-#!/bin/sh
+#!/bin/bash
# Filename: grml-crypt
# Purpose: Program to format, mount and unmount encrypted devices/files
# Authors: Michael Gebetsroither <gebi@grml.org>
# Bug-Reports: see http://grml.org/bugs/
# License: This file is licensed under the GPL v2.
-# Latest change: Mon Aug 08 11:37:20 CEST 2005
+# Latest change: Don Jul 26 19:57:28 CEST 2007 [mika]
################################################################################
OVERWRITE_SOURCE_DEV_='/dev/urandom'
OPTIMIZED_MODE_SET_='false'
OPTIMIZING_LEVEL_=0
-CIPHER_SIZE_="128"
+CIPHER_SIZE_="256"
CIPHER_="aes-cbc-essiv:sha256"
-ITERATION_TIME_="1"
+ITERATION_TIME_="1000"
ADDITIONAL_CRYPTSETUP_ARGS_=""
READONLY_SET_='false'
ADDITIONAL_MOUNT_ARGS_=""
cat <<EOT
Usage: "$PROG_NAME__" [OPTIONS] action <device/file> [mountpoint]
-$PROG_NAME__ is a wrapper arround cryptsetup with LUKS support to format a device
+$PROG_NAME__ is a wrapper around cryptsetup with LUKS support to format a device
OPTIONS:
-s size of the loop-filesystem to create, in MB (default=$SIZE_)
-t type of filesystem (default=$FSTYPE_)
-r read only mode (fully supported only by start)
-z insecure mode, using /dev/zero for most of the initialisation (INSECURE!)
- -o optimized initialisation mode (should be as secure as the default but faster)
+ -o optimised initialisation mode (should be as secure as the default but faster)
-y verifies the passphrase by asking for it twice
-f force file overwriting in format mode and/or disable confirmation dialog
-m additional arguments to mount
NOTICE:
losetup does _NOT_ work on unionfs => grml-crypt with a filesystem image does ONLY
work if the image is on a tmpfs (eg. in /home/grml or /tmp).
+
EOT
}
function getDMName
{
device_="${1##*/}"
-
+
# first trying normal devicename
tmp_="${DM_PREFIX_}${device_}"
if [ ! -e "$tmp_" ]; then
execute "$CRYPTSETUP_ luksOpen $TARGET_ $DM_NAME_" warn \
"could not open $DM_PATH_ to create a filesystem on it!" || return 1
if [[ $type_ == 'init' && $OPTIMIZED_MODE_SET_ == 'true' ]]; then
- echo "finishing optimized initialisation (this could take some time)"
+ echo "finishing optimised initialisation (this could take some time)"
# FIXME
execute "dd if=/dev/zero of=$DM_PATH_ bs=1M &>/dev/null" # || \
- # warn "could not finish optimized initialisation properly"
+ # warn "could not finish optimised initialisation properly"
ret_=$?
# cutted out because of no space left on device error :(
#if [[ $ret_ != 0 ]]; then
echo "Successully created $FSTYPE_ on encrypted $TARGET_"
return 0
fi
-}
+}
function actionStart
{
ret_=0
-
+
# no mountpoint, by-by
if [[ "$MOUNT_POINT_" == "" ]]; then
printUsage
isExistent "$mp_" die
tmp_=`realpath $mp_` || die "could not get realpath of $mp_"
dprint "realpath_=\"$tmp_\""
-
+
dm_path_=`mount |grep "$tmp_ "` || die "$tmp_ is not mounted"
dprint "dm_path_=\"$dm_path_\""
dm_path_=`echo $dm_path_ |awk '{print $1}'` || die "could not get devicemapper name for $tmp_"
dprint "dm_path_=\"$dm_path_\""
-
+
dm_name_="${dm_path_##*/}"
dprint "dm_name_=\"$dm_name_\""
device_=`$CRYPTSETUP_ status $dm_name_ |awk '/device:/{print $2}'` || \
die "could not get underlying device of $dm_path_"
dprint "device_=\"$device_\""
-
+
execute "umount $dm_path_" die "could not unmount $device_"
execute "$CRYPTSETUP_ luksClose $dm_name_" die "could not close $dm_path_"
echo "$device_" |grep loop &>/dev/null && execute "losetup -d $device_" \
function yesDialog
{
msg_="$1"
-
+
echo "WARNING!" >&2
echo "========" >&2
echo -n "$msg_" >&2
notice "Operating on a file"
IS_IMAGE_='true'
if [ -e "$TARGET_" ]; then
- $FORCE_ || die "file $TARGET_ does allready exist"
+ $FORCE_ || die "$TARGET_ does already exist"
warn "overwriting file $TARGET_"
init_='donothing'
else
echo -n "Initialising file with "
if [[ $OPTIMIZED_MODE_SET_ == 'true' ]]; then
- echo "optimized SECURE mode"
+ echo "optimised SECURE mode"
execute "dd if=/dev/zero of=$TARGET_ bs=1M count=${SIZE_} &>/dev/null" \
die "could not initialise $TARGET_ with /dev/zero"
else