I want to install Ubuntu 10.04 in my USB flash drive and boot from it because in my working place, only centos is installed in workstations.In advance, I thought of encrypting the installation of Ubuntu in the USB flash drive and In would be very thankfull if some can give me some help regarding this.Basically what I need is, encrypted Ubuntu installation in my usb fashdrive and can boot from it.
View 2 RepliesI recently had to reinstall ubuntu, so I backed up both my ~.gnupgp and ~.gnome2 folders and copied them over in the new installation. My old keys show up just fine in the password manager, but when I attempt to open a file encrypted with one of them, I get the error: "Could not display (name of file): There is no application installed for PGP/MIME-encrypted message header files"
View 1 Replies View RelatedI installed Ubuntu 10.10 64 on my laptop with the entire 500gb setup as encrypted LVM. This has worked well for several months with no problems. During this time i have been backing up the data to an external usb drive (1tb) on a regular basis. The usb drive was not encrypted. So, I thought it would be a good idea to encrypt the backup drive too. I wiped out the backup drive and set it up as one large encrypted lvm and mbr. This seemed to work fine but immediately afterwards I decided to erase that and set it up as encrypted lvm guid instead of mbr. I couldn't delete it while logged into my desktop so i decided to do it from a bootable gparted usb stick. In gparted i erased the 1TB backup drive once again and planned on setting it up the way I wanted once I was logged back into my ubuntu desktop. Now I cant boot into my desktop with the following errors:
cryptsetup: evms_activate is not available b0d) does not begin with /dev/mapper/
Then after waiting for a few minutes I get an error followed by (initramfs)
When booting from a live version of ubuntu the 250MB boot patition is recognized and 500 partion is there but it is labeled as empty/unused.
Also, I did choose to use the exact same passphrase as what is used on the main bootable drive when I set up the encrypted partition on the external 1TB drive.
I've just started using ubuntu one. However, some of the files I store on there are sensitive so I encrypt them using seahorse. Right click, encrypt etc etc. My question is, is there a way to automatically get the encrypt process to delete the un-encrypted file when it makes the new encrypted copy?
View 6 Replies View RelatedDoes grub2 support booting off of encrypted partitions? I'd like to have an encrypted linux system, but only have space for one partition or logical group in my mbr. Or can I include that one /boot partition in the lvm group.
View 8 Replies View RelatedMy laptop running on ubuntu has been having some issues and it's giving error reports on logging in. Because I want to retrieve my files above all else, I installed ubuntu to a usb-stick and booted it directly from there. I can asses /media/myharddrive/home and there's a folder called lennard, which is the user account on my laptop. I can't open it however, because I don't have the necessary permissions. I'm afraid I encrypted it with an option that was standard to ubuntu. I have a 23-digit code right in front of me but I'm not asked to enter it so I don't know what to do with it right now.
View 1 Replies View RelatedAround six months ago (last time I reinstalled Ubuntu 9.10), on a whim I decided to check that option to "encrypt [my] home directory". I wanted to see what it was like. Mistake. Since then, I've been unable to figure out how to access the data in my home directory using any method besides booting the computer (usb drive, rip-out-and-stick-it-in-an-enclosure, etc.). Specifically, I find that shell script sitting there that tells you to run it in order to see your files, but it gives some kind of error. I also still have the code Ubuntu tells you to write down in order to decrypt your files.
Fast forward to this past week. I brought in the laptop to Best Buy for repairs to the hinge (the hinge! Ace Hardware could fix this problem! But I wanted to make full use of the service plan.), and I got a phone call a few days later, saying that it hit Best Buy's "No Lemon" policy. They were going to keep my computer and give me in-store credit toward a new one. Of course, I refused to pay ~$70 for them to back up my data for me; what could possibly happen to it when they were fixing a hardware problem?
Anyways, I pleaded with them for my hard drive back, and they said that they could ship the hard drive back to the store so I could get my data off of it. I'm planning on going in there with my external backup hard drive and an external enclosure and doing it myself at the counter (If they charge $70 to back up a Windows partition, how much more will they charge for an encrypted Linux one?). I don't want to embarrass myself by standing around and not being able to get into my own data.
I managed to make an encrypted backup of my ubuntu box onto my server and was also able to restore it. I mainly followed this tutorial here. Altough everything worked fine I have two questions:What is that part for ? Quote: export PASSPHRASE=your_passphrase
Just for the fun of it, and to see how it would handle incremental backups I ran the backup command a second time and was, to my surprise, asked to provide my GpG password. Whys that? And how can I "auto-login", since I would like to run this command in a cron job.
During the installation of Ubuntu Karmic, I picked the option that encrypts my home directory.
A few questions:
(1) Shortly after installation, I was asked to run a command to print a key necessary for data recovery from a rescue CD. I didn't run it at the time and am now looking for the command to run. What is it?
(2) I think I read somewhere that this also encrypts swap. Great. Correct me if that's wrong.
(3) If I suspend the machine, is my home directory encrypted? That is, if I have this on a laptop and travel with the suspended laptop and someone steals it, are my data safe, or not?
(4) I assume the weakest point in the system is my relatively short login password (but I think the install tests it and found it okay). Is there a recommendation how long this should be?
i started on the "Installation & Upgrades" Forum. So this is basically a repost. I configured an encrypted swap during the installation process of my kubuntu maverick using the manual install CD. I do not use LVM. This worked fine but I made the mistake of assigning a password to the encrypted swap. I would like to change this in favor for a random key. I tried to change /etc/crypttab in the following way:
[code]...
Now the system still asks for a password for sda7_crypt at startup, but does not recognize the old password. It seems that the swap gets a random key and works fine anyway, so I really want to remove only the question for the PW at boot time. This is not a big issue, but it is annoying. When the system is up I can do swapoff and swapon without problems and no password is needed. Directly after boot swap works:
[code]...
My main workstation incorporates a mixture of ext3, ext4, and NTFS partitions scattered across a number of hard drives. Several of the ext4 partitions are encrypted, and I intend to encrypt the rest of the Linux partitions in the near future.I run VMware workstation, with several Windows OS guests, including Win2K, WinXP and Win7. My Win7 VM is installed on a virtual hard disk, and that virtual hard disk is encrypted using VMware facilities.So this leaves me with a bunch of NTFS partitions that are not encrypted. These are physical partitions on a couple of different hard drives. The reason I have them is ancient and historical, and as I have upgraded my system over time I have maintained the architecture due to the extreme difficulty of rearranging Windows systems.I still need to maintain Win2K and WinXP support, and rearranging those virtual machines would represent a hideous nightmare for me; I really want to maintain the same hard drive partition architecture.But I want to encrypt the NTFS partitions, in a fashion that can be handled by any of the Windows operating systems, AND can be accessed for read and write from Linux.Is this possible? If not using Windows facilities (I don't think ntfs-3g handles encryption, and there are known backdoors in the Windows facilities anyway), is there any third party solution that would work? Would True Crypt do the job in a fashion that would permit access from all the various operating systems, as required? I do generally mount the NTFS partitions in whichever Windows VM is appropriate, then share them out via SMB, but there are circumstances (like when a VM is not running) where I will directly hit them from Linux. So, it is possible for me to contemplate a solution that only works from Windows, but this would cost me the ability to repair/modify those filesystems directly from Linux, which under certain circumstances (a malfunction of the VM, for instance) could be a problem.
View 2 Replies View RelatedI have F10 installed on my laptop with disk encryption enabled. When I boot the machine I get a "Password:" request on screen but can't start typing for 30 seconds or more.Presumably the OS is not ready. This means I have to wait at the keyboard tapping a key until I see asterix. It's a waste of time and frankly a bit clunky for a modern OS. How can I change the behaviour so that the "Password:" request only appears when I can actually type?
View 4 Replies View RelatedI run fedora 13 on my laptop (dual boot with Windows 7) and I just created a new partion to hold sensible data, encrypted with LUKS. I followed this tutorial for creating it.Now, everything went well and the new partition works well. But I needed something a little different from what the tutorial suggested, because I don't want the partition to be mounted on the system each time it boots, but I would (unlock and) mount it manually when I need it.
To do so I just didn't follow the Tutorial steps from 7 to 13, thinking that without the changes to crypttab and fstab the partition wouldn't be even touched by the start up process. And that's partially true: the partition isn't mapped nor mounted in the system when I boot, but the problem is that it however keeps asking for the passphrase to unlock it even if it doesn't get mounted or mapped.It just asks for it before the system loads all it's parts (udev, filesystems, etc) and I can't understand why, what it uses it for if it doesn't unlock it.So my question is: why does it ask for the passphrase to unlock luks if I haven't set crypttab and fstab to mount the partition on start up?
I like to do a minimal install, and then run some of my own scripts to install the rest of the packages I need, so to keep a lean system. When installing F14 with a partitioning scheme as follows:
Code:
/boot - 500MB
LVM
- swap - 2048 MB
- / - 15GB
- /home - Rest of file system - Encrypted
Everything works fine and the encryption works with no problem. However, as a friend pointed out to me, if you partition as follows:
Code:
/boot - 100MB/ - Rest of filesystem - Encrypted You are not able to boot the system when doing a minimal install. Meaning: you get up to the point to where you need to enter your password to decrypt the filesystem, and then nothing but..., well, nothing. However, and here it gets interesting, if you use the same partition layout, and you install the "Graphical Desktop", everything works fine. As I can not understand why this happens, I am currently testing a partition setup like so:
Code:
/boot - 100MB
LVM - Encrypted
- / - Rest of filesystem
Just to see if that works.
Anyhow: to make a long story short: It seems that the minimal install "forgets" to add some packages which are needed to decrypt the filesystem. Does anyone know which package this could be or why this occurs, so it can be added as part of the minimal install?
I want to send a PGP encrypted file to a friend who (unfortunately) probably doesn't even have any idea what PGP is. He runs Windows XP. I know I can encrypt and decrypt PGP files easily and freely on Ubuntu, but I have no idea about how to handle PGP in XP... I tried downloading a PGP file in an XP virtual machine to find out, and Windows was pretty much unable to identify the file type. What kind of software on Windows (that is completely free and trustworthy) would be able to decrypt my PGP files?
View 9 Replies View RelatedI'm just wondering - what is the best way to set up your encrypted volumes with dm_crypt and LUKS?
My understanding was that aes-lrw ws better than aes-cbc - and then I stumble upon [url] which says that LRW has some problems, and XTS is better? I dont know enough about encryption theory to be able to say anything, so i'm hoping some folks more enlightened will be able to say something here.
I was previously using aes-lrw-benbi to set up a volume. If xts is truly better - should i be using '-c aes-xts-benbi' then?
There was a recent thread in this forum regarding capturing of SSH passwords via the use of wireshark. The thread subject was closed, which is a decision that I both agree with as well as agree with the reasoning behind. The thread, however, raised a point of curiosity and concern that I would like to ask about. Quoting from a the book, SSH, The definitive guide,
The client authenticates you to the remote computer's SSH server using an encrypted connection, meaning that your username and password are encrypted before they leave the local machine. The SSH server then logs you in, and your entire login session is encrypted as it travels between client and server. Because the encryption is transparent, you won't notice any differences between telnet and the telnet-like SSH client.
I was under the impression that SSH was impervious to this type of eavesdropping, and quite frankly I take great comfort in that idea. I personally, only allow RSA keys for SSH access and (hopefully) avoid this problem (?) as a result. Does SSH really have a vulnerability in that the authentication is sent via plain text? How to ensure the security of SSH and not on anything that could be considered a how to 'crack' it.
I'm an absolute beginner at encryption. gpg and keys still have me somewhat mystified, so please forgive me if the following seems like a stupid question. I'm looking at encryption software for my smartphone. I've found a Java program called TinyEncryptor that uses the TwoFish algorithm and claims to be a shell for the "Legion of the Bouncy Castle" libraries. It just uses a passphrase; there are no keys involved as far as I am aware.
Naturally, I would like to be able to decrypt files on my desktop that I've encrypted with this program. So far, I've not had any success with finding one.
I just installed 9.10 on my laptop and selected the option for home folder encryption. I am running DropBox and placed the DropBox folder on my desktop (meaning it should be encrypted when I am logged out.) So I have two questions:
1) Shouldn't this setup cause my DropBox files on the server to be encrypted? Apparently they are not because they appear as unencrypted text using the DropBox Web interface.
2) If they were encrypted on the server (which doesn't appear to be the case right now), how would it be possible to share them with another client unless the encryption on both clients were set up identically?
While setting up my laptop on a new hard drive (a bad mobo caused writes which pretty much rendered teh old hdd unusable) I was asked if I wanted to encrypt my home partition.
I've been wanting this for several years - even going as far as trying to get a copy of CheckPoint. That's waht my organization uses on all Wintendo laptops and is required.
In any case, I said "yes" and am happily using my laptop with an encrypted home partition. I'm assuming based on this - [URL] - that it is using EncryptFS as the scheme.
if I were to misplace my laptop, how easy would it be for a forensics team to retrieve my data. Let's assume I have a fairly strong passphrase, such as BisZumBitterenEnd3. [URL]
I had some major problems after the recent Ubuntu upgrade and had to boot from a live cd. I have a separate /home partition, but it was encrypted using the default install encryption in the 9.10 install cd. How can I get to my files so I can back them up?
I have tried this but it did not work: http://ubuntuforums.org/showthread.php?t=1337693
I'm using 10.04 with encrypted home dir. I think the behavior below is wrong:
I can log in as root and change user's password. After that the user can log in using new password, which is normal, but it can also decrypt its home dir using the new password, which is dangerous. Assume I lost my computer. This encrypted home dir will not protect my private data because whoever gets the computer can boot it up with a livecd and chroot to change my user's password and then boot up my system and log in using new password.
Let's begin from the top. I have a relatively new laptop that I've been running Ubuntu on (along with a little-used Windows boot). Picked it up in November or so, installed the current "latest" version of Ubuntu at the time (9.10). I have been doing incremental upgrades, and it's been progressively breaking down more and more. Yes, this includes 10.04.
After GRUB stopped working, I decided it was time to try a reinstall from the top. I told it to leave all the other operating systems alone and do a full reinstall.
Fortunately, I had managed to stuff most of my current work in duplicate locations during this whole debacle, somehow. Don't ask me how I managed to do that when GRUB wasn't working. However, when I installed, I conscientiously said "Oh, yes, Ubuntu, encrypt my home folder! I love privacy!" As a result, about... 30 gigabytes of useful (but ultimately re-downloadable) material is rather inaccessible at the moment. When I try to boot the old system using the newly fixed GRUB, it goes into kernel panic. This seems like a no-go.
I have a saved hojillion-character long passphrase for decryption from my install back in November. Conscientiously saved in the case of just such an emergency.
I read this how-to and followed it to the letter as far as I could tell, trying to mount with ecrytfs to recover my data.
[USERNAME] here is a proxy for my actual username. Yes, the location of my old home folder may seem a little bizarre.
Code:
sudo mount -t ecryptfs /media/c82ca9fe-2b15-4aca-a98d-6482b1d80a32/home/[USERNAME]/ /home/[USERNAME]/oldhome
Passphrase:
Select cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
[Code].....
I've just reinstalled my box with an encrypted home (used the encrypt home option when installing). I have a query in this regard - suppose I lose the box. Won't it be possible for someone to drop into root, reset my passwd and then access my /home. Is there anyway of having a different passwd for accessing /home? My ~ is on a different partition from /.
View 3 Replies View RelatedI have to operating systems installed, Ubuntu 10.10 and Windows 7, working perfectly. I also have a partition, currently empty, to be shared between both OS, but I would like that partition to be encrypted.
View 2 Replies View RelatedI'm running Thunderbird with Enigmail, and I have this very annoying problem. When I open an encrypted email for the first time, it asks me for my key password. It then remembers my password. This is fine for a few minutes, since I don't want to enter the password every time if I look at seven emails in five minutes. However, I WOULD like it to EVENTUALLY forget. At the moment, it doesn't even forget if I shut off Thunderbird. I have to restart my computer, in fact.
The preferences for Enigmail don't help. I've configured it to remember the password for 0 minutes, for example. I don't know how to edit the preferences for gpg-agent or anything else like that.
My company web access is behind proxy(http://abc.proxy). Network admin can get to check who is top10 user and web they access. I owned a centos server. I have a thought that create an encrypted tunnel within proxy so the admin cant detect my http address. This is how it going to works
client with OpenVPN -> OpenVPN server(centos with company proxy)-> proxy -> internet
My connectivity in my client are using OpenVPN server as bridge. Hence, no record for client is recorded in my Network admin monitoring list. OpenVPN server's activity can be traced by network monitoring tools, just assume that our ultimate goal is to hide client activity.
Hello everI'm really confused by the ways an encrypted partition get mounted.It just mounts the partition without asking for the passphrase used to create it. I can list the files in /mnt/sda2, create a new file test.txt, but have no access to the files written to the "real encrypted partition".Then I can see/change the content of the encrypted partition but without being able to see/change the file test.txt created previously with the normal mount command.
The reason I'm asking is that I'm having my custom Debian to automount every partition available on the system at boot time. Is there any way/command to tell if a particular partition is encrypted (by cryptsetup) or not? So that I can mount it the right way and not make the users confused (or even harm the encrypted data).
Anyone had any experience with unlocking a LUKS encrypted root partition via ssh? It is ok to leave /boot unencrypted.
There are a few pages from google with the debians variants, archived by putting dropbear into initrd.
I like to do that with my fedora/centos remote servers, but struggle to find any resources specific to it. Anyone has any suggestions and thoughts as to what might be a suitable way forward?
I'm trying to have a LUKS encrypted partition mounted at startup and to have GDM ask for my key so it will decrypt. Now I followed [URL] to the letter. Except for now, I have it just mounted into /mnt/cryptohome so I'm not messing with my system. My problem is the one everyone mentions in the comments, ubuntu isn't asking for the LUKS key in the X display, it's asking in the first terminal (Ctrl-Alt-F1). This will not do. I need it to ask to mount my drive before I'm even asked to login, so eventually I can encrypt my /home.
View 9 Replies View Related