Loopback Encrypted Filesystem HOWTO Copyright by Ryan T. Rhea, rhear@cs.winthrop.edu v1.1, 29 November 1999 Linux JF Project JF@linux.or.jp v1.1, 30 November 1999 ±Ì¶ÍC[Uª}Egµ½Æ«ÉC»Ìàeð®I©Â§ßIÉà »·ét@CVXeÌÝèû@Ægpû@ðྵܷD±Ìt@CV XeÍÊít@CÌÉu©êéÌÅCBµt@Cɵ½èÚ§½È¢ ¼Oðt¯½èµÄCÙÆñǩ©çÈ¢æ¤É·é±ÆªÅ«Ü·D±Ì û@ÉæèCf[^ðñíÉÀSÉÛ·é±ÆªÂ\Å·D ______________________________________________________________________ Ú 1. nßéOÉ 2. ͶßÉ 3. èÌÜÆß 4. Ú×Èè 5. ú{êóÉ墀 ______________________________________________________________________ 1. nßéOÉ ±Ìðs¤ÉÍJ[lÌ\[XR[hCJ[lÌRpCÉÖ·é m¯C»ê©ç©Èè̪CªKvÅ·DN®fBXNðpӵĨ±Æð MÒͨ©ßµÜ·DܽCdvÈf[^ðûµ½t@CVXeÉÚ ·OÉÍCK¸obNAbvðæÁĨ«Üµå¤D¼Ìt@CVXeÆ ¯lÉóêé©àµêÈ¢©çÅ·D ܸÅÉCLinux J[lÉpb`ðÄÄo[WðÈÆà 2.2.9 ÈãɵĨ©È¯êÎÈèܹñDpb`ðÄéÚµ¢èÍC±Ì¶ Ì``Ú×Èè''ÌßÅãqµÜ·D J[lÌ\[XR[hÍȺÌêÉ èÜ·: <ftp://ftp.kerneli.org/> J[lÌÄRpCèÉÖ·é HOWTO ¶ÍȺÌê©çüèÅ« Ü·: <http://metalab.unc.edu/LDP/HOWTO/> {¶ÌSÌܽÍêÍCȺÌð̺ɨ¢ÄC³¿Å¡»EzzµÄ à©Ü¢Ü¹ñD o {¶ÌSÌ é¢ÍêðRs[µ½êÍCì \¦Æ±Ìø\ ¦ðc³È¯êÎÈèܹñD o |óܽÍh¶¨É¢ÄÍCzzðs¤OÉÒ̳FªKvÅ·D o {¶Ìêªðzz·éêÉÍC{¶Ì®SÈÅðüè·éèð ÜßȯêÎÈèܹñDܽC®SÈÅð¾éèiðñµÈ¯êÎÈ èܹñD o {¶É©ê½SÄÌ\[XR[hÍ GNU General Public License É ]¢Ü·D±ÌCZXÍȺÌê©ç anonymous FTP ðgÁÄüè Å«Ü·: <ftp://prep.ai.mit.edu/pub/gnu/COPYING/> 2. ͶßÉ ¡ñÌìÆÅÍC`/dev/loop*' foCX(ÊÉCXg[µÄ¢êÎ * Í 0 ©ç 7 ÜÅŵå¤)ðgÁÄ[vobNt@CVXeð}E gµÜ·D±ÌìÆÍûðp¢¸És¤±ÆàÅ«CLinux t@CVX eð Linux ÈOÌp[eBVÉu±ÆªÅ«Ü·D±êÉ¢Äq ×½ HOWTO ¶ªÈOÍ LDP É èܵ½D ½íÞ©ÌÃðg¦Ü·Dá¦Î XOR, DES, twofish, blowfish, cast128, serpent, MARS, RC6, DFC, IDEA ÈÇÅ·Dû³ê½t@CÆC»Ì ÉÜÜêét@CVXeâÃÌíÞðÖAt¯éÌÍ `losetup' (loopback setup)vOÌðÅ·D kerneli.org ÆÛÅÌ crypto pb`ðǵĢé Alexander Kjeldaas ÉæéÆC»ÝÍ DES Æ losetup ÍgÝí¹çêܹñD±êͼÒɨ¯épeBrbg̵¢ ªÙÈé½ßÅ·DDES ͼÌÃÆä×ÄÀS«ª¸ÁÆòéÌÅCDES ð T|[g·évæÍ èܹñD Twofish, blowfish, cast128, serpent ÍCÚIðâí¸É©RÉg¦éC ZXÅ·D¼ÍCZXɧÀªs¾Å·D±êç̢©ÍCAES W ÌóâÅ·DÅIIÉ¿cÁ½ÃÍCgp¿ÈµÅ¢EÅg¦éæ¤ ÉÈéŵå¤D {¶ÅÍ serpent ASYðpµÜ·DȺÈçC±ÌÃÍx ª¢ãÉÉßĬÅC©Â GPL ̺ũRÉzzÅ«é©çÅ·D serpent t®Ì¶ÉæéÆCserpent Í Ross Anderson, Eli Biham, Lars Knudsen ªÝvµ½ 128 rbgubNÌÃðgÁĢܷD±Ìà ÍC²¯¹ðgÁ½UªÈ¢±ÆðÀpÅÌxÅÛصĢܷD serpent ÉÖ·é¶Æ\[XR[hÍȺÌê©çüèÅ«Ü·: <http://www.cl.cam.ac.uk/~rja14/serpent.html> ܽ{¶ÅÍCûÌ@\ͼÚJ[lÉgÝÜêéàÌƵܷD ±êÍW [ƵÄàCXg[Å«Ü·ªC»Ìû@Í{¶ÅÍà ¾µÜ¹ñD`/etc/conf.module' t@CðÒW·éKvª éŵå¤D ±ÌèÍCæÉq×½J[lÌRpCÉÖ·é HOWTO ¶ÅÚµ ླêĢܷD 3. èÌÜÆß ìÆ͢©Ìè©çÈèÜ·D»ê¼êÌèÉ¢ÄÍCÌß ``Ú×Èè''ÅྵܷDt@XƵÄÜÆßðÅÉpӵĨ Æ¢¢¾ë¤Æl¦Üµ½ (àµÇÒÌF³ñÌ UNIX/Linux Ìo±ªLx ÈçÎC¢¸êɹæש¢à¾Ísvŵå¤)DÅÍCÜÆßðȺɦ µÜ·: 1. ÛÅÃpb`ÌÅVÅðȺÌê©ç_E[hµÜ·({¶Ì ·M_ÅÍ `patch-int-2.2.10.4' ðp¢Üµ½): <http://ftp.kerneli.org/pub/kerneli/> 2. J[lÉpb`ðÄÜ· 3. `make config'(Ü½Í `menuconfig' â `xconfig')ðÀsµÄCVµ¢J [lpÌ `Makefile' ðÝèµÜ·DûðLøÉ·é½ßÌIv VÍC ¿±¿ÉUçÎÁĢܷDܸÍÆà©CÇÌIvV æèàOÉ `Code Maturity level options' ÌºÌ `Prompt for development and/or incomplete code/drivers' ðLøɵľ³¢D ÉC`Crypto options' ÌºÌ `crypto ciphers' Æ `serpent' ðLø ɵܷDJèԵܷªC{¶ÅÍ serpent ðg¤àÌƵܷDÅ àCÇÒÌF³ñÍD«ÈàÌðµÄ¾³¢D½¾µ 2.2.10.4 Ì _ÅÍ DES ÆÍgÝí¹çêÈ¢±ÆðYêȢž³¢D¡ãàÜ ¸T|[g³êé±ÆÍȢŵå¤D`Block Devices' ̺ÉÍCIð ·×«dvÈIvVª¢Â© èÜ·D `Loopback device support', `Use relative block numbers as basis for transfer functions(RECOMMENDED)', `General encryption support' Å·D±±Å Í `cast 128' â `twofish' ÍIðµÈ¢Å¾³¢Dlbg[NÖA ÌeíÚÌºÉ éÃÖWÌIvVÍCÇêàIð·éKvÍ èܹñDJ[lÌÝèÉ¢ÄÍC±êÈãש¢ªÉͧ¿üè ܹñD±êÍ{¶ÌçõÍÍÅÍÈ¢ÌÅCLDP ÌTCgÉ é¼Ì ¶ð²ÉÈÁľ³¢D 4. Vµ¢J[lðRpCµÜ·D 5. `/etc/lilo.conf' ðÒWµÄCVµ¢J[lC[WðÇÁµÜ·D» ê©ç `lilo -v' ðÀsµÄCu[g[_ɱÌJ[lðÇÁµÜ ·D 6. ÅVÌ `util-linux' pbP[W(MÒÍ `util-linux-2.9v' ðgÁÄ¢ Ü·)ðȺÌê©çüèµÜ·: <ftp://ftp.kernel.org/pub/linux/utils/util-linux/> 7. `util-linux' Ì\[XðWJµÜ·D 8. [JÌ `/usr/src/linux/Documentation/crypto/' fBNgÉ éCg¢½¢ÃÉηépb`ðÄÜ·D 9. `INSTALL' t@CðÓ[Çñž³¢! ±ÌpbP[WÉÍCV Xe˶Ìt@C(`login', `passwd', `init' Æ¢Á½dvÈc[ Q)Ì\[XR[hª½³ñüÁĢܷD MCONFIG t@Cð¢¢Á ¸ÉÒWµÄ±êçÌ\[XðRpCµÄµÜ¤ÆCVXeªß ¿á¿áÉÈé©àµêܹñ - N®fBXN©VbgKðpÓµ Ĩ«Üµå¤Dî{IÉÍCÙÆñÇSÄÌ `HAVE_*' ÌÚð `yes' ɵĨ«CdvÈFØc[ÌRpCÆ㫪síêÈ¢æ¤É µÄ¨«Üµå¤DÄ\zÌKvª éc[ÍCVµ¢Ã»è@ÉÎ ³¹é `mount' Æ `losetup' Å·D±ÌXebvÉ¢ÄÍCãqÌ ``Ú×Èè''ÌßðQÆ·é±Æð¨©ßµÜ·D 10. `util-linux' Ì\[XÌRpCÆCXg[ðs¢Ü·D 11. Vµ¢J[lÅ}VðÄN®µÜ·D 12. `/etc/fstab' ðÒWµCȺÌæ¤È}Eg|CgÌÚðÇÁµÜ ·: ______________________________________________________________________ /dev/loop0 /mnt/crypt ext2 user,noauto,rw,loop 0 0 ______________________________________________________________________ 13. t@CVXeð}Eg·é½ßÌfBNgðìèÜ·DãLÌ áÅÍ `/mnt/crypt' Å·D 14. êÊ[U ÀÅCû·ét@CðȺÌæ¤ÉµÄìèÜ·: dd if=/dev/urandom of=/etc/cryptfile bs=1M count=10 15. ȺÌæ¤É losetup ðÀsµÜ·: losetup -e serpent /dev/loop0 /etc/cryptfile pX[hðüÍ·é@ïÍêxµ©È¢ÌÅӵľ³¢DpX[h Ìñd`FbN𵽯êÎCȺÌR}hðg¢Üµå¤: losetup -d /dev/loop0 ±ÌR}hÍ loop foCXðANeBuÅÈ¢óÔɵܷDÉà¤ê x losetup ðÀsµCȺÌæ¤ÉµÄpX[hðmFµÜ·D losetup -e serpent /dev/loop0 /etc/cryptfile 16. ext2 t@CVXeðȺÌæ¤ÉµÄ쬵ܷ: mkfs -t ext2 /dev/loop0 17. ±±ÅCûµ½t@CVXeðȺÌR}hÅ}EgµÜ·: mount -t ext2 /dev/loop0 /mnt/crypt 18. t@CVXeÌgpðI¹µ½çCȺÌR}hÅt@CVXe ðA}EgµÄÛìµÜ·: umount /dev/loop0 losetup -d /dev/loop0 4. Ú×Èè J[lÖÌpb`Ä: pb`ðÄÄC`2.2.x' [X©çAbvO[hµÜ·D `2.2.x' ü ¯É[X³êÄ¢é»ê¼êÌpb`ÍoOC³Å·DV@\ÍJÅJ [lÅ é `2.3.x' ÉÇÁ³êÜ·Dpb`ðÄÄCXg[·éÉ ÍC»ÝÌo[WæèVµ¢pb`t@CðSÄüèµCȺÌR} hðÀsµÜ·: cd /usr/src gzip -cd patchXX.gz | patch -p0 »ÝÌ\[Xc[æèo[WԪ嫢àÌðSÄCXX ÉÄÍß Ä¢«Ü·D±êÍÔÉs¢Ü·D J[l\[XÌftHgÌfBNgÍ `/usr/src/linux' Å·D\[ XªÊÌêÉCXg[³êÄ¢éêÍC`/usr/src/linux' ©çV {bNNð£é±Æð¨©ßµÜ·D `util-linux' pbP[WÌRpC̽ßÉ `MCONFIG' ðÒWµÜ·: Ⱥɦ·ÌÍCMÒª `util-linux' pbP[WÌRpCÉgÁ½ `MCONFIG' t@CÅ·D±êÍMÒÌÝè(RedHat 5.2 ð éöxx[XÉ µÄ¢Ü·) É©ÈèÁ»µÄ¢éÌÅӵľ³¢DmÀÉçé׫_ ÍC`login', `getty', `passwd' Æ¢Á½dvÈVXet@Cðã« µÈ¢±ÆÅ·DÆè ¦¸CdvÈsðȺɦµÜ·: ______________________________________________________________________ CPU=$(shell uname -m | sed s/I.86/intel/) LOCALEDIR=/usr/share/locale HAVE_PAM=no HAVE_SHADOW=yes HAVE_PASSWD=yes REQUIRE_PASSWORD=yes ONLY_LISTED_SHELLS=yes HAVE_SYSVINIT=yes HAVE_SYSVINIT_UTILS=yes HAVE_GETTY=yes USE_TTY_GROUP=yes HAVE_RESET=yes HAVE_SLN=yes CC=gcc ______________________________________________________________________ ¨©ß: 8 ÂÌ[vobNfoCX(`dev/loop0' ©ç `/dev/loop7' ÜÅ)ÌÇêð gÁÄà梱ÆÉӵľ³¢DܽC}Eg|CgÍÚ§½È¢ fBNgɵܵå¤DMÒÍCz[fBNgȺÉp[~bV 700 ÌfBNgðìé±Æð¨©ßµÜ·D¯¶±Æªf[^ðüê ét@CÉྦܷDMÒÍ `/etc' tH_àÉ `sysfile' â `config.data' Æ¢Á½t@C¼Åu¢Ä¢Ü·D±êÍÊC©¦³êÜ ·D MÒÍC1 R}hÅt@CVXeÌ}EgÆA}Egðs¤½ß ÌCÆÄàÈPÈ Perl XNvgð«Üµ½DȺÌàeÌt@Cðì èC±êðÀsÂ\ɵ(chmod u+x)CpXªÊÁ½êÉu¢Ä¾³¢D ______________________________________________________________________ #!/usr/bin/perl -w # #minimal utility to setup loopback encryption filesystem #Copyright 1999 by Ryan T. Rhea `losetup -e serpent /dev/loop0 /etc/cryptfile`; `mount /mnt/crypt`; ______________________________________________________________________ ãLÌXNvgð `loop' Ƽt¯Ü·D±êðg¤ÆCR}hê Â(`loop')ÆpX[hüÍÅ}Egðs¦Ü·D ______________________________________________________________________ #!/usr/bin/perl -w # #minimal utility to deactivate loopback encryption filesystem #Copyright 1999 by Ryan T. Rhea `umount /mount/crypt`; `losetup -d /dev/loop0`; ______________________________________________________________________ 2 ÂÚÌXNvgð `unloop' Ƽt¯Ü·D`unloop' ðÀs·éÆC· ®Ét@CVXeðñANeBuÉÅ«Ü·D 5. ú{êóÉ墀 ú{êóÍ Linux Japanese FAQ Project ªs¢Üµ½B|óÉÖ·é²Ó© Í JF vWFNg <JF@linux.or.jp> ¶ÉAµÄ¾³¢B üùððȺɦµÜ·B v1.0j, 27 November 1999 |ó: ¡´Pà <fujiwara@linux.or.jp> Z³: o é³½ <takavoid@palette.plala.or.jp> o ìY <nakano@apm.seikei.ac.jp> o äLõ <takei@cc.kochi-u.ac.jp> v1.1j, 29 November 1999 |ó: ¡´Pà <fujiwara@linux.or.jp>