cryptoswap 0.0.3

  Date Added: March 06, 2010  |  Visits: 598


The cryptoswap package supports building an encrypted swap partition when a system boots. This must be necessary on systems that use encrypted filesystems because plaintext secrets may be written to disk when memory is swapped to disk. should be installed in /etc/init.d. During system boot, should execute right before When shutting down, cryptoswap should execute after sysklogd. This package also includes an initialization script for building loopback encrypted /tmp. This may be necessary if a system contains encrypted filesystems but / is not encrypted. A link from directories like /var/tmp to /tmp may be appropriate. There are a few other alternatives for systems such as these: 1. Tmpfs is a Linux kernel feature that allows /tmp to exist in memory. This is a good solution for systems with a lot of memory and/or (encrypted) swap. 2. If you have a system that uses encrypted home directories, per-user temporary directories inside $HOME could be used. This would ensure that users data is protected but would require that all applications use $HOME/tmp instead of /tmp. Finally, the project may be used to create an encrypted root filesystem. Doing so requires two special partitions. First, create a small partition to hold your kernel and initrd image, /dev/hdaX. Second create a large partition to contain the root of your filesystem, /dev/hdaY. Next configure and install an initrd-based boot system: 1. Ensure romfs is compiled in your kernel (not a module). 2. Create a kernel-supported filesystem on /dev/hdaX and copy your kernel to /vmlinux. 3. Download busybox and extract it as initrd/busybox. 4. Update initrd/src/etc/modules.initrd to include any modules needed to boot. 5. Build cryptoswaps initrd image (cd initrd && make initrd) and copy it to the filesystem on /dev/hdaX at /initrd.img.gz. 6. Make sure you use literal = "root=/dev/ram0 init=/linuxrc rw" or LILO equivalent. Finally, create a proper encrypted filesystem on /dev/hdaY: 1. Randomize the partition: dd if=/dev/urandom of=/dev/hdaY. 2. Set up a loopback device: openssl enc -d -aes-256-ecb -in initrd/src/etc/efsk | losetup -p0 -e aes /dev/loop0 /dev/hdaY. 3. Create the root filesystem: mkfs.ext2 /dev/loop0. 4. Mount your new root filesystem: mount /dev/loop0 . 5. Populate your new root filesystem. Whats New in This Release: - Added initrd build environment. - Documentation update..

Requirements: No special requirements
Platforms: Linux
Keyword: Create Create A Cryptoswap Encrypted Filesystem May Be Monitoring Partition Swap Partition System
Users rating: 0/10

License: Freeware Size: 204.8 KB
