|
OJK
Stranger

Registered: 06/08/03
Posts: 10,629
|
OS with support for encrypted file systems?
#5806523 - 06/30/06 10:51 AM (17 years, 6 months ago) |
|
|
Hey,
I'm looking for an OS that supports file system encryption as natively as possible. I've looked at a couple of guides on setting up linux to mount encrypted file systems, but it seems to be fairly complex (recompiling the kernel complex).
Can anyone point me towards an easy OS/filesystem combination? I'm looking for something that has a low overhead and fairly good security (i.e. breaking the encryption doesn't have to be impossible, just non-trivial).
Thanks for any help
|
tak
geo's henchman



Registered: 11/20/00
Posts: 3,776
Loc: nowhereland
|
Re: OS with support for encrypted file systems? [Re: OJK]
#5806573 - 06/30/06 11:18 AM (17 years, 6 months ago) |
|
|
Recompiling the kernel is almost a must for every intall, so if that is too complex, I would probably stick to windows. No offense.
But anything and everything linux related has more than enough write-up's and step-by-step howto's.
What are your plans for this computer. Just data storage?
Or do you plan on using it as a client machine?
-------------------- The DJ's took pills to stay awake and play for seven days.
|
wilshire
free radical


Registered: 05/11/05
Posts: 2,421
Loc: SE PA
Last seen: 14 years, 3 days
|
Re: OS with support for encrypted file systems? [Re: tak]
#5806596 - 06/30/06 11:36 AM (17 years, 6 months ago) |
|
|
Recompiling the kernel is almost a must for every intall, so if that is too complex, I would probably stick to windows. No offense.
i've installed gnu/linux on 8 different machines now. some of these machines have had multiple installs with different distributions. i've never needed to compile a kernel for an installation.
|
OJK
Stranger

Registered: 06/08/03
Posts: 10,629
|
Re: OS with support for encrypted file systems? [Re: tak]
#5806616 - 06/30/06 11:50 AM (17 years, 6 months ago) |
|
|
client, NAS, some server processes
most of the data will be sensitive, about as sensitive as data can be in a non-commercial environment
I'll probably employ something on top of the filesystem for the actual storage archives, but I need a system where I don't have to constantly worry about cleartext traces everywhere as much
and if it comes to it, I'll be willing to recompile kernels to achieve what I want, I just wanted to be sure it was necessery, it's never been for anything I've done before on a linux system
even if someone could just point me towards a wiki or a good write up on the subject, that would be great
|
sherm
sherman


Registered: 10/02/03
Posts: 20,498
Loc: Euthanasia
|
Re: OS with support for encrypted file systems? [Re: OJK]
#5807093 - 06/30/06 03:20 PM (17 years, 6 months ago) |
|
|
recompiling is easy, mostly:) unless you have some crazy hardware or really new chipset
this is a good document. its gentoo specific though http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=7
-------------------- shroomery. not even once.
    
|
SpaceApache
Photonscape

Registered: 06/30/06
Posts: 5
Loc: Southampton, England, UK
Last seen: 16 years, 10 months
|
Re: OS with support for encrypted file systems? [Re: OJK]
#5807200 - 06/30/06 04:13 PM (17 years, 6 months ago) |
|
|
Look for any distribution with "Cryptoloop" support built-in to the kernel or modularized. I use file-system encryption on Linux, and without cryptoloop, it's impossible (to encrypt file-systems, aes-pipe will encrypt single files/directories without it). Once you have your crypto-loop enable distro ready and waiting, be sure that aes-crypt is installed.
To initially create an encrypted, aes 256bit file-system, as root: Code:
dd if=/dev/urandom of=/dev/<device> \
losetup -e aes-256 /dev/loop0 /dev/<device> \
mke2fs /dev/loop0 \
mkdir /mnt/crypto \
mount -t ext2 /dev/loop0 /mnt/crypto
The above will create the encrypted file-system. Here, I use the ext2 file-system, because it's not a journalized file-system. This mean, I can securely remove files permanently. You could use any file-system you want, but a non-journalized FS is (in my mind) a good idea when thinking about sensitive info.
At this point, you can fill your FS with the files you want, but you'll need another step before you can easily (un)mount your new FS. You'll need to add the following line to your /etc/fstab file: Code:
/dev/<device> /mnt/crypto noauto,users,encryption=aes-256 0 0
From here on, you'll be able to (un)mount your encrypted FS by typing: Code:
mount /mnt/crypto
and entering your password when prompted.
For a more concise guide (from which I learned): Crypto-loop HOWTO
-------------------- "A Robin Redbreast in a cage, puts all heaven in a rage."
|
supercollider
superconducting


Registered: 10/13/00
Posts: 1,234
Loc: Waxahachie
|
Re: OS with support for encrypted file systems? [Re: OJK]
#5808072 - 06/30/06 11:27 PM (17 years, 6 months ago) |
|
|
Recompiling the kernel is not that complex, and it's something you should learn to do if you ever want to be a serious linux user. Here is some good documentation on how to recompile kernels in general. It's written for Gentoo, but most of it will hold true for any distro. Just ignore the part about "genkernel" and the "emerge" command. See if you already have a source installed for your current kernel in /usr/src, and if you don't, download a new one from kernel.org.
-------------------- Supercollider? I just met her!
|
funnybunny
Saboten Bomber



Registered: 01/30/06
Posts: 602
Loc: Spain
Last seen: 1 year, 7 months
|
Re: OS with support for encrypted file systems? [Re: supercollider]
#5808576 - 07/01/06 01:29 AM (17 years, 6 months ago) |
|
|
|
Vvellum
Stranger

Registered: 05/24/04
Posts: 10,920
|
Re: OS with support for encrypted file systems? [Re: OJK]
#5815434 - 07/03/06 10:39 AM (17 years, 6 months ago) |
|
|
|
OJK
Stranger

Registered: 06/08/03
Posts: 10,629
|
Re: OS with support for encrypted file systems? [Re: Vvellum]
#5826717 - 07/06/06 06:07 AM (17 years, 6 months ago) |
|
|
Thanks for all the responses guys, very helpful
|
|