On Sunday 23 September 2007 20:06:01 Richard (MQ) wrote: > > I don't follow this part :-? > > Getting a bit OT but:
But very interesting, for us and somebody else wanting to do encrypted backups. Ah! Before I forget: I wrote to '/etc/sysconfig/kernel' this line: MODULES_LOADED_ON_BOOT="cryptoloop twofish" I think this should work to load those two modules instead of using boot.local > I create a regular file of rubbish, and loop-mount it with crypto before > generating a filesystem and finally mounting normally: > > $ dd if=/dev/urandom of=file.img count=700 bs=1048576 (i.e. owner=user) /dev/urandom, /dev/random... what's the difference? ... (un)signed, perhaps? > > # losetup -e twofish256 /dev/loop0 file.img > # mkfs.ext3 /dev/loop0 > # mount -t ext3 -o rw /dev/loop0 mountpoint > > Copy what I want to keep to mountpoint then: > > # umount mountpoint > # losetup -d /dev/loop0 > > $ md5sum file.img > file.md5 (i.e. owner=user again) > > Then write file.img and file.md5 to cd using k3b. Easy to test integrity > without having to crypto-mount: > > $ cd cd-mountpoint > $ md5sum -c file.md5 Curious! > And to mount for reading > > # losetup -e twofish256 /dev/loop0 cd-mountpoint/file.img > # mount -t ext3 -o ro /dev/loop0 mountpoint > > Not too hard to script these steps, except for the problem with cd > mount-point names under /media. Of course, same idea for DVDs. I always mount manually, so I don't have the /media names problem. My procedure is simpler. First I create an empty file: nimrodel:~ # nice dd if=/dev/zero of=crypta_f_dvd \ bs=1MB count=4700 4700+0 records in 4700+0 records out 4700000000 bytes (4.7 GB) copied, 99.32 s, 47.3 MB/s (Watch line wrap: I'm using kmail now and i don't know how to tell it not to wrap) I didn't think to randomize it, as I suppose the encryption thing will do its work. The file has the exact size of a DVD image. Then I encrypt it via loop: nimrodel:~ # losetup -T -e twofish256 /dev/loop2 crypta_f_dvd Password: Retype password: nimrodel:~ # file -s /dev/loop2 /dev/loop2: data And I create the XFS filesystem on the loop device: nimrodel:~ # mkfs -V -t xfs -L CryptoDVD_MM /dev/loop2 nimrodel:~ # file -s /dev/loop2 /dev/loop2: SGI XFS filesystem data (blksz 4096, inosz 256, v2 dirs) And that's all. I can mount that filesystem via fstab (after the losetup thing is freed): /imgs/crypta_f_dvd /mnt/crypta.x.dvd xfs \ noauto,user,loop,encryption=twofish256 0 0 In this way, I can simply copy the files I want to backup to the mounted image in /mnt/crypta.x.dvd just using any tool I want. When done, I umount it, then burn the image directly using growisofs or k3b. I can test the dvd: minas-morgul:~ # losetup -e twofish256 /dev/loop2 /dev/hdc Password: minas-morgul:~ # file -s /dev/loop2 /dev/loop2: SGI XFS filesystem data (blksz 4096, inosz 256, v2 dirs) This is the step I should have done this morning, by the way. > I generally use this scheme for backups of documents, emails etc. - not > spectacularly secret, but potentially useful to an ID thief. Most > ordinary punters won't be able to read it, but of course GCHQ / NSA etc. > wouldn't take very long if they ever wanted to... Of course :-) > A lot of people take essentially no backups, and many of those who do > take them leave unprotected data lying around. Not very sensible really! True... I don't encrypt every thing. My filesystem is plain, but there are somethings I keep encrypted. I have been bitten with a corrupted filesystem just while I was adding a new HD to make fast backups - Murphys law :-( The problem nowdays is that DVDs are too small for making backups of a 300 GiB HD :-( -- Cheers, Carlos E.R. (from RC1) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]