如何在Linux下使用loop-aes加密设备？

Question

您需要修补内核、losetup 和挂载。该软件包通常称为 util-linux，您可以从以下位置获取补丁这里。如果您不想从循环 aes 设备启动，这非常简单：

# Write 65 lines of random data to keyfile.txt This will be used as a key for
# the data on the disk and your password will be as a key for this file.
# You will need this file and the password to access your data.
# Keep them safe.
gpg -c --cipher-algo aes256 --digest-algo sha512 < keyfile.txt > keyfile.gpg
rm keyfile.txt # Better if you never write this to disk in the first place.
losetup -e aes256 -H sha512 -K keyfile.gpg /dev/loopX /dev/sdXX
mke2fs -t ext4 /dev/loopX
mount /dev/loopX /mnt

# To mount it later
mount -o loop=/dev/loopX,encryption=aes256,hash=sha512,gpgkey=keyfile.gpg /dev/sdXX /mnt

如果您想加密根分区，那么我建议您阅读广泛的内容文档。基本上，您需要创建一个 initramfs 并将其存储在未加密的启动分区上。

您可以将 keyfile.gpg（以及引导分区，如果您决定加密根）存储在可移动 USB 设备上。

Answer 1

您需要修补内核、losetup 和挂载。该软件包通常称为 util-linux，您可以从以下位置获取补丁这里。如果您不想从循环 aes 设备启动，这非常简单：

# Write 65 lines of random data to keyfile.txt This will be used as a key for
# the data on the disk and your password will be as a key for this file.
# You will need this file and the password to access your data.
# Keep them safe.
gpg -c --cipher-algo aes256 --digest-algo sha512 < keyfile.txt > keyfile.gpg
rm keyfile.txt # Better if you never write this to disk in the first place.
losetup -e aes256 -H sha512 -K keyfile.gpg /dev/loopX /dev/sdXX
mke2fs -t ext4 /dev/loopX
mount /dev/loopX /mnt

# To mount it later
mount -o loop=/dev/loopX,encryption=aes256,hash=sha512,gpgkey=keyfile.gpg /dev/sdXX /mnt

如果您想加密根分区，那么我建议您阅读广泛的内容文档。基本上，您需要创建一个 initramfs 并将其存储在未加密的启动分区上。

您可以将 keyfile.gpg（以及引导分区，如果您决定加密根）存储在可移动 USB 设备上。

如何在Linux下使用loop-aes加密设备？

答案1

相关内容