Secure information store in a file using dmcrypt

I was bored and decided to harden the security for some of the stuff on my server. A server which, by many means, are secure enough. Some people would claim otherwise, as my ssh is still open to the world and not hidden behind a port knocking sequence. But that will change real soon now(tm).

dmcrypt is a Linux device mapper module written by Christopher Saout. I have read and understood all the code as part of my project of migrating Poul Henning Kamps ingenious GDBE module to device mapper, but thats another story. Dmcrypt will be more than adequate for this tutorial. Basically dmcrypt is an AES block encrypter using a single passphrase for all blocks (which makes it really lean and fast, but vulnerable to attacks)

I’ll just provide the actual commands to let you see just how easy it is:

# touch .passwords (only initially/first time)

# shred -n1 -s5M .passwords (only initially/first time)

# losetup /dev/loop0 .passwords

# cryptsetup -y create mypasswords /dev/loop0

# mkfs.ext2 /dev/mapper/mypasswords (only initially/first time)

# mount /dev/mapper/mypasswords /mnt

# ls /mnt

# umount /mnt

# cryptsetup remove mypasswords

# losetup -d /dev/loop0

Could it be easier? AES secured filestore in a single file, right there on your linux filesystem. I have omitted the pesky details on the kernel and userlevel utils, but basically you need support for AES, loop devices, device mapper for both kernel and userland.

Leave a Reply

You must be logged in to post a comment.