Using Encryption

Please help improve this article by expanding it. Further information might be found on the talk page.

Contents 1 Prerequisits 2 Required Packages 3 Loading Kernel Modules 4 Creating and using encrypted container 4.1 Creating container 4.2 Define container as encrypted loopback device 4.3 Creating filesystem into container 4.4 Mounting container 5 Normal using of encrypted container 6 Problems 6.1 FSG

This article describes how to use encryption for FSG, NDP and DT with firmware 4.x. Note that you have to do all as root-user and you have to be careful.

Prerequisits

You should have read and understood how to set up and use ipkg (optware): Use the Custom Ipkg Installer

Required Packages

All modules that are marked as included in kernel need not to be installed. Installing kernel-modules works like

ipkg install <devicename>-kernel-module-<modulename>

• kernel-modules
  • cryptoloop
  • loop
  • aes (include in DT- and NDP-Kernel)
  • des (include in DT- and NDP-Kernel)
• module-init-tools
• util-linux

Loading Kernel Modules

Loading a module works like

modprobe <modulename>

Unloading a module works with rmmod:

rmmod <modulename>

We have to load all modules listed in required packages but not packages, which are included in the kernel.

Creating and using encrypted container

We will create a file (called container) which contains our virtual and encrypted filesystem.

Creating container

Our test-container have only a size of 30 MB. But you can define the size as you like and place the file where you like:

dd if=/dev/zero of=/home/virtualfs bs=1024 count=30720

Define container as encrypted loopback device

If you use more than one container you have to use a different loop-device for every container:

losetup -e AES128 /dev/loop0 /home/virtualfs

It is also possible to use a longer encryption (like 256) or another algorithm. The command will ask you for a password which should be difficult and longer than 20 characters. Removing the connection between container-file and loop device works with parameter '-d':

losetup -d /dev/loop0

Creating filesystem into container

Use a filesystem you like, here we take ext2:

mkfs -t ext2 /dev/loop0

Mounting container

First create a new folder where we can mount:

mkdir /home/mountvirtualfs

Then let's mount:

mount /dev/loop0 /home/mountvirtualfs/

Now we are able to use our encrypted container. You can use all filesystem-features you like. To unmount container use:

umount /home/mountvirtualfs

Normal using of encrypted container

losetup -e AES128 /dev/loop0 /home/virtualfs
mount /home/mountvirtualfs

You can also copy the container on any other linux/unix machine which support encryption and loopback devices and do the same there.

Problems

FSG

• FSG doesn't shutdown if you forget to unload kernel-modules
• modprobe don't found cryptoloop-module. use ' insmod /lib/modules/2.6.18/kernel/drivers/block/cryptoloop.ko' for loading module.
• during unmounting related loop-device die