
                      Loopback Encrypted Filesystem HOWTO
                                       
ߣRyan T. Rhea, zzrhear@pobox.winthrop.edu
ߣƽ tchao@worldnet.att.net

   v1.1, 29 November 1999 ڣ2000115
     _________________________________________________________________
   
   ļΰװʹһʹ߼ɶ̬ȡرܼ
   ĵݵĵϵͳĵϵͳͨļڣΪļ
   أҲʹüܻᱻԵһĵƴţԴϴİ
   ȫ
     _________________________________________________________________
   
1. ǰ

2. 

3. ժҪ

4. ϸ
     _________________________________________________________________
   
1. ǰ

   ĵϵͳҪں˵Դ롢༭ģͬʱǿҽ
   ֱʱ̿á Ҫϳڴڼܵĵϵͳ֮ǰӦ
   ݱ棬 ΪκδڵԵ϶⵽𻵲ȡõĿܡ
   
   ҪɽĵϵͳҪ޲ Linux ں 2.2.9 档޲ϸ
     [1]ϸ һڵݡ
   
   ںԴɴַأ
   
     [2]ftp://ftp.kerneli.org/
     
   رں˵ĳɲ HOWTO ļַ£
   
     [3]http://metalab.unc.edu/LDP/HOWTO/
     
   ļȫĻ򲿷תأշã
   
     * ȫĻ򲿷תӦȫаȨ˵תͬ顣
     * κηļɵıɢǰӦȡߵͬ⡣
     * ֻɢĲݣӦɢıȡñȫĵϸ
       ;
     * Դܵ GNU һ㹫֤ı֤ݿͨ
       FTP ַأ
       
     [4]ftp://prep.ai.mit.edu/pub/gnu/COPYING/
     
2. 

   ʹá/dev/loop*ڶװϵͳ* Ϊ 0-7  loopback 
   ϵͳ ַͬɽ Linux ĵϵͳܵشڷ Linux ָ
   ǰ LDP ַϴйⷽ HOWTO
   
   ĵܵķ࣬ XOR, DES, twofish, blowfish, cast128,
   serpent, MARS, RC6, DFC  IDEA losetupʽĹǽĵ
   ĵϵͳϵһ𡣸ݹ kerneli.org ͹ʼ޲
   international crypto patches Alexander Kjeldaas Ŀ DES
    losetup Ŀǰݡ  parity bit ķͬ
   ԵʡĿǰ Linux ϵͳ֧ DES ļƻΪ DES ļ̶ܳȱȽ
   ܡ
   
   Twofish, blowfish, cast128  serpent ʹãûκ֤
   ơ һЩ֤Ĺ涨ЩѡΪ AES ׼
   ѡ뽫Ϊȫʹõ롣
   
   ʹ serpent ܷܣΪּܷǿм죬ͬʱ
   GPL Ĺ涨ɢ  serpent йصļָserpent ʹ
   Ross Anderson, Eli Biham  Lars Knudsen Ƶĳ 128-bit 顣
   ʹߵıҪṩ֤߱ ΪĿǰΪֹ޽ļ򵥰취
   й serpent ļԴɴַأ
   
     [5]http://www.cl.cam.ac.uk/~rja14/serpent.html
     
   ļʹֱ߽ӱںˡҲΪģ룬 
   ļвδַۡҲ򵥣ֻ༭
   /etc/conf.module; ǰᵽĹ춱༭ں˵ HOWTO ļ
   
3. ժҪ

   漰ಽ衣½ [6]ϸ жЩϸ˵ ȶ
   ЩժҪ˵Ҳǲ⣬Ϊ Unix  Linux ĸҲ
   Ҫϸ衣 Щ£
   
    1. µĹʼ޲ (дʱ°汾Ϊ
       patch-int-2.2.10.4)
       
     [7]http://ftp.kerneli.org/pub/kerneli/
    2. ޲ں
    3.  'config' ( 'menuconfig'  'xconfig')Ϊں
       'MakeFile' 趨ܵĸѡһȣҪ趨κѡ
       ѡ 'Code Maturity level options' µ 'Prompt for
       development and/or incomplete code/drivers' 'Crypto options' 
       ѡ 'crypto ciphers'  'serpent' ڴٴμʹ
       serpent ܣҲļܰ취 ڴ˱ָDES 
       2.2.10.4 涼ϵͳ - δҲݡ 'Block
       Devices' мҪѡѡ 'Loopback device
       support', 'Use relative block numbers as basis for transfer
       functions (RECOMMENDED)'  'General encryption support' ȸ
       Ҫѡ 'cast 128'  'twofish' ܡڸ·Ҳѡȡ
       μѡ κйں˵÷ɲ LDP ļڴ˴ٴ
       ׸
    4. ༭ں
    5. ༭ '/etc/lilo.conf'Աĵںˡ 'lilo -v'
       ں˼ӵ boot loader ڡ
    6. ַµ 'util-linux' Դ (˴ʹ
       'util-linux-2.9v' )
       
     [8]ftp://ftp.kernel.org/pub/linux/utils/util-linux/
    7. ѹ 'util-linux' Դ롣
    8.  '/usr/src/linux/Documentation/crypto/' Ŀ¼ڵӦ޲
       
    9. ϸĶ 'INSTALL'ϵͳйصĵԴ Ҫ
       Ĺ'login', 'passwd''init'ȣڱ༭ЩԴ֮ǰ 
       ϸر༭ MCONFIGͷʱƬãΪϵͳʱ
        ϣ 'HAVE_*' ɡyesʹҪϵͳ
       ᱻġ ҪؽĹ 'mount'  'losetup'ʺµļ
       Ҫ ϸڲο [9]ϸ 
   10. ༭Ͱװ 'util-linux'
   11. ںԡ
   12. ༭ '/etc/fstab'Ӽص㣬£
       ______________________________________________________________
     
/dev/loop0  /mnt/crypt  ext2  user,noauto,rw,loop 0 0
       ______________________________________________________________
     
   13.  '/mnt/crypt' ķʽմĵϵͳĿ¼
   14. Ϊʹߣմܵĵ£
       
dd if=/dev/urandom of=/etc/cryptfile bs=1M count=10

   15.  losetup £
       
losetup -e serpent /dev/loop0 /etc/cryptfile

       ע⣺趨ʹĻֻһΡָʹ룺
       
losetup -d /dev/loop0

       ָʹ loop device ֹͣá losetup Ϳɲʹ
       룬£
       
losetup -e serpent /dev/loop0 /etc/cryptfile

   16. 趨 ext2 ĵϵͳ£
       
mkfs -t ext2 /dev/loop0 100000

   17. ʱͿɼؼܵĵϵͳ
       
mount -t ext2 /dev/loop0 /mnt/crypt

   18. ɼ֮ᣬжغͱĵϵͳ£
       
umount /dev/loop0
losetup -d /dev/loop0'

4. ϸ

   ں޲
   
   ɴӡ2.2.xں˿ʼ޲ںˡΪ2.2.xں˱д޲
   bugfixes ¹ܶ Linux 2.3.xĿںˡ
   ޲ں˵İ취ȡ޲ Ȼָ޲
   
cd /usr/src
gzip -cd patchXX.gz  patch -p0

   ظ xx 汾޲Ӵ͵ xx ߵķ޲
   
   ںԴĬĿ¼ '/usr/src/linux'ԴĿ¼ɴ
   '/usr/src/linux' һӣsymbolic link
   
   Ϊ 'util-linux' ı༭趨 'MCONFIG'
   
   Ǳ༭ 'util-linux' ʱ޸ 'MCONFIG' Ĳݡϵͳ汾Ĳ
   ͬ޸ķʽȫͬ ˴ RedHat 5.2 Ϊ׼ؼ֮ǲҪ
   Ҫϵͳߣ 'login''getty''passwd' ȡгһЩ
   Ҫ趨
       ______________________________________________________________
     
CPU=$(shell uname -m sed s/I.86/intel/)

LOCALEDIR=/usr/share/locale

HAVE_PAM=no

HAVE_SHADOW=yes

HAVE_PASSWD=yes

REQUIRE_PASSWORD=yes

ONLY_LISTED_SHELLS=yes

HAVE_SYSVINIT=yes

HAVE_SYSVINIT_UTILS=yes

HAVE_GETTY=yes

USE_TTY_GROUP=yes

HAVE_RESET=yes

HAVE_SLN=yes

CC=gcc
       ______________________________________________________________
     
   飺
   
   'dev/loop0'  '/dev/loop7' 8  loopback devices ڴ˴
   Ŀ¼Ʋ̫۵Ŀ¼Ϊص㡣 home Ŀ¼ڽһȨΪ
   700 ļĿ¼ Ҳò۵Ŀ¼żĵ '/etc' ʹ
   'sysfile'  'config.data' ơ һƵĿ¼ĵ̫
   ע⡣
   
    Perl űڼغжĵϵͳ䳭ϵͳĳɿ
   chmod u+x Ȼ·Ŀ¼С
       ______________________________________________________________
     
#!/usr/bin/perl -w
#
#minimal utility to setup loopback encryption filesystem
#Copyright 1999 by Ryan T. Rhea
`losetup -e serpent /dev/loop0 /etc/cryptfile`;
`mount /mnt/crypt`;
       ______________________________________________________________
     
   űΪ 'loop'Ϳһָ'loop'趨 loopback 
   ĵϵͳ
       ______________________________________________________________
     
#!/usr/bin/perl -w
#
#minimal utility to deactivate loopback encryption filesystem
#Copyright 1999 by Ryan T. Rhea
`umount /mount/crypt`;
`losetup -d /dev/loop0`;
       ______________________________________________________________
     
   űΪ 'unloop'ֻҪ 'unloop' Ϳֹͣĵϵͳ
   

References

   1. file://localhost/tmp/zh-sgmltools.26907/Loopback-Encrypted-Filesystem-HOWTO.txt.html#%B8%D4%B2%D3%A4%BA%AEe
   2. ftp://ftp.kerneli.org/
   3. http://metalab.unc.edu/LDP/HOWTO/
   4. ftp://prep.ai.mit.edu/pub/gnu/COPYING/
   5. http://www.cl.cam.ac.uk/~rja14/serpent.html
   6. file://localhost/tmp/zh-sgmltools.26907/Loopback-Encrypted-Filesystem-HOWTO.txt.html#%B8%D4%B2%D3%A4%BA%AEe
   7. http://ftp.kerneli.org/pub/kerneli/
   8. ftp://ftp.kernel.org/pub/linux/utils/util-linux/
   9. file://localhost/tmp/zh-sgmltools.26907/Loopback-Encrypted-Filesystem-HOWTO.txt.html#%B8%D4%B2%D3%A4%BA%AEe
