~$ sudo cryptmount-setup
------------------------------
cryptmount setup script
This program will allow you to setup a secure filing-system that will
be managed by "cryptmount". You will be able to select basic features
such as the location and size of the filesystem - if you want more
advanced features, you should consult the cryptmount manual page.
cryptmount version 5.2.2, (C)Copyright 2007-2014 RW Penney
cryptmount comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under
certain conditions - see the file 'COPYING' in the source directory.
------------------------------
Each cryptmount filesystem is identifed by a short name which is used
when mounting or configuring that filesystem. This name should be a
single word (without spaces), such as "opaque".
The following target names have already been used: (NONE)
Please enter a target name for your filesystem
[opaque]:
The opaque filesystem can be configured to be owned by a nominated
user, who will be able to create top-level files & directories
without needing to involve the superuser.
Which user should own the filesystem (leave blank for "root")
[]:
In order to access the opaque filesystem, it must be mounted on top
of an empty directory.
Please specify where "opaque" should be mounted
[/home/charles-chang/crypt]:
The maximum available size of your filesystem needs to be chosen so
that enough space can be reserved on your disk.
Enter the filesystem size (in MB)
[64]:
The actual encrypted filesystem will be stored in a special file,
which needs to be large enough to contain your entire encrypted
filesystem.
Enter a filename for your encrypted container
[/home/charles-chang/crypto.fs]:
Access to your encrypted filesystem is protected by a key that is
kept in a separate small file. The key is locked by a password that
you must enter whenever you mount the filesystem.
Enter a location for the keyfile
[/etc/cryptmount/opaque.key]:
------------------------------
Your filing system is now ready to be built - this will involve:
- Creating the directory "/home/charles-chang/crypt"
- Creating a 64MB file, "/home/charles-chang/crypto.fs"
- Adding an extra entry ("opaque") in /etc/cryptmount/cmtab
- Creating a key-file ("/etc/cryptmount/opaque.key")
- Creating an ext3 filingsystem on "/home/charles-chang/crypto.fs"
If you do not wish to proceed, no changes will be made to your system.
Please confirm that you want to proceed (enter "yes")
[no]: Yes
Making mount-point (/home/charles-chang/crypt)... done
Creating filesystem container (/home/charles-chang/crypto.fs)... done
Taking backup of cryptmount master config-file (/etc/cryptmount/cmtab.bckp-setup)... done
Generating filesystem access key (/etc/cryptmount/opaque.key)...
Generating random key; please be patient...
Enter new password for target "opaque":
Confirm password:
Password mismatch
Generating random key; please be patient...
Enter new password for target "opaque":
Confirm password:
Formatting encrypted filesystem...
Enter password for target "opaque":
1
------------------------------
Your new encrypted filesystem is now ready for use - to access, try:
cryptmount opaque
cd /home/charles-chang/crypt
After you have finished using the filesystem, try:
cd
cryptmount --unmount opaque
Please take great care NOT to delete or damage your keyfile
("/etc/cryptmount/opaque.key"). Without that file, and the associated
password, it will be virtually impossible to access your encrypted
filesystem. You may want to keep a separate backup copy of the
keyfile.
這樣類似 loop file 的 disk 和 mount option,passowrd 都設好了。開始 mount:
sudo cryptmount opaque Enter passowrd for target "opaque": e2fsck 1.43.3 /dev/mapper/opaaue: clean 11/16384 files. 7477/65536 blocks用 mount 來看..
/dev/mapper/opaque on /home/charles-chang/crypt type ext3 (rw,relatime,data=ordered)之後用 man cryptmount 可以看一些動作 : mount, umount, change password. list created files 等等..
操作完,從 mount 的 link 可以看到cryptmount 是類似 user file system,encrypt 作在 filesystem 下,在 device 端,
所以上層看到的是 ext3
在 man encryptmount 寫的比較多..
也有說明如何 mount 真正的 disk partition
感覺用 LUKS 比較標準..
沒有留言:
張貼留言