
                      Loopback Encrypted Filesystem HOWTO
                                       
@̡GRyan T. Rhea, zzrhear@pobox.winthrop.edu
Ķ̡G tchao@worldnet.att.net

   v1.1, 29 November 1999 ½ĶG2000~115
     _________________________________________________________________
   
   pw˩MϥΤ@بϥΪ̥[iʺAMLݱĨSOBJN[
   KɤeɨtΡCoؤɨtΦsbq`󤺡Ai@ä
   áA]iϥηi|Q@ɦW٦sAHƾڸxsw
   C
     _________________________________________________________________
   
1. e

2. ɨ

3. Kn

4. ԲӤe
     _________________________________________________________________
   
1. e

   إ߳oӤɨtλݭn֪NXBsNXOM@ߡAPɱjPĳ
   HɦҰʽLiΡC ⭫nƪsb[KɨtΤeAs
   @ƥOsA ]sbqƳDlaiΪiC
   
   nإ߳oӤɨtΡA_Xn׸ Linux  2.2.9 C׸ɪӸ`
   A U [1]ԲӤe @`eC
   
   ַNXiqUC}UG
   
     [2]ftp://ftp.kerneli.org/
     
   󭫽s֪{ǥid\ HOWTO A}pUG
   
     [3]http://metalab.unc.edu/LDP/HOWTO/
     
   oiγAOΡAݲŦXUCG
   
     * bγCvMoPNѡC
     * ½ĶΥѳoͦ奻boeo@̪ѭPNC
     * pGuo峡eAhbo奻CJo媺ԲӤ
       kM~|C
     * 夺ҦNX GNU @뤽@\iO@C\ieiqLΦW
       FTP }UG
       
     [4]ftp://prep.ai.mit.edu/pub/gnu/COPYING/
     
2. ɨ

   oL{ϥΡ/dev/loop*]bhƦw˨tΤ*  0-7 ^[ loopback 
   ɨtΡC ĥΦPؤkiN Linux ɨtΤ[KasbD Linux ΰ
   Cbez LDP }Ws_o譱 HOWTOC
   
   ɥ[Kk˼hA]A XOR, DES, twofish, blowfish, cast128,
   serpent, MARS, RC6, DFC M IDEAC losetup{u@KON[KɩM
   ɨtΤΨKXptb@_Cھں޲z kerneli.org Mڥ[K׸ɳn
   ]international crypto patches^ Alexander Kjeldaas ͪݪkA DES
   M losetup ثeäݮeC oOѤ_oسnBz parity bit kP
   tGCثe Linux tΨõL DES peA] DES KX[K{פ
   YKC
   
   Twofish, blowfish, cast128 M serpent KXiNϥΡAS\i
   C LKXi঳@ǳ\i譱WwCǱKXJ@ AES зǡC
   ̫wKXN@@ɧKOϥΪKXC
   
   ϥ serpent [Kk[KA]oإ[KkOKʱjAB淥֡APɮھ
   GPL WwiKOoC b serpent 󤤫XAserpent nϥ
   Ross Anderson, Eli Biham M Lars Knudsen ]p 128-bit KXաC
   oϥΪ̪OKnDѤF̰OҡA ]ثeAõLѽX²k
   C serpent Ψ䷽NXiqUC}UG
   
     [5]http://www.cl.cam.ac.uk/~rja14/serpent.html
     
   o󰲳]ϥΪ̱NKXsJ֡CLAKX]i@ҲսsJA b
   Ӥ󤤨åoؤk[HQסCLk]˼²Auݽs
   /etc/conf.module; Աe쪺s褺֪ HOWTO C
   
3. Kn

   oL{Aγ\hBJCbU` [6]ԲӤe oǨBJԲӻC 
   oǨBJ@XKn]\ODNA] Unix M Linux ]\
   nԲӨBJC oǨBJpUG
   
    1. U̷sڥ[K׸ɳn (sgɪ̷s
       patch-int-2.2.10.4)G
       
     [7]http://ftp.kerneli.org/pub/kerneli/
    2. ׸ɤ
    3. B 'config' ( 'menuconfig'  'xconfig')Asֳ]m
       'MakeFile'C ]w[KUӿﶵäb@_CAn]wﶵ
       o 'Code Maturity level options' U 'Prompt for
       development and/or incomplete code/drivers'Cb 'Crypto options' 
       U 'crypto ciphers' M 'serpent' ⶵCbA]ϥ
       serpent [KAL]iեΨL[KkC bݫXADES 
       2.2.10.4 ٻPtΤݮe - pӤ]|ݮeCb 'Block
       Devices' ULӭnﶵݿwCo]A 'Loopback device
       support', 'Use relative block numbers as basis for transfer
       functions (RECOMMENDED)' M 'General encryption support' UC
       Bn 'cast 128'  'twofish' [KC~bUغ]ݿ
       [KﶵC ֪]mkiѾ\ LDP AbBA
       حzC
    4. ss
    5. s '/etc/lilo.conf'AHKb]mɤW[s֡CB 'lilo -v'
       N֥[ boot loader C
    6. qUC}U̷s 'util-linux' NX (Bϥ
       'util-linux-2.9v' )G
       
     [8]ftp://ftp.kernel.org/pub/linux/utils/util-linux/
    7.  'util-linux' NXC
    8. QΦb '/usr/src/linux/Documentation/crypto/' ؿ׸ɳn
       C
    9. JӾ\Ū 'INSTALL'CoMn󤺦\hPtΦɪNX ]n
       up'login', 'passwd'M'init'^CpGbsoǷNXe 
       JӦas MCONFIGA̦nYHɦҰʤiΡA]tHɳ|
       C 򥻤WANҦ 'HAVE_*' ]yesAϩҦntγn󳣤
       |QC ݭnتuO 'mount' M 'losetup'AHAXs[K
       nC Ӹ`ѬݤU [9]ԲӤe C
   10. sMw 'util-linux'C
   11. ηs֭sҰʹqC
   12. s '/etc/fstab'AW[[IABJpUG
       ______________________________________________________________
     
/dev/loop0  /mnt/crypt  ext2  user,noauto,rw,loop 0 0
       ______________________________________________________________
     
   13. pW '/mnt/crypt' 覡Aإ߯বsɨtΪؿC
   14. @ϥΪ̡As[KɦpUG
       
dd if=/dev/urandom of=/etc/cryptfile bs=1M count=10

   15. B losetup pUG
       
losetup -e serpent /dev/loop0 /etc/cryptfile

       `NG]wϥαKX|u@CiΤUCOd֨ϥαKXG
       
losetup -d /dev/loop0

       oO| loop device @ΡCHAҰ losetup Niըϥ
       KXAkpUG
       
losetup -e serpent /dev/loop0 /etc/cryptfile

   16. ]w ext2 ɨtΦpUG
       
mkfs -t ext2 /dev/loop0 100000

   17. ɴNi[[KɨtΡG
       
mount -t ext2 /dev/loop0 /mnt/crypt

   18. [KAiMO@ɨtΦpUG
       
umount /dev/loop0
losetup -d /dev/loop0'

4. ԲӤe

   ֭׸ɳnG
   
   iq2.2.xֶ}l׸ɤ֡C2.2.xֽsg׸ɳn
   a{ǡ]bugfixes^C s\ೣ|[J Linux 2.3.x}o֡C
   ׸ɤ֪kOoҦ׸ɳnA MHUCO׸ɡG
   
cd /usr/src
gzip -cd patchXX.gz  patch -p0

   _ xx U׸ɡAqǧC xx V̦׸ɡC
   
   ַNXq{ؿO '/usr/src/linux'CpNXbLؿAiq
   '/usr/src/linux' إߤ@ӲŸs]symbolic link^C
   
    'util-linux' s]w 'MCONFIG'G
   
   HUOs 'util-linux' ɭק 'MCONFIG' ɪeCHۨtΪ
   PAק覡äۦPA B򥻤WH RedHat 5.2 ǡC䤧BOn
   л\ntΤuA p'login'B'getty''passwd' CHUCX@ǭ
   n]wG
       ______________________________________________________________
     
CPU=$(shell uname -m sed s/I.86/intel/)

LOCALEDIR=/usr/share/locale

HAVE_PAM=no

HAVE_SHADOW=yes

HAVE_PASSWD=yes

REQUIRE_PASSWORD=yes

ONLY_LISTED_SHELLS=yes

HAVE_SYSVINIT=yes

HAVE_SYSVINIT_UTILS=yes

HAVE_GETTY=yes

USE_TTY_GROUP=yes

HAVE_RESET=yes

HAVE_SLN=yes

CC=gcc
       ______________________________________________________________
     
   ĳG
   
   q'dev/loop0'  '/dev/loop7'Ao 8  loopback devices iΤ_BC
   QΥؿW٤㲴ؿ@[ICb home ؿإߤ@v
   700 [KؿC ]Τ㲴ؿs[KɡCb '/etc' ϥ
   'sysfile'  'config.data' oW١C @oW٪ؿΤɳӨ
   H`NC
   
   UC Perl }iΤ_[MɨtΡCNۤJtΡA令iB
   ]chmod u+x^A Msb|ؿC
       ______________________________________________________________
     
#!/usr/bin/perl -w
#
#minimal utility to setup loopback encryption filesystem
#Copyright 1999 by Ryan T. Rhea
`losetup -e serpent /dev/loop0 /etc/cryptfile`;
`mount /mnt/crypt`;
       ______________________________________________________________
     
   NWz}٬ 'loop'ANiΤ@ӫO]'loop'^MKX]w loopback [K
   ɨtΡC
       ______________________________________________________________
     
#!/usr/bin/perl -w
#
#minimal utility to deactivate loopback encryption filesystem
#Copyright 1999 by Ryan T. Rhea
`umount /mount/crypt`;
`losetup -d /dev/loop0`;
       ______________________________________________________________
     
   NoӸ}٬ 'unloop'AHunJ 'unloop' NiߧYoӤɨt
   B@C

References

   1. file://localhost/tmp/zh-sgmltools.26907/Loopback-Encrypted-Filesystem-HOWTO.txt.html#%B8%D4%B2%D3%A4%BA%AEe
   2. ftp://ftp.kerneli.org/
   3. http://metalab.unc.edu/LDP/HOWTO/
   4. ftp://prep.ai.mit.edu/pub/gnu/COPYING/
   5. http://www.cl.cam.ac.uk/~rja14/serpent.html
   6. file://localhost/tmp/zh-sgmltools.26907/Loopback-Encrypted-Filesystem-HOWTO.txt.html#%B8%D4%B2%D3%A4%BA%AEe
   7. http://ftp.kerneli.org/pub/kerneli/
   8. ftp://ftp.kernel.org/pub/linux/utils/util-linux/
   9. file://localhost/tmp/zh-sgmltools.26907/Loopback-Encrypted-Filesystem-HOWTO.txt.html#%B8%D4%B2%D3%A4%BA%AEe
