Encrypting an external hard drive on Debian (Squeeze)

Discuss a HowTo.

Moderator: How-to Curator

Encrypting an external hard drive on Debian (Squeeze)

Postby fsmithred » March 7th, 2011, 3:08 pm

Click here to read the howto

There is nothing further to... oh wait. There probably is.

I wanted to put "easy" in the title, but I had a hard time with the Preparation and Wiping sections. If you understand the concepts in those sections, then yeah, the rest is easy.
fsmithred
 
Posts: 226
Joined: February 11th, 2011, 4:14 am

Re: Encrypting an external hard drive on Debian (Squeeze)

Postby mharrison » March 7th, 2011, 3:45 pm

Ok, I'm going to use my stupid question of the day here.

First, nice howto.

As for my question. Is there any benefit, aside from security, to encrypting a drive for someone like me who is just a home user without any real sensitive data residing on my computer?

I do keep some semi-sensitive data on a thumb drive but I have never considered encrypting it as I only pull it out of the fireproof safe when I need to update what is on it.
mharrison
 
Posts: 1076
Joined: February 13th, 2011, 5:39 pm

Re: Encrypting an external hard drive on Debian (Squeeze)

Postby fsmithred » March 7th, 2011, 4:36 pm

It doesn't sound like you need encryption. If you had an external drive with personal or sensitive information that you needed to carry from one place to another, or kept the drive where it could be stolen, it makes sense to encrypt it. If you have a laptop, it makes sense to encrypt the whole thing, but that's not what this howto is about.

In either case, the encryption only works when the drive is not mounted. If someone hacks into your system when it's running and the encrypted drive is mounted, they most likely have access to those files. I say "most likely" because you could make it harder by restricting access through file permissions and ownership, but if someone has hacked into your system, there's a good chance they already have root access.

That said, in my 10 years of using linux, stories of people getting their linux boxes hacked have been very rare.
fsmithred
 
Posts: 226
Joined: February 11th, 2011, 4:14 am

Re: Encrypting an external hard drive on Debian (Squeeze)

Postby mharrison » March 7th, 2011, 4:57 pm

Cool. Even though their isn't anything I would be concerned about someone stealing, I may try this out on my external backup drive I use to backup /home. Sorry to hi-jack the discussion with a question. I'll post again after I try it out.
mharrison
 
Posts: 1076
Joined: February 13th, 2011, 5:39 pm

Re: Encrypting an external hard drive on Debian (Squeeze)

Postby MrJames » March 7th, 2011, 10:06 pm

Let's see, reasons to encrypt drives...
- Protect sensitive information
- Hide porn
- Nope, that's just about it.

Thanks for the link, man. I got an external USB backup drive I always wanted to try this on. But now I have a question: are there any Windows utilities one could use to access the drive from Windows - in case I need to use it on someone else's PC?
This signature is not available in your country.
User avatar
MrJames
 
Posts: 576
Joined: February 9th, 2011, 8:27 pm

Re: Encrypting an external hard drive on Debian (Squeeze)

Postby fsmithred » March 7th, 2011, 11:15 pm

Nadir asked this same question, maybe yesterday. I googled, and this is from wikipedia -
dm-crypt and LUKS encrypted disks can be accessed and used under MS Windows using FreeOTFE, provided that the filesystem used is supported by Windows (e.g. FAT/FAT32/NTFS).

So I guess my statement in the howto about needing a linux partition is wrong. If you try this with fat32 or ntfs, please let me know, and I'll edit the howto to mention it. (Guess I could test cryptsetup in a vm and see how it works with one of those filesystems.)

Edit: Looks like it works with ntfs. I booted a live iso in vbox, created a 1GB ntfs partition with cfdisk (gparted kept choking on making the filesystem, said it was already mounted when it wasn't), created a filesystem with
Code: Select all
mkntfs -Q /dev/mapper/something
and then ran the cryptsetup commands as in the howto. I was able to copy files to it, it shows up as ntfs in 'fdisk -l' and then I closed it and unmounted it, all with no errors.

Note: I've got ntfs-3g and ntfsprogs installed on my live system.

Edit2: edited my edit (fixed a command)
Last edited by fsmithred on March 12th, 2011, 1:31 am, edited 1 time in total.
fsmithred
 
Posts: 226
Joined: February 11th, 2011, 4:14 am

Re: Encrypting an external hard drive on Debian (Squeeze)

Postby nadir » March 9th, 2011, 2:10 am

I got a self-compiled kernel, and had problems:
Code: Select all
This will overwrite data on /dev/sdd1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
device-mapper: reload ioctl failed: Invalid argument
Failed to setup dm-crypt key mapping for device /dev/sdd1.
Check that kernel supports aes-cbc-essiv:sha256 cipher (check syslog for more info).


To make it short, i found this link (after trying it with try&error, which failed):
http://crux.nu/Wiki/Cryptsetup

As far i can tell during "make menuconfig" i picked:

Device Drivers -> Multiple Device Driver Support (RAID and LVM):
[M] Device manage support
[M] Crypt target support

Cryptographic API -> Hardware crypto devices:
Padlock driver for SHA1 and SHA256algorithms
(i have chosen more, but that seems to be it. It would be good if someone would ~know~ it).
nadir
 
Posts: 1708
Joined: February 9th, 2011, 8:07 am

Re: Encrypting an external hard drive on Debian (Squeeze)

Postby nadir » March 12th, 2011, 12:56 am

fsmithred wrote:Nadir asked this same question, maybe yesterday. I googled, and this is from wikipedia -
dm-crypt and LUKS encrypted disks can be accessed and used under MS Windows using FreeOTFE, provided that the filesystem used is supported by Windows (e.g. FAT/FAT32/NTFS).

So I guess my statement in the howto about needing a linux partition is wrong. If you try this with fat32 or ntfs, please let me know, and I'll edit the howto to mention it. (Guess I could test cryptsetup in a vm and see how it works with one of those filesystems.)

Edit: Looks like it works with ntfs. I booted a live iso in vbox, created a 1GB ntfs partition with cfdisk (gparted kept choking on making the filesystem, said it was already mounted when it wasn't), created a filesystem with
Code: Select all
mkntfs -Q /dev/sda1
and then ran the cryptsetup commands as in the howto. I was able to copy files to it, it shows up as ntfs in 'fdisk -l' and then I closed it and unmounted it, all with no errors.

Note: I've got ntfs-3g and ntfsprogs installed on my live system.

After forking around with it for some while i am quite sure that the command "mkntfs -Q /dev/sda1 " will not work.
I finally used
Code: Select all
mkntfs /dev/mapper/bu-stick

and that did it. Probably a typo (but for copy-and-paste guys like me a fatal one)
nadir
 
Posts: 1708
Joined: February 9th, 2011, 8:07 am

Re: Encrypting an external hard drive on Debian (Squeeze)

Postby fsmithred » March 12th, 2011, 1:29 am

nadir wrote:After forking around with it for some while i am quite sure that the command "mkntfs -Q /dev/sda1 " will not work.
I finally used
Code: Select all
mkntfs /dev/mapper/bu-stick

and that did it.

You're right. You have to make the filesystem after running cryptsetup, so it would be /dev/mapper/something. Sorry about that. I was so frazzled from fighting with gparted and cfdisk that I missed the typo.
fsmithred
 
Posts: 226
Joined: February 11th, 2011, 4:14 am


Return to HowTo Discussion

Who is online

Users browsing this forum: Bing [Bot] and 1 guest

cron

x