-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/28/2014 04:57 PM, Walter Dnes wrote: > I want to set up my notebook for use whilst travelling. I intend to > have an innocuous /home/waltdnes partion on the notebook, and have the > "real" $HOME (a copy of my desktop machine's $HOME) on a 128 gigabyte > USB key. When I want to access it, I'll mount the USB key over > /home/waltdnes. That protects against the notebook being lost/stolen. > The next question is how do I guard the data on the USB key. I'm > looking at using cryptsetup to encrypt the USB key. Some interesting > stuff on Google... http://sleepyhead.de/howto/?href=cryptpart shows how > to use cryptsetup with and without LUKS. > > ======================================================================== > dm-crypt without LUKS > > # cryptsetup -y create sdc1 /dev/sdc1 # or any other partition like /dev/loop0 > # dmsetup ls # check it, will display: sdc1 (254, 0) > # mkfs.ext3 /dev/mapper/sdc1 # This is done only the first time! > # mount -t ext3 /dev/mapper/sdc1 /mnt > # umount /mnt/ > # cryptsetup remove sdc1 # Detach the encrypted partition > > Do exactly the same (without the mkfs part!) to re-attach the partition. > If the password is not correct, the mount command will fail. In this > case simply remove the map sdc1 (cryptsetup remove sdc1) and create it > again. > ======================================================================== > > I did a --pretend emerge of cryptsetup, and I see that it pulls in > lvm2 as a dependancy, presumably to enable the /dev/mapper/* entries. > Any comments on whether I'm better off with or without LUKS? I also > intend to use ext2, because I understand that a journalling fs is murder > on USB keys. >
I suggest with LUKS. Also I suggest using ext4 and disabling the journal (mkfs.ext4 -O ^has_journal). Gentoo has some pretty good init scripts for dmcrypt that you can use to mount your usb key when ready, check it out in /etc/conf.d/dmcrypt. - -Zero -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTXwWWAAoJEKXdFCfdEflKgMkP/AjZAEi+ltpEDS320Kf70SFd tIrQrYhNM+DggnX0JlW0C37zM82ecCbfOGqvSGgkgbUtmUznBCKKfa1wbauljQS1 aBlXYv4RfNH/ZJ2ldrnnfd/BHbHLIJIkobXBfFsMS8s7EIQI+IOLr3dbWiYAzqIb eKfqjGAJqlvWK+9MmFTJkZdT3KgQU1KJdvKyq7UK7bt6Fi/3a8zRm7N0UU4h0lQd VQcfUm7Lq6nNUMJldtwp4uL+vxZREFSszSID1blqHQpzxBAHZO8ntSwLq98W0W1P E0fqTbifEu7jBY14ek2jysdPj/bHvNJulUIj6sqTc5qenu8ozwnt0olzkS1M0Yrr vzzF/HKbV70GjSjbx9cSVgv5opyTq+9n3oH5u7L87T0sXQdAch2yW0HpeQlCuYQe EPHt10zP0AtnSlLMIr7D2pVNI2NvsIrWsIdAC9op9ZtxYSnTgruBGyH2xw3QM6XZ A2NAemrbq6J2DGihC0kEBvBDTylUW5RL7WOQuxjmelp27sV2/lqtRTBaWz/cFGrK PvqEZuKkWW9ThpuAdEsSbZNGhf+wka+B8swAOlBXqSVIx5VKmTsxp92wJs3UEzT+ 3NyjWx/nmk1IHFAAQqLebcciBKE4/5Ix+9CJ1QHQsvC70iSXcyyBH6YkrHor9bJM X0M40ycF4uss0QtKmWEe =6vUW -----END PGP SIGNATURE-----