Thecus N5200 Module: CRYPTO

Facts

Name: CRYPTO (Create and mount encrypted filesystems)

Maintainer(s): Andreas Vogel (omega)

Target: N5200

Latest version: 2.00.00

Depends on module(s): none

Description

General Overview and Installation

This module comes as a ZIP compressed file with the name N5200_<modname>_<version>.zip, where <modname> is the module name and <version> is the version number of the module. While unpacking the ZIP file, a new directory N5200_<modname>_<version> containing the module and its source code is created.

The module file is called <modname>.mod and the source code is located in the directory <modname>. The source code is included for interested people and is not needed for module installation. The file Makefile can be used to rebuild the module on Linux systems.

The module is installed using the "System"->"Module Mgmt" menu in the Thecus Web Server Administration. Specify the file <modname>.mod as the module file and press "Install".

The whole installation process is logged and sent as an E-Mail if you're configured in the E-Mail notification configuration. After successful installation enable the module in order to run the module.

After uninstallation of the module, a log of the uninstall process will be send to the user(s) configured in the E-mail notification configuration. Prior uninstallation of the module, the actual configuration data is backed up to the place "/data/raid/module/backup/<modname>". When the module is installed again, the module configuration is restored from that place if available.

Module version 2.00.00

This module comes with the kernel modules (blowfish.ko, sha256.ko and dm_crypt.ko) and the cryptosetup tool which are needed by the http://luks.endorphin.org/dm-crypt DM-CRYPT] tool.

Furthermore a own script called cryptool is included in order to provide a even more easy tool for creating, mounting and unmounting encrypted filesystems.

The kernel modules are loaded automatically if they are not already loaded when calling cryptool and they stay loaded until the next reboot.

There are two possibilities for creating an encrypted filesystem: use a raw partition or use a container file.

• Using a raw partition

Let's assume you have a USB disk connected to yout N5200 with one partition and this partition is accessable through /dev/sdf1.

You can then create an encrypted filesystem on that partition (ATTENTION: all data on that partition gets destroyed!) with the command

cryptool create /dev/sdf1

After you've created the encrypted filesystem you can mount this filesystem with the command:

cryptool mount /dev/sdf1 /your/mount/point

where /your/mount/point is a directory used as the mount point and needs to be created in advance.

When you don't need the filesystem anymore, just unmount the filesystem with the command:

cryptool umount /your/mount/point

• Using a container file

In this mode the encrypted filesystem is created inside a plain file which can be anywhere (either on the N5200 or on an USB disk).

You can create the container file and the encrypted filesystem within with the command:

cryptool create /your/new/containerfile sizeMB

where /your/new/containerfile should be the filename of an yet non existing file (it will be created by this command) and sizeMB must be a number giving the size in MB of the new container file.

You can mount the filesystem in the container file with the command:

cryptool mount /your/new/containerfile /your/mount/point

The unmount command is:

cryptool umount /your/mount/point

• Performance

The encryption of the data is done by the kernel modules and therefore by the main processor. The tests on a N5200 showed, that the performance decreases by abot 30%.

• Notes

These programs are only available in the shell: so you need to login to your Thecus via SSH. For this you nedd to have the modules SSHD and SYSUSER installed.

After installation of this module the search path (PATH variable) has been augmented so these programs are found by just issuing the command name. There is no need to specify the absolute path.

On the module property page, you can see a short module description.

Calling cryptsetup or cryptool without any command line arguments shows you a help message.

News

• <2008-01-31>: First public release.

Versions

• Version 2.00.00
  • Release date: 2008-01-31
  • Works on firmware: >=1.00.06.5
  • Does not work on firmware: <= 1.00.05
  • Download: N5200_CRYPTO_2.00.00.zip (approx. 0.5 MB)
  • Alternate Download: N5200_CRYPTO_2.00.00.zip (approx. 0.5 MB)
  • Major changes: First public release.