Novell Home

Encrypting Data Partitions

Novell Cool Solutions: Feature
By Kirk Coombs

Digg This - Slashdot This

Posted: 24 Aug 2005
 

Applies To:

  • SUSE Linux Enterprise Server
  • SUSE Linux Professional
  • Novell Linux Desktop
  • Open Enterprise Server
Note: If the password for an encrypted partition is forgotten, all data will be unrecoverable!

YaST includes the option to encrypt partitions. It is a good idea to encrypt any partitions that contain sensitive data.

  1. In the YaST Partitioner create a new partition as normal:
    1. Select 'Create.'
    2. Select the disk to create the partition on.
    3. Select whether a primary or extended partition should be created (if prompted).
  2. In the create partition dialog, select a filesystem (other than swap or FAT) and a mount point. Note that you CANNOT encrypt /, /usr, /boot, or swap.
  3. Select a size for the partition.
  4. Check "Encrypt File System" and select 'OK'.
  5. Enter a password and select 'OK'.

The encrypted filesystem is created and its entry is added /etc/cryptotab. For example:

# cat /etc/cryptotab
/dev/loop0 /dev/sdb1 /encrypted_mount_point reiserfs \ twofish256,acl,user_xattr

When the system boots, a password is required before the filesystem is mounted:

Activating crypto devices using /etc/cryptotab ...
Please enter passphrase for /dev/sdb1:

It can be mounted and unmounted with the /etc/init.t/boot.crypto script. For example:

To mount:

/etc/init.d/boot.crypto start

To unmount:

/etc/init.d/boot.crypto stop

Alternatively, the mount commands can be used directly.

To mount an encrypted partition, a loopback device must first be established:

# losetup -e twofish256 /dev/loop0 /dev/sdb1
Password:

Then, the loopback device can be mounted:

# mount /dev/loop0 /encrypted_mount_point

To unmount, simply use the umount command then delete the loopback device:

# umount /encrypted_mount_point
# losetup -d /dev/loop0

Note that if you get an error like "mount: you must specify the filesystem type" when mounting, you may have entered the wrong password. Delete the loopback device and try again.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell