{"id":18,"date":"2007-07-08T21:20:00","date_gmt":"2007-07-08T21:20:00","guid":{"rendered":"http:\/\/zensonic.dk\/?p=18"},"modified":"2017-04-09T10:04:13","modified_gmt":"2017-04-09T10:04:13","slug":"secure-information-store-in-a-file-using-dmcrypt","status":"publish","type":"post","link":"https:\/\/zensonic.dk\/?p=18","title":{"rendered":"Secure information store in a file using dmcrypt"},"content":{"rendered":"<p>I was bored and decided to harden the security for some of the stuff on <a href=\"https:\/\/zensonic.dk\/phpsysinfo\/\" title=\"my server\">my server<\/a>. A server which, by many means, are secure enough. Some <a title=\"people\" href=\"http:\/\/www.olemichaelsen.dk\/\">people<\/a> would claim otherwise, as my ssh is still open to the world and not hidden behind a port knocking sequence. But that will change real soon now(tm).<\/p>\n<p>dmcrypt is a Linux device mapper module written by Christopher Saout. I have read and understood all the code as part of my project of migrating <a title=\"Paul Henning Kamps\" href=\"http:\/\/people.freebsd.org\/~phk\/\">Poul Henning Kamps<\/a> ingenious <a title=\"GBDE\" href=\"http:\/\/phk.freebsd.dk\/pubs\/bsdcon-03.gbde.paper.pdf\">GDBE<\/a> module to device mapper, but thats another story. Dmcrypt will be more than adequate for this tutorial. Basically dmcrypt is an AES block encrypter using a single passphrase for <strong>all<\/strong> blocks (which makes it really lean and fast, but vulnerable to attacks)<\/p>\n<p>I&#8217;ll just provide the actual commands to let you see just how easy it is:<\/p>\n<p># touch .passwords (only initially\/first time)<\/p>\n<p># shred -n1 -s5M .passwords (only initially\/first time)<\/p>\n<p># losetup \/dev\/loop0 .passwords<\/p>\n<p># cryptsetup -y create mypasswords \/dev\/loop0<\/p>\n<p># mkfs.ext2 \/dev\/mapper\/mypasswords (only initially\/first time)<\/p>\n<p># mount \/dev\/mapper\/mypasswords \/mnt<\/p>\n<p># ls \/mnt<\/p>\n<p># umount \/mnt<\/p>\n<p># cryptsetup\u00c2\u00a0remove mypasswords<\/p>\n<p># losetup -d \/dev\/loop0<\/p>\n<p>Could it be easier? AES secured filestore in a single file, right there on your linux filesystem. I have omitted the pesky details on the kernel and userlevel utils, but basically you need support for AES, loop devices, device\u00c2\u00a0mapper for both kernel and userland.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I was bored and decided to harden the security for some of the stuff on my server. A server which, by many means, are secure enough. Some people would claim otherwise, as my ssh is still open to the world and not hidden behind a port knocking sequence. But that will change real soon now(tm). [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-18","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/zensonic.dk\/index.php?rest_route=\/wp\/v2\/posts\/18"}],"collection":[{"href":"https:\/\/zensonic.dk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zensonic.dk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zensonic.dk\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/zensonic.dk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=18"}],"version-history":[{"count":0,"href":"https:\/\/zensonic.dk\/index.php?rest_route=\/wp\/v2\/posts\/18\/revisions"}],"wp:attachment":[{"href":"https:\/\/zensonic.dk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=18"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zensonic.dk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=18"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zensonic.dk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=18"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}