//=======================//
// Encrypted_HArddrive_Mini Howto
// sparken@sparksonline.org
// June 2005 rev 2 April 2006
//
// Free to Copy or run as a script with
// this header intact please
//======================//
// Using a USB stick but replace /dev/sda with your device
// The device can even be a file just replace /dev/sda with /home/username/somefilename
// This HowTo Assumes you have the cryptoloop module for your kernel and/or
// AES encryption is included. Also the mount and losetup binaries
//Had to be compiled with encryption options included.
// First we scramble the current drive for security
// This will delete all data on it! Backup your data 1st
dd if=/dev/urandom of=/dev/sda
// Now we create an encrypted loop device to act as a scrambler
// for the actual hardware device which is sda, a USB Stick
// Note: your distro may or may not have the encryption ability
// compiled into the mount and losetup commands enabling this to work
losetup -e AES256 /dev/loop0 /dev/sdb
// NOTE: you will only be promted once for the password, no verification, so don’t muck it up
[enter password] // password will need to be at least 20 chars for 256bit encryption
// NOw our device is accesible via the loop
// we need to create a filesystem on it
// I chose ext2 – journaling would only
// make it harder to shred & delete files
mke2fs /dev/loop0
//or more modern systems syntax:
mkfs.ext2 /dev/loop0
// lets mount the device and write data to it
// First make a place to mount it:
mkdir /home/username/crypt
// Now We mount it …
mount -t ext2 /dev/loop0 /home/username/crypt
// Create a test file
touch /home/username/crypt/test.txt
// Set user permissions
chown -R username.usergroup /home/username/crypt
//Unmount the loop
umount /dev/loop0
// Destroy the loop we no longer need it
losetup -d /dev/loop0
// insert the kernal module for encryption
// todo: describe how to do this automagically at boot
modprobe cryptoloop
// ENtry for Fstab – I’ll add the “users” option so that the user can mount it without being root
/dev/sdb /home/username/crypt ext2 noauto,loop,encryption=AES256,sync,users,dev 0 0
// Now users can mount the device by using this command and PW:
mount /dev/sdb
[enter password]
// When you are finished, don’t forget to unmount it
// ( remember to leave that directory (close browser windows) first) then:
umount /dev/sdb
// Voila, you are done