[U-co] Activar hardware de cifrado desde Ubuntu

Sab Ene 17 13:49:18 UTC 2009

Carlos Alejandro Magno wrote:
> He googleado bastante pero no encuentro información de como activar el
> hardware de cifrado de las tarjetas de memoria SD (Secure Digital)
> desde Ubuntu.
>
>   
>> "Secure" (seguro en español) en Secure Digital, viene del origen de la tarjeta.
>> Para crear una tarjeta SD, Toshiba añadió hardware de cifrado a la ya
>> existente tarjeta MMC, para aliviar las preocupaciones de la industria de la
>> música,[...] esquemas DRM sobre la música digital, pero esta funcionalidad se utiliza poco.
>>     

Esto no es cifrado sino un esquema de protección DRM. Tenga la seguridad 
que no será soportado en Linux pues por definición no tendrá una 
especificación pública.

Para cifrar tarjetas SD o pendrive USB en Ubuntu puedes ensayar esto que 
me funciona a mí. Esto funciona de igual manera en INtrepid o Hardy. Si 
alguien tiene sugerencias o mejoras, me gustaría leerlas. Disculpas de 
antemano si lo transcribo en inglés pero en los próximos días lo 
traduciré a español y lo pondré en docs.ubuntu-es.org:

Truecrypt is interesting but you can do the same with your existing
installation.

You will need to install the cryptsetup package, and also gparted as a
helper graphical application to setup partitions and format your
media. This is adapted from this blog post:
http://ubuntu.wordpress.com/2006/01/24/use-an-encrypted-usb-drivepart... 
<http://ubuntu.wordpress.com/2006/01/24/use-an-encrypted-usb-drivepartition/> 

Notice I've added a step (formatting with a regular partition first),
and I used partition names instead of device names.

Next, find out which device your stick is by issuing from command
line:

sudo lshw -C disk -short

Example output:

H/W path Device Class Description
=======================================================
/0/100/1f.1/0 /dev/sda disk 251GB Maxtor 6L250R0
/0/100/1f.1/1 /dev/sdb disk 251GB Maxtor 6L250R0
/0/100/1f.1/2 /dev/cdrom disk DVD-RW DVR-110D
/0/100/1f.1/3 /dev/cdrom1 disk RW/DVD GCC-4521B
/0/100/1f.1/3/0 /dev/cdrom1 disk
/0/1/0.0.0 /dev/sdc disk 256MB Cruzer Micro
/0/1/0.0.0/0 /dev/sdc disk 256MB

In this case the device is /dev/sdc.

Next:
* Make sure the device is unmounted:
sudo umount /dev/sdc1
* Format your SD card using gparted, create one single ext3 partition
on /dev/sdc. This will end up being partition /dev/sdc1
* If you do not want to encrypt the whole stick, repartition the stick
using gparted
* Overwrite the created partition with an encrypted partition on the
target media:
sudo luksformat /dev/sdc1
This will ask you for a passphrase. The default file system is “vfat”,
but you can specify a different one with the “-t” option. An example
of the same, using an ext3 partition:
sudo luksformat -t ext3 /dev/sdc1

Make sure you type YES in all capitals when prompted, read the prompts
carefully.

After this procedure, remove the stick and plug it in again. This
should trigger a dialog which asks you for the passphrase and mounts
the encrypted partition (along with any unencrypted one, of course).

On the Mini 9 I was able to read a stick encrypted this way in another
computer, just by installing cryptsetup. You will need to install
cryptsetup and reboot every computer where you want to access this.
Intrepid already comes with cryptsetup installed BTW.

Just a little warning at the end: Please be aware that if you lose the
passphrase, there is *NO WAY* to restore your data!