#######################################################################
# Crypotographic Filesystems in Linux ( debian, woody unstable 2.4.19 )
#######################################################################
# By -> Christopher M Downs
# 12-20-02

# FOR THE IMPATIENT LIKE ME !

# ok so you wanna protect your data right ? I would hope so, so do I :) 
# Im gonna show you how encrypt a filesystem in Linux using Debian.
# Primary ref page is at: http://www.kerneli.org

#Lets make a dir to work from and get the pacthes we need:
#cdowns@Evicerated:~$ cd /usr/src/ ; sudo /bin/mkdir Crypto
#cdowns@Evicerated:/usr/src$ ls -l
#total 31836
#drwxr-sr-x    3 root     src          4096 Dec 20 12:55 Crypto
#-rw-r--r--    1 root     src        322239 Oct 18 09:54 grsecurity-1.9.7d-2.4.19.patch
#lrwxrwxrwx    1 root     src            12 Dec 20 13:12 linux -> linux-2.4.19
#drwxr-xr-x   15 573      573          4096 Dec 20 13:19 linux-2.4.19
#-rw-r--r--    1 root     src      32219641 Dec  1 06:02 linux-2.4.19.tar.gz
#drwxr-xr-x    7 root     root         4096 Dec 18 14:32 rpm
#cdowns@Evicerated:/usr/src$

# Lets continue:
# NOTE -> cdowns@Evicerated:/usr/src/Crypto$ sudo /bin/uname -a
Linux Evicerated 2.4.19 #1 Fri Dec 20 13:15:40 EST 2002 i686 unknown unknown GNU/Linux
cdowns@Evicerated:/usr/src/Crypto$
# NOTE -> make sure you are downloading the matching running kernel version for patch-int-2.4.19.0.gz !

#cdowns@Evicerated:/usr/src$ cd Crypto/
#Evicerated:~# wget http://www.us.kernel.org/pub/linux/utils/util-linux/util-linux-2.11r.tar.gz
#Evicerated:~# wget http://www.us.kernel.org/pub/linux/kernel/crypto/v2.4/testing/patch-int-2.4.19.0.gz
#Evicerated:~# wget http://easynews.dl.sourceforge.net/sourceforge/cryptoapi/util-linux-2.11r.patch.bz2

# NOTE: to check /sbin/losetup if it needs to be patched just either man losetup and or look for and entry that only says 
# "Supported Encryption Types XOR DES *"
# If you see this then you need and international patched losetup to allow other Encrytpion types to be used.


#SUPER NOTE: when patching util-linux you could blow up your machine and not be able to boot up again so dont screw it up.

# ok so now you need to rebuild your kernel with Cryptoapi modules.
# cdowns@Evicerated:/usr/src/Crypto$ sudo /bin/gzip patch-int-2.4.19.0.gz ; cd ../linux ; sudo /usr/bin/patch -p1 </usr/src/Crypto/patch-int-2.4.19.0
#sudo /usr/bin/ make menconfig dep
# goto Cryptography support and do:
# <M> CryptoAPI support                                           x x   
# <M> Cipher Algorithms                                           x x   
#  --- 128 bit blocksize                                          x x   
# <M>  AES (aka Rijndael) cipher                                  x x   
# <M>  Twofish cipher                                             x x   
# <M>  MARS cipher                                                x x   
# <M>  RC6 cipher                                                 x x   
# <M>  Serpent cipher
# <M> Crypto Devices                                              x x   
# <M>  Loop Crypto support                                        x x   
# [ ]   Atomic Loop Crypto                                        x x   
# [*]   Loop IV hack 

# One more thing is to make sure you have loop.o compiled in as a module.
# goto Block devices
# <M> Loopback device support

# Now you are ready to compile.
# Exit and Save, this will start automatic modules compilation.
# once this is done do:

# sudo /sbin/modprobe cryptoloop
# sudo /sbin/modprobe cryptoapi
# Depending on the cipher you want next
# sudo /sbin/modprobe cipher-twofish

# now chech to make sure everything is loaded correctly.
# cdowns@Evicerated:/usr/src/Crypto$ sudo /sbin/lsmod 
#Module                  Size  Used by    Not tainted
#cipher-twofish         40340   0  (unused)
#cryptoloop              1740   0  (unused)
#cryptoapi               3380   5  [cipher-twofish cryptoloop]
#loop                    7960   0  [cryptoloop]
#tulip                  37248   1 
#cdowns@Evicerated:/usr/src/Crypto$

# So if you see modules loaded correctly now move on to recompiling and patching linux-util
# NOTE -> make sure the version and patch version match.
# sudo /bin/tar zvxf util-linux-2.11r.tar.gz
# sudo /bin/bzip2 -d util-linux-2.11r.patch.bz 
# cd util-linux-2.11r ; sudo /usr/bin/patch -p1 </usr/src/Crypto/util-linux-2.11r.patch

# Make sure all patches SUCCESSFUL, DO Not continue if it does not.
# sudo ./configure && sudo /usr/bin/make ; sudo make install

# Now onto bigger and better things, Lets create an encrypted filesystem
# Ready ????? I hope so.

# Lets create a data block filles with randon data at a specified size we want, so for this lets do a small on
# just for the sake of example.

# cdowns@Evicerated:/usr/src/Crypto$ cd
#cdowns@Evicerated:~$ sudo /bin/dd if=/dev/urandom of=/home/cdowns/secure bs=1k count=256
#256+0 records in
#256+0 records out
#262144 bytes transferred in 0.166559 seconds (1573881 bytes/sec)
#cdowns@Evicerated:~$

# now lets setup the volume using losetup and our cipher
#cdowns@Evicerated:~$ sudo /sbin/losetup -e twofish /dev/loop0 /home/cdowns/secure 
#Available keysizes (bits): 128 192 256 
#Keysize: 128  
#Password: 
#cdowns@Evicerated:~$

# Lets make a filesystem
#cdowns@Evicerated:~$ sudo /sbin/mkfs -t ext2 /dev/loop0
#mke2fs 1.32 (09-Nov-2002)
#Filesystem label=
#OS type: Linux
#Block size=1024 (log=0)
#Fragment size=1024 (log=0)
#32 inodes, 256 blocks
#12 blocks (4.69%) reserved for the super user
#First data block=1
#1 block group
#8192 blocks per group, 8192 fragments per group
#32 inodes per group
#
#Writing inode tables: done                            
#Writing superblocks and filesystem accounting information: done
#
#This filesystem will be automatically checked every 26 mounts or
#180 days, whichever comes first.  Use tune2fs -c or -i to override.
#cdowns@Evicerated:~$

# now lets mount the volume just like any other.
# cdowns@Evicerated:~$ sudo /bin/mkdir /mnt/secure
# cdowns@Evicerated:~$ sudo /bin/mount -t ext2 /dev/loop0 /mnt/secure/
# cdowns@Evicerated:~$ cd /mnt/secure/
#cdowns@Evicerated:/mnt/secure$ ls
#lost+found
#cdowns@Evicerated:/mnt/secure$ ls -l
#total 12
#drwx------    2 root     root        12288 Dec 20 14:04 lost+found
#cdowns@Evicerated:/mnt/secure$

# There you have it ! a nice new Encrypted Filesystem, obviously user permissions become play here as well.

# lets unmount the volume, cause say we are done with it.
# cdowns@Evicerated:~$ sudo /bin/umount /dev/loop0 
#cdowns@Evicerated:~$ sudo /sbin/losetup -d /dev/loop0
#cdowns@Evicerated:~$ sudo /bin/sync
#cdowns@Evicerated:~$ df -h
#Filesystem            Size  Used Avail Use% Mounted on
#/dev/hdb3              18G  1.1G   16G   7% /
#/dev/hdb1              23M   11M   11M  50% /boot
#cdowns@Evicerated:~$

# Thats it from me now your own your own ! ENCRYPT some Filesystems !!!!
# cdowns@skillsoft.com