Using directions from Felipe Alfaro Solana, I set up an encrypted home directory in Ubuntu 7.04. I only had one problem, that exhibited an error message as follows:
Command failed: Incompatible libdevmapper 1.02.08 (2006-07-17)(compat) and kernel driver
This was caused by the dm_mod module not being loaded. I fixed it for the session by issuing a modprobe dm_mod command, and fixed it forever by adding dm_mod to my /etc/modules file.
The commands I used were as follows:
# apt-get install crypsetup dmsetup
# apt-get install libpam-mount
# echo “@include common-pammount” >> /etc/pam.d/common-auth
# echo “@include common-pammount” >> /etc/pam.d/common-session
Generate an AES random encryption key, encrypts it with the user log on password and stores it:
# dd if=/dev/urandom bs=1c count=$((256/8)) | openssl enc -aes-256-ecb > /home/summetj.key
# openssl enc -d -aes-256-ecb -in /home/summetj.key | cryptsetup -c aes -s 256 create crypt-summetj /dev/sda3
(Using my log on password.)
Make a new ext3 filesystem on top of the cryptoloop device:
# mkfs.ext3 /dev/mapper/crypt-summetj
# mkdir /mnt/crypt-summetj
# mount /dev/mapper/crypt-summetj /mnt/crypt-summetj
# chown summetj /mnt/crypt-summetj
# umount /dev/mapper/crypt-summetj
# rmdir /mnt/crypt-summetj
# dmsetup remove crypt-summetj
To test mount the encrypted volume:
# openssl enc -d -aes-256-ecb -in /home/summetj.key | mount.crypt /dev/sda3 /home/summetj -o keysize=256
To unmount it:
#umount /home/summetj
#dmsetup remove _dev_sda3
Configure pam_mount and you are done:
# echo “volume summetj crypt – /dev/sda3 /home/summetj keysize=256 aes-256-ecb /home/summetj.key” >> /etc/security/pam_mount.conf
Pingback: Jay’s Technical Talk › Encrypted home directory with Ubuntu 8.04