Friday, March 16, 2007

TrueCrypt in Linux

Installation

  1. The following package are needed:
    • kernel-source
    • dmsetup
    • device mapper
    • ./build.sh
      ./install.sh

Creating a file based encryption volume

  1. Can be use normal user
    • $ truecrypt --size 10M
      $ cd /tmp
      $ truecrypt
      $ pwd
      /tmp
      $ truecrypt --size 10M -c 10m.tc
      Volume type:
      1) Normal
      2) Hidden
      Select [1]: 1

      Filesystem:
      1) FAT
      2) None
      Select [1]: 1

      Hash algorithm:
      1) RIPEMD-160
      2) SHA-1
      3) Whirlpool
      Select [1]: 2

      Encryption algorithm:
      1) AES
      2) Blowfish
      3) CAST5
      4) Serpent
      5) Triple DES
      6) Twofish
      7) AES-Twofish
      8) AES-Twofish-Serpent
      9) Serpent-AES
      10) Serpent-Twofish-AES
      11) Twofish-Serpent
      Select [1]: 2

      Enter password for new volume '10m.tc':
      Re-enter password:

      Enter keyfile path [none]:

      TrueCrypt will now collect random data.

      Is your mouse connected directly to computer where TrueCrypt is running? [Y/n]: n

      Please type at least 320 randomly chosen characters and then press Enter:
      xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
      xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


      Done: 9.75 MB Speed: 6.09 MB/s Left: 0:00:00
      Volume created.
      $ truecrypt -p abcd1234 -u 10m.tc /tmp/ttt/
      $ cd /tmp/ttt/
      $ df -k /tmp/ttt
      Filesystem 1K-blocks Used Available Use% Mounted on
      /dev/mapper/truecrypt0
      130794 0 130794 0% /tmp/ttt

      $ truecrypt -d /dev/mapper/truecrypt0
  2. In fact we can create the encryption volume in a partition / LV. But this time root is required.
    • (assume there is a VG called vg01)
      #lvcreate -L 128M -n abc_lv vg01
      Logical volume "abc_lv" created
      #truecrypt -c /dev/vg01/abc_lv
      Volume type:
      1) Normal
      2) Hidden
      Select [1]: 1

      Filesystem:
      1) FAT
      2) None
      Select [1]: 1

      Hash algorithm:
      1) RIPEMD-160
      2) SHA-1
      3) Whirlpool
      Select [1]: 2

      Encryption algorithm:
      1) AES
      2) Blowfish
      3) CAST5
      4) Serpent
      5) Triple DES
      6) Twofish
      7) AES-Twofish
      8) AES-Twofish-Serpent
      9) Serpent-AES
      10) Serpent-Twofish-AES
      11) Twofish-Serpent
      Select [1]: 2

      Enter password for new volume '/dev/vg01/abc_lv':
      Re-enter password:
      Passwords do not match.

      Enter password for new volume '/dev/vg01/abc_lv':
      Re-enter password:

      Enter keyfile path [none]:

      TrueCrypt will now collect random data.

      Is your mouse connected directly to computer where TrueCrypt is running? [Y/n]: n

      Please type at least 320 randomly chosen characters and then press Enter:
      xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
      xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

      Done: 125.55 MB Speed: 15.26 MB/s Left: 0:00:00
      Volume created.
      #truecrypt /dev/vg01/abc_lv /abc
      Enter password for '/dev/vg01/abc_lv':
      #df -k /abc
      Filesystem 1K-blocks Used Available Use% Mounted on
      /dev/mapper/truecrypt1
      130794 0 130794 0% /abc
      #df -T /abc
      Filesystem Type 1K-blocks Used Available Use% Mounted on
      /dev/mapper/truecrypt1
      vfat 130794 0 130794 0% /abc
      #truecrypte -d /dev/mapper/truecrypt1
  3. Please note that vfat/fat32 is the default filesystem. So how about if we want to have an encrypted reiserfs filesystes?
    • #truecrypte --filesystem reiserfs /dev/vg01/abc_lv
      (skip the interactive wizard)
      #truecrypte -N 0 /dev/vg01/abc_lv

      #mkfs.reiserfs /dev/mapper/truecrypt0
      mkfs.reiserfs 3.6.19 (2003 www.namesys.com)

      A pair of credits:
      Joshua Macdonald wrote the first draft of the transaction manager. Yuri Rupasov
      did testing and benchmarking, plus he invented the r5 hash (also used by the
      dcache code). Yura Rupasov, Anatoly Pinchuk, Igor Krasheninnikov, Grigory
      Zaigralin, Mikhail Gilula, Igor Zagorovsky, Roman Pozlevich, Konstantin
      Shvachko, and Joshua MacDonald are former contributors to the project.

      Lycos Europe (www.lycos-europe.com) had a support contract with us that
      consistently came in just when we would otherwise have missed payroll, and that
      they kept doubling every year. Much thanks to them.


      Guessing about desired format.. Kernel 2.6.17-11-generic is running.
      Format 3.6 with standard journal
      Count of blocks on the device: 32752
      Number of blocks consumed by mkreiserfs formatting process: 8212
      Blocksize: 4096
      Hash function used to sort names: "r5"
      Journal Size 8193 blocks (first block 18)
      Journal Max transaction length 1024
      inode generation number: 0
      UUID: 7ffaa516-0015-46bc-bfc0-6fdd7dca59ba
      ATTENTION: YOU SHOULD REBOOT AFTER FDISK!
      ALL DATA WILL BE LOST ON '/dev/mapper/truecrypt0'!
      Continue (y/n):y
      Initializing journal - 0%....20%....40%....60%....80%....100%
      Syncing..ok

      Tell your friends to use a kernel based on 2.4.18 or later, and especially not a
      kernel based on 2.4.9, when you use reiserFS. Have fun.

      ReiserFS is successfully created on /dev/mapper/truecrypt0.
      #truecrypt /dev/vg01/abc_lv /abc
      truecrypt: Volume already mapped
      #truecrypt -d /dev/vg01/abc_lv
      #truecrypt /dev/vg01/abc_lv /abc
      Enter password for '/dev/vg01/abc_lv':
      #df -T /abc
      Filesystem Type 1K-blocks Used Available Use% Mounted on
      /dev/mapper/truecrypt0
      reiserfs 131000 32840 98160 26% /abc

Friday, March 09, 2007

Clone a new machine by spliting a miror disk (Vertias VM encapsulated)

Situation: suppose you are going to clone the machine A to machine B

  • Before cloning, make sure the disks are in sync (vxprint -htA, format, etc..)
  • Machine A and Machien B: Shutdown to OK prompt (init 0)
  • Removal of disks should be in OK prompt
  • Insertion of disks can be in OS level

Machine A:

  1. Remove one of the disk and try to boot it with single in OK prompt (boot )

  2. after the OS is up, vxprint should shown the another disk is missing/fault
  3. insert a new disk and issue "vxdctl enable"
  4. vxdiskadm -> 5

  5. resync should be in progress, use "vxtask list" to monitor
  6. Double check (vxprint -htA) and format, if the partition label is not correct, issue "/etc/vx/bin/vxbootsetup (the cxtxdx doesn't work. use 'vxdisk list' to get the disk name first)"

  7. Try to reboot once again

Machine B:

  1. insert the disk of Machine A and boot in OK prompt (boot )

  2. after the OS is up, vxprint should shown the another disk is missing/fault
  3. insert a new disk and issue "vxdctl enable"
  4. vxdiskadm -> 5

  5. resync should be in progress, use "vxtask list" to monitor
  6. Double check (vxprint -htA) and format, if the partition label is not correct, issue "/etc/vx/bin/vxbootsetup (the cxtxdx doesn't work. use 'vxdisk list' to get the disk name first)"

  7. Try to reboot once again

Monday, March 05, 2007

Unable to varyonvg

Just want to share one of my experience:

# importvg -y 'testvg'
testvg
PV Status: 00cbf18f065fbd1e PVNOTFND
0516-013 varyonvg: The volume group cannot be varied on because
there are no good copies of the descriptor area.

In that case, have to use varyonvg -u -b to unlock the PVs

# varyonvg -u -b "

Friday, March 02, 2007

Export PuTTY settings

Everytime I reinstall the Windows, all my PuTTY session records are gone. That would be a nightmare, if I have to add back my servers records one by one.

Open the registry:
Start Menu -> Run -> regedit

Go to "HKEY_CURRENT_USER\Software\SimonTatham"
Right-click SimonTatham and choose Export

Copy the file to a new machine and then right-click and "Merge"