Linux Crypto That "Just Works"
Do you want a safe, encrypted disk that is easy to use?
This is an effort to bring together several tools to simplify the use of encrypted, removable volumes on Linux. The idea is that if an encrypted volume is attached to a system, then the system sould prompt the user for a passphrase and mount the volume. The October 2005 issue of Red Hat Magazine contains an article documenting this work.
| Component | Plan | Status |
| HAL Daemon | Recognize a LUKS volume. Publish notification about new volume using dbus. | Complete. |
| GNOME Volume Manager and gnome-mount | Receive notification from the HAL daemon. Get passphrase from GNOME Keyring or user. Provide passphrase back to HAL daemon. | David Zeuthen has done the necessary work on gnome-volume-manager and gnome-mount. Complete. |
| HAL Daemon | Receive passphrase from GNOME Volume Manager. Execute cryptsetup to setup dm-crypt device. | Complete. |
| luks-tools | Write a collection of tools to manipulate LUKS volumes. This will include a graphical tool to properly format volumes and luks-setup. | Complete. This tool is available in Fedora Extras. |
To work with the system, perform the following steps:
- Ensure that you are using a version of hald that contains the LUKS code and methods interface. The methods interface was committed to CVS on July 12, 2005.
- Build gnome-volume-manager and gnome-mount with David Zeuthen's work. Ensure that you restart gnome-volume-manager if it was already running.
- install luks-tools 0.0.6 or higher. Use luks-format or gnome-luks-format to format a removable volume to a contain filesystem that is encrypted using LUKS.
- Disconnect the volume from the machine and reconnect it.
- Hald should identify the disk as a LUKS disk. One may confirm this with "lshal | grep LUKS."
- Gnome-volume-manager should receive a notification about the new device. System should prompt you for a password.
- Hald should identify and mount the plaintext device node. One may confirm this with "lshal | grep dm."