> >   
> > While your suggestion with the keys residing in each layer may be convenient, I think it  
> > needlessly reduces the security to Level 2 as stated in the loop-AES.README.  It would be just 
as  
> > convenient and easy to store the keys external to the encrypted partion/loops.  
>  
> Taken the losetup from the README i've just written this shell-script 
> Example is for 4 layer, but you can be easily changed for more or less. 
>  
> - snip - 
> #!/bin/bash 
>  
> loop=0 
> # Find next free Loop-device 
> # return loop-device as output-string and (next) nr via return-value 
> function nextFreeLoop() 
> { 
>         while true 
>         do 
>                 if [ ! -b "/dev/loop${loop}" ]; then 
>                         print "No more loop devices /dev/loop${loop}" 
>                         exit 99 
>                 fi 
> 		# If the loop-device is "free" then break 
>                 losetup "/dev/loop${loop}" &>/dev/null || break 
>                 let loop=loop+1 
>         done 
>         echo "/dev/loop${loop}" 
>         let loop=loop+1 
>         exit $loop 
> } 
>  
> loop0=`nextFreeLoop` 
> loop=$? 
> loop1=`nextFreeLoop` 
> loop=$? 
> loop2=`nextFreeLoop` 
> loop=$? 
> loop3=`nextFreeLoop` 
> loop=$? 
>  
> if [ "$loop" = "99" ]; then 
>         print "Not enough free loop-devices" 
>         exit 1 
> fi 
>  
> losetup -e AES128 -K /root/secret1.gpg $loop0 /dev/hda666 || exit 1 
> losetup -e AES128 -K /root/secret2.gpg $loop1 $loop0 || exit 1 
> losetup -e AES128 -K /root/secret3.gpg $loop2 $loop1 || exit 1 
> losetup -e AES128 -K /root/secret4.gpg $loop3 $loop2 || exit 1 
>  
> echo "Setup successfull" 
> echo "Used Loop-devices: $loop0 $loop1 $loop2 $loop3" 
> - snip - 
>  
> After that you can 
> mkfs (First time) and/or mount $loop3. 
>  
> If you have other loop-devices the used loop-devices may not be persistent. 
>  
> But you could also change the script to use fixed-numbers instead. 
Thank you for the script.  I wish I knew bash so I could understand the script better. 
 
While I do very much appreciate your effort, I hoped to get something *much* more simple and 
direct to help me understand the process of stacking just *two* loops, so I can understand how it 
works. 
 
What I *really* need is an example of stacking two loops, shown as the needed fstab entries and 
then the command line commands to set up the stack of loops. 
 
Anon 

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

[Home]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]     [Network Security Reading]

Powered by Linux