On Sun, Jan 28, 2007 at 15:03:59 +0000, Mark Crean wrote: > If wonder if anyone's got experience or advice to share about a good way > of using file encryption on Debian Etch? There seem to be a lot of > different methods, but which one might suit the following: > > I only want to encrypt a single folder with personal stuff in it. Around > 200 files or so. (The Truecrypt virtual disk/containers idea sounds > ideal, but I don't want to use Truecrypt. It's not in the Debian > repositories and I'm looking for something that has full Debian > support.) I guess I could use pgp but I'm wondering if there is > something else that offers the virtual disk/containers idea or similar.
The Debian package "cryptsetup" with built-in LUKS support (Linux Unified Key Setup, see http://luks.endorphin.org) will probably meet your requirements and it is relatively easy to use. A nice and concise tutorial can be found here: http://www.hermann-uwe.de/blog/howto-disk-encryption-with-dm-crypt-luks-and-debian The above link explains how to use an encrypted filesystem on a USB hard disk, i.e. how to encrypt an entire partition. If you do not want to set up a separate partition for your encrypted folder then you can create the encrypted filesystem inside a "container file". (This container file can be on any of your already existing partitions - as long as your user has read/write access, of course.) The only addition as compared to encrypting an entire partition is using a loopback device to mount the container file. You can find more information here: http://feraga.com/node/51 Debian Administration also has good tutorials (as usual): http://www.debian-administration.org/articles/469 http://www.debian-administration.org/articles/428 (The second link goes much further than you want to go, but it might be an interesting read nonetheless.) Two more things: 1) Some of the links above are a bit outdated in that they claim that you need cryptsetup from unstable if you want LUKS support. This is no longer true, the version currently in Etch supports it as well. (In fact, Etch has the same version as Sid right now.) 2) pmount supports LUKS; this means that you can mount and unmount your encrypted file system as a normal user and you will be automatically prompted for the passphrase. (No need for fstab entries, but you can put an entry into /etc/crypttab if you want the volume to be mounted automatically during boot.) -- Regards, Florian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
