{"id":172,"date":"2008-05-16T11:53:03","date_gmt":"2008-05-16T11:53:03","guid":{"rendered":"http:\/\/blog.stmellion.org\/?p=172"},"modified":"2008-05-16T11:53:33","modified_gmt":"2008-05-16T11:53:33","slug":"encrypted-filesystems-revised","status":"publish","type":"post","link":"https:\/\/blog.stmellion.org\/?p=172","title":{"rendered":"Encrypted Filesystems Revised"},"content":{"rendered":"<p>Some years back I <a href=\"https:\/\/blog.stmellion.org\/wp-trackback.php?p=24\">blogged<\/a> about encrypted filesystems.  That info is still valid but times have moved on and there are other, better ways now.<\/p>\n<p>I can&#8217;t take any credit for this info, it all comes from <a href=\"http:\/\/blog.gnist.org\/article.php?story=EncryptedSwapAndHomeUbuntu\">the blog of Lars Strand<\/a>.  My thanks to him for taking the trouble to make it public.  I&#8217;m just putting it on my own blog because it&#8217;s of such value and enables me to extract just the elements I require.<\/p>\n<p><strong>Encrypting Swap<\/strong><\/p>\n<p>Add this to \/etc\/crypttab:<br \/>\ncryptoswap \/dev\/hda2 \/dev\/urandom cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,swap<\/p>\n<p>And this it \/etc\/fstab:<br \/>\n\/dev\/mapper\/cryptoswap swap swap sw 0 0<\/p>\n<p>That&#8217;s it!  Much simpler than the old methods that involved editing swap init scripts.<\/p>\n<p><strong>Create an Encrypted Filesystem<\/strong><br \/>\ncryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat \/dev\/md8<br \/>\ncryptsetup luksOpen \/dev\/md8 crypt<br \/>\nmkfs.ext3 \/dev\/mapper\/crypt<\/p>\n<p>Add this to \/etc\/crypttab:-<br \/>\ncrypt \/dev\/md8 noauto luks<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Some years back I blogged about encrypted filesystems. That info is still valid but times have moved on and there are other, better ways now. I can&#8217;t take any credit for this info, it all comes from the blog of Lars Strand. My thanks to him for taking the trouble to make it public. I&#8217;m&hellip; <a class=\"more-link\" href=\"https:\/\/blog.stmellion.org\/?p=172\">Continue reading <span class=\"screen-reader-text\">Encrypted Filesystems Revised<\/span><\/a><\/p>\n","protected":false},"author":24,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-172","post","type-post","status-publish","format-standard","hentry","category-debian","entry"],"_links":{"self":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/posts\/172","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=172"}],"version-history":[{"count":0,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/posts\/172\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}