Play to Ubuntu Linux encryption file system Chapter

When Ubuntu Linux uses the Encrypting File system, the security of the data is well protected. In this case, even if we send the machine to the hacker, as long as they do not have the key, the hacker can see the data will be a bunch of garbled, no use value to say.

This article describes in detail how to use Dm-crypt to create a encrypting File system. Compared to other methods of creating encrypting file Systems, the DM-CRYPT system has unparalleled advantages: it is faster and more user-friendly. In addition, it has a wide range of applications that can be run on a variety of block devices, even if the devices use RAID and LVM without hindrance. The Dm-crypt system has these advantages, mainly because the technology is based on the 2.6 version of the device-mapper characteristics of the kernel. Device-mapper is designed to provide a versatile and flexible way to add virtual layers on top of a real block device to facilitate the processing of mirroring, snapshots, cascading, and encryption by developers. In addition, Dm-crypt uses the kernel Password application programming interface to achieve transparent encryption and is compatible with Cryptloop systems.

First, configure the kernel

Dm-crypt uses the kernel's password application programming interface to complete the password operation. In general, the kernel usually loads a variety of cryptographic programs as modules. For 256-bit AES, the security intensity is already very high, even if the data used to protect the top secret level is sufficient. Therefore, in this article we use the 256-bit AES password, in order to ensure that your kernel has loaded the AES password module, please use the following command to check:

$ cat /proc/cryptoIf you see an output similar to the following, the AES module is already loaded:

name　　　　 : aes
module　　　 : aes
type　　　　 : cipher
blocksize　　: 16
min keysize　: 16
max keysize　: 32

Otherwise, we can use Modprobe to load the AES module manually, as shown in the following order:

$ sudo modprobe aes

Next, install the Dmsetup software package, which contains the tools you need to configure Device-mapper:

$ sudo apt-get install dmsetup cryptsetupTo check if the Dmsetup package has established a device image program, type the following command:

$ ls -l /dev/mapper/control

Next, load the Dm-crypt kernel module:

$ sudo modprobe dm-cryptWhen Dm-crypt is loaded, it is automatically registered with Evice-mapper. If checked again, Device-mapper has been able to recognize Dm-crypt and add crypt as an available object:

$ sudo dmsetup targetsIf everything goes well, now you should see the following output of crypt:

crypt　　　　　　v1.1.0
striped　　　　　v1.0.2
linear　　　　　 v1.0.1
error　　　　　　v1.0.1

This means that our system is ready to load the encryption device. Next, let's build a cryptographic device first.