cryptmount is a utility for GNU/Linux operating systems which allows an ordinary user to mount an encrypted filing system without requiring superuser privileges. It is aimed at Linux systems using the 2.6 kernel series or later.
Technical background
There are currently two main approaches to using encrypted filesystems within the linux kernel:
The (older) cryptoloop system has grown in parallel with the loopback device-driver of 2.4 kernel series, but has now been superseded by the device-mapper capabilities of the 2.6 kernel series. The newer devmapper system offers a cleaner organization of encryption and device-access, and superior performance has been noted. Alternative user-space tools which allow individual files to be encrypted are also widely available, but allow some information about file sizes & organization to be exposed.
With the older cryptoloop system, it was possible to describe all the details of an encrypted filesystem within /etc/fstab so that it could be configured completely by 'mount'. This meant that it was particularly easy to give any user permission to mount those encrypted filesystems simply by providing the 'user' option within /etc/fstab.
With the newer device-mapper infrastructure, there are more stages involved in mounting an encrypted filing system, and neither does 'mount' currently allow this nor does the syntax of /etc/fstab lend itself to describing all the necessary filesystem parameters. This is especially so if the filesystem is stored in an ordinary file, which would require separate configuration of a loopback device and a devmapper target before the filesystem could be accessed.
cryptmount was written to make it as easy for ordinary users to access encrypted filesystems on-demand using the newer devmapper mechansism as it was to use the older, now deprecated, cryptoloop methods. This offers the following advantages:
On Debian/Ubuntu distributions, you can install Cryptmount using the following command line
After installation go for setup using bellow command line
Once the new encrypted filesystem is created, you can access it as follows (enter the name you specified for your target – hackthesec), you will be prompted to enter the password for the target.
Troubleshooting in my case
After installation i just received a error message from my ubuntu box
"Taking backup of cryptmount master config-file (@ETCDIR@/cmtab.bckp-setup)...mv: cannot stat '@ETCDIR@/cmtab': No such file or directory"
for this error just follow bellow commands
and
Changed from:
CM_CFGDIR="@ETCDIR@"
Changed to:
CM_CFGDIR="/etc/cryptmount"
Technical background
There are currently two main approaches to using encrypted filesystems within the linux kernel:
- the cryptoloop device driver;
- the device-mapper system, using the dm-crypt target.
The (older) cryptoloop system has grown in parallel with the loopback device-driver of 2.4 kernel series, but has now been superseded by the device-mapper capabilities of the 2.6 kernel series. The newer devmapper system offers a cleaner organization of encryption and device-access, and superior performance has been noted. Alternative user-space tools which allow individual files to be encrypted are also widely available, but allow some information about file sizes & organization to be exposed.
With the older cryptoloop system, it was possible to describe all the details of an encrypted filesystem within /etc/fstab so that it could be configured completely by 'mount'. This meant that it was particularly easy to give any user permission to mount those encrypted filesystems simply by providing the 'user' option within /etc/fstab.
With the newer device-mapper infrastructure, there are more stages involved in mounting an encrypted filing system, and neither does 'mount' currently allow this nor does the syntax of /etc/fstab lend itself to describing all the necessary filesystem parameters. This is especially so if the filesystem is stored in an ordinary file, which would require separate configuration of a loopback device and a devmapper target before the filesystem could be accessed.
cryptmount was written to make it as easy for ordinary users to access encrypted filesystems on-demand using the newer devmapper mechansism as it was to use the older, now deprecated, cryptoloop methods. This offers the following advantages:
- access to improved functionality in the kernel
- transparent support for filesystems stored on either raw disk partitions or loopback files
- separate encryption of filesystem access keys, allowing access passwords to be changed without re-encrypting the entire filesystem
- storing multiple encrypted filesystems within a single disk partition, using a designated subset of blocks for each
- rarely used filesystems do not need to be mounted at system startup
- un-mounting of each filesystem is locked so that this can only be performed by the user that mounted it, or the superuser
- encrypted filesystems compatible with cryptsetup
- encrypted access-keys can be chosen to be compatible with openssl, or managed via libgcrypt, or (for 2.0 release-series) built-in SHA1/Blowfish ciphers
- support for encrypted swap partitions (superuser only)
- support for setting up encrypted filesystems or crypto-swap at system boot-up
On Debian/Ubuntu distributions, you can install Cryptmount using the following command line
sudo apt install cryptmount
On RHEL/CentOS/Fedora distributions,install it from source. First start installing the required package(s) to successfully build and use cryptmount.yum install device-mapper-devel
yum groupinstall "Development tools"
Then download the latest Cryptmount source files.wget https://downloads.sourceforge.net/project/cryptmount/cryptmount/cryptmount-5.2/cryptmount-5.2.4.tar.gz
tar -xzf cryptmount-5.2.4.tar.gz
cd cryptmount-5.2.4
./configure
make
make instal
After installation go for setup using bellow command line
cryptmount-setup
Once the new encrypted filesystem is created, you can access it as follows (enter the name you specified for your target – hackthesec), you will be prompted to enter the password for the target.
cryptmount hackthesec
cd /home/crypt
To unmount the target run cd command to get out of the encrypted filesystem, then use the -u switch to unmount as shown.cryptmount -u hackthesec
For more information you can use bellow command or you can visit cryptmount website man cryptmount
man cmtab
Website - http://cryptmount.sourceforge.net/
Troubleshooting in my case
After installation i just received a error message from my ubuntu box
"Taking backup of cryptmount master config-file (@ETCDIR@/cmtab.bckp-setup)...mv: cannot stat '@ETCDIR@/cmtab': No such file or directory"
for this error just follow bellow commands
root@new:~# which cryptmount-setup
/usr/sbin/cryptmount-setup
root@new:~# vi /usr/sbin/cryptmount-setup
Changed from:
CM_CFGDIR="@ETCDIR@"
Changed to:
CM_CFGDIR="/etc/cryptmount"
0 comments:
Post a Comment