Difference between revisions of "Encrypted Filespace with EncFS"
(→Bonnie++ I/O Speeds) |
m (→Install the FUSE module: use last known working archive version instead of 2.7.2) |
||
(39 intermediate revisions by 8 users not shown) | |||
Line 2: | Line 2: | ||
This article based on work done by Ramuk and Andre on Linkstationwiki.org | This article based on work done by Ramuk and Andre on Linkstationwiki.org | ||
</small></font>''<br> | </small></font>''<br> | ||
− | [[Image:Warded_locked.png|frame|'''<font color =red>PowerPC | + | [[Image:Warded_locked.png|frame|'''<font color =red>PowerPC and ARM9 (KuroBox Pro)</font>''' : This method only works for the powerpc-hdhlan and powerpc-hdhglan LinkStations, and the KuroBox Pro]] |
== Abstract == | == Abstract == | ||
− | This article is for people that want to add an encrypted filespace to their Link Station. We will use the powerpc-hdhglan Link Station for our example. | + | This article is for people that want to add an encrypted filespace to their Link Station<ref>{{Forumpost|41|818|The Linkstation Community Forum / Linkstation HG (ppc) / Encrypted Partitions, and Installing modules (FUSE)}}</ref>. We will use the powerpc-hdhglan Link Station for our example. |
− | [http://arg0.net/wiki/encfs | + | [[w:EncFS|EncFS]]<ref>The EncFS Wiki: [http://arg0.net/wiki/encfs http://arg0.net/wiki/encfs]</ref> is used to do this. This probably will work on any PPC link station. It may work on a MIPS Link station |
− | but you'll have to compile the FUSE module yourself somehow. | + | but you'll have to compile the [[w:FUSE_%28linux%29|FUSE]]<ref>The FUSE Wikipedia Page: [[w:FUSE_%28linux%29|FUSE:Wikipedia]]</ref> module yourself somehow. It will also work on a manually Freelinked [[:Category:KuroboxPro|KuroBox Pro]] (ARM9) |
− | + | {{Postit|Encryption Type|EncFS was chosen because of it's relative ease and speed of use. Loop-AES could be used as well<ref>Comparison of various Encryption Schemes: [http://www.linux.com/article.pl?sid=06/03/13/1656228 Encrypt filesystems with EncFS and Loop-AES] | |
+ | </ref>, A client side encryption system like Truecrypt<ref> Truecrypt - Free open-source disk encryption software for Windows XP/2000/2003 and Linux - [http://www.truecrypt.org http://www.truecrypt.org]</ref> could be used from a windows client. The TeraStation people have a nice tutorial on using TrueCrypt<ref>[[Encryption, NTFS Support, and Windows Share Management]]</ref>}} | ||
== Prerequisites == | == Prerequisites == | ||
This article assumes that you have installed [[FreeLink]] or [[OpenLink]]. | This article assumes that you have installed [[FreeLink]] or [[OpenLink]]. | ||
− | You also will need to upgrade to a 2.6 Kernel | + | You also will need to upgrade to a 2.6 Kernel on a PPC Box, use these instructions: [[Upgrade to the 2.6-kernel (ppc only)]]. Or on an ARM9 box you will need a custom kernel and modules. |
− | == Method == | + | |
+ | == Method (ARM9 KuroBox Pro)== | ||
+ | |||
+ | ===Install Armel Debian and FUSE module=== | ||
+ | Install [[Armel Debian for the Kurobox Pro - Manual install]] or [http://forum.buffalo.nas-central.org/viewtopic.php?f=18&t=5736&p=72241&#p72241 Armel for a LSPro] and custom kernel and modules contained in those instructions | ||
+ | |||
+ | ===Install EncFS=== | ||
+ | apt-get install encfs | ||
+ | == Method (PPC)== | ||
===Install the FUSE module=== | ===Install the FUSE module=== | ||
− | * I used the binaries from André's site: | + | * I used the binaries<ref>André's documentation on the FUSE binary: [http://hvkls.dyndns.org/downloads/documentation/README-fuse.html http://hvkls.dyndns.org/downloads/documentation/README-fuse.html] |
+ | </ref> from André's site<ref>André's site with 2.6 kernel and compiled FUSE binary: [http://hvkls.dyndns.org/ http://hvkls.dyndns.org/] | ||
+ | </ref>: | ||
− | wget http://hvkls.dyndns.org/downloads/fuse_2. | + | wget http://hvkls.dyndns.org/downloads/archive/fuse_2.6.0-binaries-ppc.tar.gz |
− | tar -C / -xvzf | + | tar -C / -xvzf fuse*.tar.gz |
+ | |||
+ | EDIT: If the link above is dead, please check my server for updates -andre | ||
===Install EncFS=== | ===Install EncFS=== | ||
====FreeLink==== | ====FreeLink==== | ||
+ | =====PowerPC===== | ||
apt-get install encfs | apt-get install encfs | ||
====OpenLink==== | ====OpenLink==== | ||
− | wget http://downloads. | + | wget http://downloads.nas-central.org/ALL_LS_KB_PPC/Packages/rlog-1.3.7_ppc.tar.gz |
tar -C / xzvf rlog-1.3.7_ppc.tar.gz | tar -C / xzvf rlog-1.3.7_ppc.tar.gz | ||
− | wget http://downloads. | + | wget http://downloads.nas-central.org/ALL_LS_KB_PPC/Packages/encfs-1.3.1_ppc.tar.gz |
tar -C / xzvf encfs-1.3.1_ppc.tar.gz | tar -C / xzvf encfs-1.3.1_ppc.tar.gz | ||
+ | |||
+ | ==Post Install Usage== | ||
+ | |||
===Create an encrypted partition=== | ===Create an encrypted partition=== | ||
* place it in a shared directory if you want to access it as a file share using Samba. | * place it in a shared directory if you want to access it as a file share using Samba. | ||
− | + | encfs /mnt/locked /mnt/share/locked -- -o allow_other | |
<tt>/mnt/share</tt> here is a shared directory. <tt>/mnt/locked</tt> is where the encrypted bits will be stored and <tt>/mnt/share/locked</tt> is where the (de)crypted space will be mounted to. You will be prompted for the type of encryption that you want and for password creation. Look [http://arg0.net/wiki/encfs/intro2#examples here] for more details on using EncFS. | <tt>/mnt/share</tt> here is a shared directory. <tt>/mnt/locked</tt> is where the encrypted bits will be stored and <tt>/mnt/share/locked</tt> is where the (de)crypted space will be mounted to. You will be prompted for the type of encryption that you want and for password creation. Look [http://arg0.net/wiki/encfs/intro2#examples here] for more details on using EncFS. | ||
+ | |||
===Access Permissions=== | ===Access Permissions=== | ||
* You will have to chmod the created directory so everyone can access it | * You will have to chmod the created directory so everyone can access it | ||
Line 42: | Line 60: | ||
===Remount=== | ===Remount=== | ||
* And remount it when you need it the same way you created it, this time you will just be prompted for the password you used when you created it. | * And remount it when you need it the same way you created it, this time you will just be prompted for the password you used when you created it. | ||
− | encfs | + | encfs /mnt/locked /mnt/share/locked -- -o allow_other |
== What's the point? == | == What's the point? == | ||
− | {{Postit|Slow to Write|I've been using this solution for awhile now, it's slow to ENcode data but faster to DEcode data. So that saving (ENcoding) a file | + | {{Postit|Slow to Write|I've been using this solution for awhile now, it's slow to ENcode data but faster to DEcode data. So that saving (ENcoding) a file to an encrypted share over samba can be somewhat slow. Writing a new file to a samba share that is an EncFS volume happens for me at about 1.7 MB/s and to an unencrypted share at 5 MB/s. - [[User:Ramuk|Ramuk]] 10:58, 21 March 2008 (CDT) }} |
+ | |||
What's the point of all this? Well you can create an encrypted file space that once mounted functions completely transparently as a shared directory. Once it is unmounted, either manually or automatically (when the system is shut down) the data will only exist in an encrypted form in the encrypted directory you specified. In this example in <tt>/mnt/locked</tt> , if your linkstation is stolen or lost, as soon as it is unplugged the data will no longer be accessible without the password. Even if someone cracks open the device and takes the hard drive out all they will be able to get is encrypted gibberish in that directory. ''However'' they would be able to figure out how MANY files you had in that directory and the SIZE of each file, as EncFS encypts each file individually, not the block device. | What's the point of all this? Well you can create an encrypted file space that once mounted functions completely transparently as a shared directory. Once it is unmounted, either manually or automatically (when the system is shut down) the data will only exist in an encrypted form in the encrypted directory you specified. In this example in <tt>/mnt/locked</tt> , if your linkstation is stolen or lost, as soon as it is unplugged the data will no longer be accessible without the password. Even if someone cracks open the device and takes the hard drive out all they will be able to get is encrypted gibberish in that directory. ''However'' they would be able to figure out how MANY files you had in that directory and the SIZE of each file, as EncFS encypts each file individually, not the block device. | ||
Line 62: | Line 81: | ||
# You can change these lines to reflect the locations on your system | # You can change these lines to reflect the locations on your system | ||
# or add whatever user comments you want | # or add whatever user comments you want | ||
− | + | modprobe fuse | |
+ | |||
usage(){ | usage(){ | ||
echo "mountcrypt [m|mount|u|unmount]" | echo "mountcrypt [m|mount|u|unmount]" | ||
Line 79: | Line 99: | ||
case "$1" in | case "$1" in | ||
"m" | "mount" ) | "m" | "mount" ) | ||
− | + | encfs /mnt/locked /mnt/share/locked -- -o allow_other | |
echo "Encrypted filesystem now mounted" | echo "Encrypted filesystem now mounted" | ||
;; | ;; | ||
"u" | "unmount" ) | "u" | "unmount" ) | ||
− | + | fusermount -u /mnt/share/locked | |
echo "Encrypted filesystem has been unmounted" | echo "Encrypted filesystem has been unmounted" | ||
;; | ;; | ||
Line 94: | Line 114: | ||
== Bonnie++ I/O Speeds == | == Bonnie++ I/O Speeds == | ||
− | Here is a speed comparision using [http://www.coker.com.au/bonnie++/readme.html | + | Here is a speed comparision using Bonnie++<ref>Bonnie++ disk benchmark: [http://www.coker.com.au/bonnie++/readme.html http://www.coker.com.au/bonnie++/]</ref> as a diagnostic tool. [http://forum.nas-central.org/index.php?action=userinfo&user=722 Fifilein] is trying to use AES/DMCrypt and his numbers are in the speed comparision too<ref>[http://forum.nas-central.org/index.php?action=vthread&forum=4&topic=1277 The Linkstation Community Forum / Everything else / JBOD with ENCFS, Key on USB Stick]</ref> all numbers are from an HG-LS. |
− | < | + | |
− | Linkstation | + | |
− | + | {|cellspacing=1 cellpadding=2 | |
− | + | | | |
− | + | | | |
− | + | |colspan=6 align=center style="background:#BBBBBB; color:green"|Sequential Output | |
− | + | |colspan=4 align=center style="background:#BBBBBB; color:green"|Sequential Input | |
− | + | |colspan=2 align=center style="background:#BBBBBB; color:green"|Random | |
− | + | | | |
− | + | |colspan=6 align=center style="background:#BBBBBB; color:green"|Sequential Create | |
− | + | |colspan=6 align=center style="background:#BBBBBB; color:green"|Random Create | |
− | + | |---- | |
− | + | | | |
− | + | | | |
− | + | |colspan=2 align=center style="background:#BBBBBB; color:blue"|Per Chr | |
− | + | |colspan=2 align=center style="background:#BBBBBB; color:blue"|Block | |
− | + | |colspan=2 align=center style="background:#BBBBBB; color:blue"|Rewrite | |
− | + | |colspan=2 align=center style="background:#BBBBBB; color:blue"|Per Chr | |
− | + | |colspan=2 align=center style="background:#BBBBBB; color:blue"|Block | |
− | + | |colspan=2 align=center style="background:#BBBBBB; color:blue"|Seeks | |
− | + | | | |
− | + | |colspan=2 align=center style="background:#BBBBBB; color:blue"|Create | |
− | + | |colspan=2 align=center style="background:#BBBBBB; color:blue"|Read | |
− | + | |colspan=2 align=center style="background:#BBBBBB; color:blue"|Delete | |
− | + | |colspan=2 align=center style="background:#BBBBBB; color:blue"|Create | |
+ | |colspan=2 align=center style="background:#BBBBBB; color:blue"|Read | ||
+ | |colspan=2 align=center style="background:#BBBBBB; color:blue"|Delete | ||
+ | |---- | ||
+ | | | ||
+ | |align=center style="background:#BBBBBB; font-family: Arial Bold; color:black"|Size | ||
+ | |align=center style="background:#BBBBBB; color:black"|K/sec | ||
+ | |align=center style="background:#BBBBBB; color:black"|%CP | ||
+ | |align=center style="background:#BBBBBB; color:black"|K/sec | ||
+ | |align=center style="background:#BBBBBB; color:black"|%CP | ||
+ | |align=center style="background:#BBBBBB; color:black"|K/sec | ||
+ | |align=center style="background:#BBBBBB; color:black"|%CP | ||
+ | |align=center style="background:#BBBBBB; color:black"|K/sec | ||
+ | |align=center style="background:#BBBBBB; color:black"|%CP | ||
+ | |align=center style="background:#BBBBBB; color:black"|K/sec | ||
+ | |align=center style="background:#BBBBBB; color:black"|%CP | ||
+ | |align=center style="background:#BBBBBB; color:black"|/sec | ||
+ | |align=center style="background:#BBBBBB; color:black"|%CP | ||
+ | |align=center style="background:#BBBBBB; font-family: Arial Bold; color:black"|Files | ||
+ | |align=center style="background:#BBBBBB; color:black"|/sec | ||
+ | |align=center style="background:#BBBBBB; color:black"|%CP | ||
+ | |align=center style="background:#BBBBBB; color:black"|/sec | ||
+ | |align=center style="background:#BBBBBB; color:black"|%CP | ||
+ | |align=center style="background:#BBBBBB; color:black"|/sec | ||
+ | |align=center style="background:#BBBBBB; color:black"|%CP | ||
+ | |align=center style="background:#BBBBBB; color:black"|/sec | ||
+ | |align=center style="background:#BBBBBB; color:black"|%CP | ||
+ | |align=center style="background:#BBBBBB; color:black"|/sec | ||
+ | |align=center style="background:#BBBBBB; color:black"|%CP | ||
+ | |align=center style="background:#BBBBBB; color:black"|/sec | ||
+ | |align=center style="background:#BBBBBB; color:black"|%CP | ||
+ | |---- | ||
+ | |align=left style="background:#BBBBBB; font-family: Arial Bold; color:black"|FifNAS.XFS | ||
+ | |align=right style="background:#BBBBBB; font-family: Arial Bold; color:black"|300M | ||
+ | |align=right style="background:#DFDFDF; color:black"|2142 | ||
+ | |align=right style="background:#DFDFDF; color:black"|99 | ||
+ | |align=right style="background:#DFDFDF; color:black"|27711 | ||
+ | |align=right style="background:#DFDFDF; color:black"|90 | ||
+ | |align=right style="background:#DFDFDF; color:black"|15149 | ||
+ | |align=right style="background:#DFDFDF; color:black"|63 | ||
+ | |align=right style="background:#DFDFDF; color:black"|2246 | ||
+ | |align=right style="background:#DFDFDF; color:black"|99 | ||
+ | |align=right style="background:#DFDFDF; color:black"|40324 | ||
+ | |align=right style="background:#DFDFDF; color:black"|53 | ||
+ | |align=right style="background:#DFDFDF; color:black"|208.8 | ||
+ | |align=right style="background:#DFDFDF; color:black"|4 | ||
+ | |align=right style="background:#BBBBBB; font-family: Arial Bold; color:black"|16 | ||
+ | |align=right style="background:#DFDFDF; color:black"|290 | ||
+ | |align=right style="background:#DFDFDF; color:black"|22 | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXXXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|279 | ||
+ | |align=right style="background:#DFDFDF; color:black"|18 | ||
+ | |align=right style="background:#DFDFDF; color:black"|294 | ||
+ | |align=right style="background:#DFDFDF; color:black"|22 | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXXXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|163 | ||
+ | |align=right style="background:#DFDFDF; color:black"|10 | ||
+ | |---- | ||
+ | |align=left style="background:#BBBBBB; font-family: Arial Bold; color:black"|FifNAS.ext3 | ||
+ | |align=right style="background:#BBBBBB; font-family: Arial Bold; color:black"|300M | ||
+ | |align=right style="background:#DFDFDF; color:black"|1663 | ||
+ | |align=right style="background:#DFDFDF; color:black"|84 | ||
+ | |align=right style="background:#DFDFDF; color:black"|10052 | ||
+ | |align=right style="background:#DFDFDF; color:black"|80 | ||
+ | |align=right style="background:#DFDFDF; color:black"|11256 | ||
+ | |align=right style="background:#DFDFDF; color:black"|55 | ||
+ | |align=right style="background:#DFDFDF; color:black"|2222 | ||
+ | |align=right style="background:#DFDFDF; color:black"|98 | ||
+ | |align=right style="background:#DFDFDF; color:black"|22079 | ||
+ | |align=right style="background:#DFDFDF; color:black"|29 | ||
+ | |align=right style="background:#DFDFDF; color:black"|192.5 | ||
+ | |align=right style="background:#DFDFDF; color:black"|4 | ||
+ | |align=right style="background:#BBBBBB; font-family: Arial Bold; color:black"|16 | ||
+ | |align=right style="background:#DFDFDF; color:black"|134 | ||
+ | |align=right style="background:#DFDFDF; color:black"|99 | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXXXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|7785 | ||
+ | |align=right style="background:#DFDFDF; color:black"|95 | ||
+ | |align=right style="background:#DFDFDF; color:black"|135 | ||
+ | |align=right style="background:#DFDFDF; color:black"|99 | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXXXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|492 | ||
+ | |align=right style="background:#DFDFDF; color:black"|97 | ||
+ | |---- | ||
+ | |align=left style="background:#BBBBBB; font-family: Arial Bold; color:black"|Ramuk.ext3 | ||
+ | |align=right style="background:#BBBBBB; font-family: Arial Bold; color:black"|300M | ||
+ | |align=right style="background:#DFDFDF; color:black"|1946 | ||
+ | |align=right style="background:#DFDFDF; color:black"|95 | ||
+ | |align=right style="background:#DFDFDF; color:black"|18425 | ||
+ | |align=right style="background:#DFDFDF; color:black"|85 | ||
+ | |align=right style="background:#DFDFDF; color:black"|14093 | ||
+ | |align=right style="background:#DFDFDF; color:black"|63 | ||
+ | |align=right style="background:#DFDFDF; color:black"|2166 | ||
+ | |align=right style="background:#DFDFDF; color:black"|98 | ||
+ | |align=right style="background:#DFDFDF; color:black"|37001 | ||
+ | |align=right style="background:#DFDFDF; color:black"|57 | ||
+ | |align=right style="background:#DFDFDF; color:black"|154.2 | ||
+ | |align=right style="background:#DFDFDF; color:black"|3 | ||
+ | |align=right style="background:#BBBBBB; font-family: Arial Bold; color:black"|16 | ||
+ | |align=right style="background:#DFDFDF; color:black"|163 | ||
+ | |align=right style="background:#DFDFDF; color:black"|97 | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXXXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|7736 | ||
+ | |align=right style="background:#DFDFDF; color:black"|97 | ||
+ | |align=right style="background:#DFDFDF; color:black"|165 | ||
+ | |align=right style="background:#DFDFDF; color:black"|97 | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXXXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|850 | ||
+ | |align=right style="background:#DFDFDF; color:black"|96 | ||
+ | |---- | ||
+ | |align=left style="background:#BBBBBB; font-family: Arial Bold; color:black"|FifNAS AES256.XFS | ||
+ | |align=right style="background:#BBBBBB; font-family: Arial Bold; color:black"|300M | ||
+ | |align=right style="background:#DFDFDF; color:black"|1506 | ||
+ | |align=right style="background:#DFDFDF; color:black"|69 | ||
+ | |align=right style="background:#DFDFDF; color:black"|4292 | ||
+ | |align=right style="background:#DFDFDF; color:black"|13 | ||
+ | |align=right style="background:#DFDFDF; color:black"|2114 | ||
+ | |align=right style="background:#DFDFDF; color:black"|9 | ||
+ | |align=right style="background:#DFDFDF; color:black"|1483 | ||
+ | |align=right style="background:#DFDFDF; color:black"|65 | ||
+ | |align=right style="background:#DFDFDF; color:black"|4046 | ||
+ | |align=right style="background:#DFDFDF; color:black"|5 | ||
+ | |align=right style="background:#DFDFDF; color:black"|184.9 | ||
+ | |align=right style="background:#DFDFDF; color:black"|4 | ||
+ | |align=right style="background:#BBBBBB; font-family: Arial Bold; color:black"|16 | ||
+ | |align=right style="background:#DFDFDF; color:black"|338 | ||
+ | |align=right style="background:#DFDFDF; color:black"|95 | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXXXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|312 | ||
+ | |align=right style="background:#DFDFDF; color:black"|94 | ||
+ | |align=right style="background:#DFDFDF; color:black"|338 | ||
+ | |align=right style="background:#DFDFDF; color:black"|95 | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXXXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|223 | ||
+ | |align=right style="background:#DFDFDF; color:black"|66 | ||
+ | |---- | ||
+ | |align=left style="background:#BBBBBB; font-family: Arial Bold; color:black"|FifNAS AES256.ext3 | ||
+ | |align=right style="background:#BBBBBB; font-family: Arial Bold; color:black"|300M | ||
+ | |align=right style="background:#DFDFDF; color:black"|1259 | ||
+ | |align=right style="background:#DFDFDF; color:black"|63 | ||
+ | |align=right style="background:#DFDFDF; color:black"|2699 | ||
+ | |align=right style="background:#DFDFDF; color:black"|20 | ||
+ | |align=right style="background:#DFDFDF; color:black"|1766 | ||
+ | |align=right style="background:#DFDFDF; color:black"|9 | ||
+ | |align=right style="background:#DFDFDF; color:black"|941 | ||
+ | |align=right style="background:#DFDFDF; color:black"|78 | ||
+ | |align=right style="background:#DFDFDF; color:black"|4021 | ||
+ | |align=right style="background:#DFDFDF; color:black"|4 | ||
+ | |align=right style="background:#DFDFDF; color:black"|168.4 | ||
+ | |align=right style="background:#DFDFDF; color:black"|4 | ||
+ | |align=right style="background:#BBBBBB; font-family: Arial Bold; color:black"|16 | ||
+ | |align=right style="background:#DFDFDF; color:black"|132 | ||
+ | |align=right style="background:#DFDFDF; color:black"|98 | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXXXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|6279 | ||
+ | |align=right style="background:#DFDFDF; color:black"|77 | ||
+ | |align=right style="background:#DFDFDF; color:black"|133 | ||
+ | |align=right style="background:#DFDFDF; color:black"|98 | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXXXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|XXX | ||
+ | |align=right style="background:#DFDFDF; color:black"|448 | ||
+ | |align=right style="background:#DFDFDF; color:black"|88 | ||
+ | |---- | ||
+ | |align=left style="background:#BBBBBB; font-family: Arial Bold; color:black"|Ramuk encFS.ext3 | ||
+ | |align=right style="background:#BBBBBB; font-family: Arial Bold; color:black"|300M | ||
+ | |align=right style="background:#DFDFDF; color:black"|1042 | ||
+ | |align=right style="background:#DFDFDF; color:black"|49 | ||
+ | |align=right style="background:#DFDFDF; color:black"|2088 | ||
+ | |align=right style="background:#DFDFDF; color:black"|5 | ||
+ | |align=right style="background:#DFDFDF; color:black"|1430 | ||
+ | |align=right style="background:#DFDFDF; color:black"|5 | ||
+ | |align=right style="background:#DFDFDF; color:black"|1388 | ||
+ | |align=right style="background:#DFDFDF; color:black"|63 | ||
+ | |align=right style="background:#DFDFDF; color:black"|3619 | ||
+ | |align=right style="background:#DFDFDF; color:black"|5 | ||
+ | |align=right style="background:#DFDFDF; color:black"|74.0 | ||
+ | |align=right style="background:#DFDFDF; color:black"|1 | ||
+ | |align=right style="background:#BBBBBB; font-family: Arial Bold; color:black"|16 | ||
+ | |align=right style="background:#DFDFDF; color:black"|112 | ||
+ | |align=right style="background:#DFDFDF; color:black"|2 | ||
+ | |align=right style="background:#DFDFDF; color:black"|1311 | ||
+ | |align=right style="background:#DFDFDF; color:black"|9 | ||
+ | |align=right style="background:#DFDFDF; color:black"|704 | ||
+ | |align=right style="background:#DFDFDF; color:black"|8 | ||
+ | |align=right style="background:#DFDFDF; color:black"|112 | ||
+ | |align=right style="background:#DFDFDF; color:black"|2 | ||
+ | |align=right style="background:#DFDFDF; color:black"|1568 | ||
+ | |align=right style="background:#DFDFDF; color:black"|11 | ||
+ | |align=right style="background:#DFDFDF; color:black"|355 | ||
+ | |align=right style="background:#DFDFDF; color:black"|4 | ||
+ | |---- | ||
+ | |} | ||
== References == | == References == | ||
+ | <references/> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
[[Category:LS1]] | [[Category:LS1]] | ||
[[Category:HG]] | [[Category:HG]] | ||
[[Category:Howto]] | [[Category:Howto]] | ||
+ | [[Category:KuroboxPro]] |
Latest revision as of 04:51, 1 April 2009
This article based on work done by Ramuk and Andre on Linkstationwiki.org
Contents
Abstract
This article is for people that want to add an encrypted filespace to their Link Station[1]. We will use the powerpc-hdhglan Link Station for our example. EncFS[2] is used to do this. This probably will work on any PPC link station. It may work on a MIPS Link station but you'll have to compile the FUSE[3] module yourself somehow. It will also work on a manually Freelinked KuroBox Pro (ARM9)
Encryption Type |
![]() |
EncFS was chosen because of it's relative ease and speed of use. Loop-AES could be used as well[4], A client side encryption system like Truecrypt[5] could be used from a windows client. The TeraStation people have a nice tutorial on using TrueCrypt[6] |
Prerequisites
This article assumes that you have installed FreeLink or OpenLink. You also will need to upgrade to a 2.6 Kernel on a PPC Box, use these instructions: Upgrade to the 2.6-kernel (ppc only). Or on an ARM9 box you will need a custom kernel and modules.
Method (ARM9 KuroBox Pro)
Install Armel Debian and FUSE module
Install Armel Debian for the Kurobox Pro - Manual install or Armel for a LSPro and custom kernel and modules contained in those instructions
Install EncFS
apt-get install encfs
Method (PPC)
Install the FUSE module
wget http://hvkls.dyndns.org/downloads/archive/fuse_2.6.0-binaries-ppc.tar.gz tar -C / -xvzf fuse*.tar.gz
EDIT: If the link above is dead, please check my server for updates -andre
Install EncFS
FreeLink
PowerPC
apt-get install encfs
OpenLink
wget http://downloads.nas-central.org/ALL_LS_KB_PPC/Packages/rlog-1.3.7_ppc.tar.gz tar -C / xzvf rlog-1.3.7_ppc.tar.gz wget http://downloads.nas-central.org/ALL_LS_KB_PPC/Packages/encfs-1.3.1_ppc.tar.gz tar -C / xzvf encfs-1.3.1_ppc.tar.gz
Post Install Usage
Create an encrypted partition
- place it in a shared directory if you want to access it as a file share using Samba.
encfs /mnt/locked /mnt/share/locked -- -o allow_other
/mnt/share here is a shared directory. /mnt/locked is where the encrypted bits will be stored and /mnt/share/locked is where the (de)crypted space will be mounted to. You will be prompted for the type of encryption that you want and for password creation. Look here for more details on using EncFS.
Access Permissions
- You will have to chmod the created directory so everyone can access it
chmod og+rwx /mnt/share/locked/
Just beware that it takes a long time for files to be encrypted when you copy or move them into this directory, however you can use this directory like any other shared space with Samba. After files are placed in there they can be accessed pretty fast.
Unmount
- You can unmount the partition at any time in which case the encrypted directory will end up appearing blank.
fusermount -u /mnt/share/locked
Remount
- And remount it when you need it the same way you created it, this time you will just be prompted for the password you used when you created it.
encfs /mnt/locked /mnt/share/locked -- -o allow_other
What's the point?
Slow to Write |
![]() |
I've been using this solution for awhile now, it's slow to ENcode data but faster to DEcode data. So that saving (ENcoding) a file to an encrypted share over samba can be somewhat slow. Writing a new file to a samba share that is an EncFS volume happens for me at about 1.7 MB/s and to an unencrypted share at 5 MB/s. - Ramuk 10:58, 21 March 2008 (CDT) |
What's the point of all this? Well you can create an encrypted file space that once mounted functions completely transparently as a shared directory. Once it is unmounted, either manually or automatically (when the system is shut down) the data will only exist in an encrypted form in the encrypted directory you specified. In this example in /mnt/locked , if your linkstation is stolen or lost, as soon as it is unplugged the data will no longer be accessible without the password. Even if someone cracks open the device and takes the hard drive out all they will be able to get is encrypted gibberish in that directory. However they would be able to figure out how MANY files you had in that directory and the SIZE of each file, as EncFS encypts each file individually, not the block device.
Keyfile and Security
The keyfile is stored in the encrypted directory /mnt/locked/.encfs5 you could store it externally (on a USB Key Drive for example) and move it to the proper location if you wanted even more security.
Shell Scripts
#!/bin/bash # mountcrypt.sh # You can change these lines to reflect the locations on your system # or add whatever user comments you want modprobe fuse
usage(){ echo "mountcrypt [m|mount|u|unmount]" echo " either mounts or unmounts our encrypted shared file space to /mnt/share/locked" } if [ -z $1 ] then usage exit fi # You will have to change the directories to reflect what is on your # system here case "$1" in "m" | "mount" ) encfs /mnt/locked /mnt/share/locked -- -o allow_other echo "Encrypted filesystem now mounted" ;; "u" | "unmount" ) fusermount -u /mnt/share/locked echo "Encrypted filesystem has been unmounted" ;; * ) usage ;; esac
Bonnie++ I/O Speeds
Here is a speed comparision using Bonnie++[9] as a diagnostic tool. Fifilein is trying to use AES/DMCrypt and his numbers are in the speed comparision too[10] all numbers are from an HG-LS.
Sequential Output | Sequential Input | Random | Sequential Create | Random Create | ||||||||||||||||||||||
Per Chr | Block | Rewrite | Per Chr | Block | Seeks | Create | Read | Delete | Create | Read | Delete | |||||||||||||||
Size | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | /sec | %CP | Files | /sec | %CP | /sec | %CP | /sec | %CP | /sec | %CP | /sec | %CP | /sec | %CP | |
FifNAS.XFS | 300M | 2142 | 99 | 27711 | 90 | 15149 | 63 | 2246 | 99 | 40324 | 53 | 208.8 | 4 | 16 | 290 | 22 | XXXXX | XXX | 279 | 18 | 294 | 22 | XXXXX | XXX | 163 | 10 |
FifNAS.ext3 | 300M | 1663 | 84 | 10052 | 80 | 11256 | 55 | 2222 | 98 | 22079 | 29 | 192.5 | 4 | 16 | 134 | 99 | XXXXX | XXX | 7785 | 95 | 135 | 99 | XXXXX | XXX | 492 | 97 |
Ramuk.ext3 | 300M | 1946 | 95 | 18425 | 85 | 14093 | 63 | 2166 | 98 | 37001 | 57 | 154.2 | 3 | 16 | 163 | 97 | XXXXX | XXX | 7736 | 97 | 165 | 97 | XXXXX | XXX | 850 | 96 |
FifNAS AES256.XFS | 300M | 1506 | 69 | 4292 | 13 | 2114 | 9 | 1483 | 65 | 4046 | 5 | 184.9 | 4 | 16 | 338 | 95 | XXXXX | XXX | 312 | 94 | 338 | 95 | XXXXX | XXX | 223 | 66 |
FifNAS AES256.ext3 | 300M | 1259 | 63 | 2699 | 20 | 1766 | 9 | 941 | 78 | 4021 | 4 | 168.4 | 4 | 16 | 132 | 98 | XXXXX | XXX | 6279 | 77 | 133 | 98 | XXXXX | XXX | 448 | 88 |
Ramuk encFS.ext3 | 300M | 1042 | 49 | 2088 | 5 | 1430 | 5 | 1388 | 63 | 3619 | 5 | 74.0 | 1 | 16 | 112 | 2 | 1311 | 9 | 704 | 8 | 112 | 2 | 1568 | 11 | 355 | 4 |
References
- ↑ The Linkstation Community Forum / Linkstation HG (ppc) / Encrypted Partitions, and Installing modules (FUSE)
- ↑ The EncFS Wiki: http://arg0.net/wiki/encfs
- ↑ The FUSE Wikipedia Page: FUSE:Wikipedia
- ↑ Comparison of various Encryption Schemes: Encrypt filesystems with EncFS and Loop-AES
- ↑ Truecrypt - Free open-source disk encryption software for Windows XP/2000/2003 and Linux - http://www.truecrypt.org
- ↑ Encryption, NTFS Support, and Windows Share Management
- ↑ André's documentation on the FUSE binary: http://hvkls.dyndns.org/downloads/documentation/README-fuse.html
- ↑ André's site with 2.6 kernel and compiled FUSE binary: http://hvkls.dyndns.org/
- ↑ Bonnie++ disk benchmark: http://www.coker.com.au/bonnie++/
- ↑ The Linkstation Community Forum / Everything else / JBOD with ENCFS, Key on USB Stick