Encrypting Data Partitions
Novell Cool Solutions: Feature
By Kirk Coombs
Digg This -
Posted: 24 Aug 2005
- SUSE Linux Enterprise Server
- SUSE Linux Professional
- Novell Linux Desktop
- Open Enterprise Server
YaST includes the option to encrypt partitions. It is a good idea to encrypt any partitions that contain sensitive data.
- In the YaST Partitioner create a new partition as normal:
- Select 'Create.'
- Select the disk to create the partition on.
- Select whether a primary or extended partition should be created (if prompted).
- In the create partition dialog, select a filesystem (other than swap or FAT) and a mount point. Note that you CANNOT encrypt /, /usr, /boot, or swap.
- Select a size for the partition.
- Check "Encrypt File System" and select 'OK'.
- Enter a password and select 'OK'.
The encrypted filesystem is created and its entry is added /etc/cryptotab. For example:
# cat /etc/cryptotab
/dev/loop0 /dev/sdb1 /encrypted_mount_point reiserfs \ twofish256,acl,user_xattr
When the system boots, a password is required before the filesystem is mounted:
Activating crypto devices using /etc/cryptotab ...
Please enter passphrase for /dev/sdb1:
It can be mounted and unmounted with the /etc/init.t/boot.crypto script. For example:
Alternatively, the mount commands can be used directly.
To mount an encrypted partition, a loopback device must first be established:
# losetup -e twofish256 /dev/loop0 /dev/sdb1
Then, the loopback device can be mounted:
# mount /dev/loop0 /encrypted_mount_point
To unmount, simply use the umount command then delete the loopback device:
# umount /encrypted_mount_point
# losetup -d /dev/loop0
Note that if you get an error like "mount: you must specify the filesystem type" when mounting, you may have entered the wrong password. Delete the loopback device and try again.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com