Yast - Crypted Files

I’m trying to create an Encrypted File as Container exposed here at point 11.1.3.

http://doc.opensuse.org/products/draft/SLES/SLES-security_sd_draft/cha.security.cryptofs.html

at the end of the process I get an error -3013 and the file is not created

I dunno how to make it working >:(

I haven’t tried that.

I do know that people have had problems with an encrypted home directory based on an encrypted container. The solution, in that case, is to preload the “loop” module


# modprobe loop

You might want to check if that works. If it does, you will probably need to repeat that after every boot, or configure the module to be automatically loaded during system startup.

sorry for late… :slight_smile:

the problem is that is not completing the creation of the encrypted file…

On 2014-06-28 03:56, cicerone wrote:
>
> sorry for late… :slight_smile:
>
> the problem is that is not completing the creation of the encrypted
> file…

Yes, but one possible cause is that it does not load the module, so try
loading the module yourself before starting yast.

If not, I can guide you on how to create the container manually. At
least for use for data, I’m not sure how to do it for home automatically
mounted.


Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

I just tried. Before I started, I did (as root)


# modeprobe loop

Then I started up Yast, and it created the file.

Here’s the file:


# ls -l /home/testcrypt
-rw-r--r-- 1 root root 52428800 Jun 27 21:45 /home/testcrypt

And here’s the “df” command showing that it is mounted at “/mnt/3”


# ls -l /mnt/3
total 12
drwx------ 2 root root 12288 Jun 27 21:45 lost+found
# df /mnt/3
Filesystem               1K-blocks  Used Available Use% Mounted on
/dev/mapper/cr_testcrypt     43499   778     39281   2% /mnt/3

The one problem, is that I may need to redo that “modprobe” command for every boot. Or I can add a file to “/etc/modules-load.d” to make that automatic. There’s a man page for “modules-load.d” which you might find useful.

I think you have run into a known bug. The “loop” module is supposed to be automatically loaded when needed, but apparently that is not happening.

What is and how to load that module?
I don’t see any reference to it in the link I provided…

yes, it will be use simply for data
right now I’m using RealCrypt but I’ve seen that TrueCrypt as been discontinued http://truecrypt.sourceforge.net/ and they advice to migrate to other solutions
personally I’m fine with RealCrypt but I’m wandering if it I’ve to live it and adopt the above YaST Encrypted Files or any other encryption methods like KGpg or Kleopatra

On 2014-06-28 05:26, cicerone wrote:
>
> robin_listas;2651107 Wrote:
>>
>> Yes, but one possible cause is that it does not load the module, so try
>> loading the module yourself before starting yast.
>
> What is and how to load that module?

nrickert answered that already.


Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

On 2014-06-28 05:06, nrickert wrote:

>
> The one problem, is that I may need to redo that “modprobe” command for
> every boot.

I think that systemd takes care of that, because I don’t need to do it.

I don’t even have it in “INITRD_MODULES”:


Telcontar:~ # lsinitrd /boot/initrd | grep loop
Telcontar:~ #

But I do not need to mount that partition on early boot. It can be
loaded on “later” boot.

> Or I can add a file to “/etc/modules-load.d” to make that
> automatic. There’s a man page for “modules-load.d” which you might find
> useful.

I don’t have it there, either.

> I think you have run into a known bug. The “loop” module is supposed to
> be automatically loaded when needed, but apparently that is not
> happening.

AFAIK, it only happens with YaST.


Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

sorry, while I was answering to Carlos I was stopped two or three times, so I didn’t see your post
if I enter the modeprobe command I get this output:

# modeprobe loop
If 'modeprobe' is not a typo you can use command-not-found to lookup the package that contains it, like this:
cnf modeprobe
# 

I’ve created the loop for RealCrypt and it is loaded anytime I login, I just start RealCrypt and mount my volumes

(I was using - echo “loop” > /etc/modules-load.d/loop.conf)

On 2014-06-28 09:36, cicerone wrote:

> if I enter the modeprobe command I get this output:

It is “modprobe”. And, to find out if it is already loaded, you can do:


lsmod | grep loop


Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

well, even with the ‘modprobe loop’ the Encrypted File is not created in YaST/Advanced Partitioning/Encrypted Files

the lsmod | grep loop seems to show the RealCrypt loop

Here’s what I get.


# lsmod | grep loop
loop                   27985  1

Does RealCrypt provide its own separate “loop” module? Maybe that is interfering.

Here is what I get

# lsmod | grep loop
loop                   27985  0 

and I think yes, for make RealCrypt working You have to modprobe.loop to start it or making it permanent at every reboot with:

echo "loop" > /etc/modules-load.d/loop.conf)         

Then I don’t know why you are having troubles.

I will note that when it worked for me, I had to go through quite a few “Next” and “Finish” steps in Yast. The file was not created until the last step, as best I recall. (I have since deleted it, since I don’t actually need that).

Oh, and I did have to tell it where to mount the container. Otherwise Yast would not complete the operation. I later unmounted, deleted the “fstab” entry, closed (from the crypto) then deleted.

here is the output with a RealCrypt volume mounted

# lsmod | grep loop
loop                   27985  2 

Yes, I completed the operation, but it is failing at last stage, without creating the volume

in fstab I’ve only the internal ssd, even after mounting the TrueCrypt Volume too

/dev/disk/by-id/ata-Samsung_SSD_840_PRO_Series_S12SNEAD102813N-part1 swap                 swap       defaults              0 0
/dev/disk/by-id/ata-Samsung_SSD_840_PRO_Series_S12SNEAD102813N-part2 /                    ext4       noatime,acl,user_xattr        1 1