Using LUKS-encrypted drives - possible ? SSL?
197 views
Skip to first unread message
Fabian Rodriguez
Sep 7, 2011, 1:46:34 PM9/7/11
to Alt-F
Hi
I have both DNS-323 B1 and C1 devices, great hardware. I am running
ALT-F w/o issues. I'd like to know if it's possible to access LUKS-
encrypted hard disks formatted in other systems via ALt-F ? This would
make it possible to have full disk encryption either on the internal
drives or an attached USB drive (or both).
I'd also like to ask if there are plans to have SSL-enabled admin via
the web interface ? I currently use PKA via SSH but if SSL was
directly available that would make it more convenient in some
situations.
Thanks for any information on this.
I have both DNS-323 B1 and C1 devices, great hardware. I am running
ALT-F w/o issues. I'd like to know if it's possible to access LUKS-
encrypted hard disks formatted in other systems via ALt-F ? This would
make it possible to have full disk encryption either on the internal
drives or an attached USB drive (or both).
I'd also like to ask if there are plans to have SSL-enabled admin via
the web interface ? I currently use PKA via SSH but if SSL was
directly available that would make it more convenient in some
situations.
Thanks for any information on this.
Fabian Rodriguez
Sep 7, 2011, 1:50:22 PM9/7/11
to Alt-F
I forgot to mention I use the Disk utility to format/encrypt my disks
from Ubuntu, usually the dmcrypt package is enough to do this from
command line.
I wrote about this a while ago, perhaps the information is still
useful/valid:
http://www.fabianrodriguez.com/blog/2009/01/21/easy-removable-storage-encryption-that-works-with-hardy-and-intrepid
Under Disks/Filesystems such partitions/disks are recognized as
crypt_LUKS btw. I don't seek (*yet*) support for all this in the web
interface, but at least being able to manually mount/r+w such disks
would be a great improvement.
from Ubuntu, usually the dmcrypt package is enough to do this from
command line.
I wrote about this a while ago, perhaps the information is still
useful/valid:
http://www.fabianrodriguez.com/blog/2009/01/21/easy-removable-storage-encryption-that-works-with-hardy-and-intrepid
Under Disks/Filesystems such partitions/disks are recognized as
crypt_LUKS btw. I don't seek (*yet*) support for all this in the web
interface, but at least being able to manually mount/r+w such disks
would be a great improvement.
Joao Cardoso
Sep 9, 2011, 2:23:36 PM9/9/11
to Alt-F
I created a cryptsetup package, and it seems to work fine.
With the default settings, raw filesystem write speed is about six
timer slower than a non-encrypted filesystem. Using the hardware
crypto engine it is about 3.5 times slower, but some crypto modules
self-test errors appears.
In the process, a LVM2 package was also created and tested.
Both are completely manual, no webgui planned (at least for
cryptsetup).
I will make the packages available when I return home.
As for a secure webgui, only when upgrading to a busybox version that
supports it.
With the default settings, raw filesystem write speed is about six
timer slower than a non-encrypted filesystem. Using the hardware
crypto engine it is about 3.5 times slower, but some crypto modules
self-test errors appears.
In the process, a LVM2 package was also created and tested.
Both are completely manual, no webgui planned (at least for
cryptsetup).
I will make the packages available when I return home.
As for a secure webgui, only when upgrading to a busybox version that
supports it.
Joao Cardoso
Sep 9, 2011, 2:29:06 PM9/9/11
to Alt-F
I forgot to say that both lvm2 and cryptsetup will never be available
in the base firmware, only as packages, as they are too big to fit
available flash memory space.
This means that a small normal partition will always be needed to hold
Alt-F packages.
in the base firmware, only as packages, as they are too big to fit
available flash memory space.
This means that a small normal partition will always be needed to hold
Alt-F packages.
Reply all
Reply to author
Forward
0 new messages