Table of contents Up Previous Next Glossary Home   Tips and Tricks  

This section describes some tricks you may use to make BestCrypt more convenient and close to your needs. As well, it may uncover some not so obvious ways of using the software. Everyone is welcome to participate in the "Tips and Tricks" section! Feel free to write us to support@jetico.com

Encrypted Home Directory

Top  
  1. Make new container outside your home directory

    [foo@bar ]$ bctool new /cont/myhome -s 100M -a blowfish
    Enter password: <passwords will not be displayed>
    Verify password: <passwords will not be displayed>

  2. Format it using ext2 filesystem

    [foo@bar ]$ bctool format /cont/myhome -t ext2
    Enter password: <passwords will not be displayed>
    [mkfs.ext2 output is not displayed here]

  3. Mount it on any mount point

    [foo@bar ]$ bctool mount /cont/myhome $HOME/mnt
    Enter password: <passwords will not be displayed>

  4. Copy all nessesary files to container

    [foo@bar ]$ cp /etc/skel/.* $HOME/mnt/

  5. Add the following lines to $HOME/.profile or $HOME/.bash_profile or $HOME/.login depending on the shell you use:

    bctool mount /cont/myhome $HOME/ cd

  6. Add the following liness to $HOME/mnt/.logout or $HOME/mnt/.bash_logout depending on the shell you use:

    [foo@bar ]$ cd / bctool umount $HOME/

  7. Unmount container and log off:

    [foo@bar ]$ bctool umount $HOME/mnt
    [foo@bar ]$ logout

  8. Log on. Type password of your container and enjoy.

Examples of .bash_profile and .bash_logout from Andrew Daviel

Encrypted Home Directory made easy

Top  
  1. Get our Home Directory conversion script example: bc_convert.sh
  2. Take a look at script contents and adjust SIZE, FSTYPE and ALGO values according to your needs
  3. Run modified bc_convert.sh
  4. Logoff and logon with Encrypted Home Directory

See also: Encrypted Home Directory and Container hidden under its mountpoint.

Runtime configuration

Top  
  1. Current runtime configuration file image can be found under /proc/bcrypt

Encrypted Floppy

Top  
  1. Initialize floppy:

    [foo@bar ]$ bctool new /dev/fd0 -a blowfish
    Warning: All data on specified block device will be lost! Continue? (y/[n]):y
    Enter password: [passwords will not be displayed]
    Verify password: [passwords will not be displayed]

  2. Format floppy:

    [foo@bar ]$ bctool format /dev/fd0 -t minix
    Enter password: [passwords will not be displayed]
    480 inodes
    1438 blocks
    Firstdatazone=19 (19)
    Zonesize=1024
    Maxsize=268966912

  3. Mount it:

    [foo@bar foo]$ bctool mount /dev/fd0 ~/floppy/
    Enter password: [passwords will not be displayed]

  4. Do anything You want...

    [foo@bar ]$ df ~/floppy/
    Filesystem 1024-blocks Used Available Capacity Mounted on
    /dev/fd0 1419 1 1418 0% /home/foo/floppy
    .......................... ..........................

  5. Unmount floppy

    [foo@bar ]$ bctool umount ~/floppy/

Container hidden under its mountpoint

Top  
  1. You can easily mount BestCrypt container on it's parent directory. Please make sure that your 'pwd' not located below that mountpoint
  2. [foo@bar ]$ bctool mount /home/mnt/my_data.jbc /home/mnt

  3. Contents of /home/mnt directory will be replaced by the files, stored in the container file. You will get all the regular files, earlier shown in the parent directory, hidden, including the container file itself!

  4. Do not forget to setup appropriate access rights to mountpoint to prevent unauthorized access to your data.

Encrypted swap space

Top  

BestCrypt's Encrypted Swap facility should be used in order to prevent sensitive data leaks via swap file.

  1. First, continuous storage space should be allocated. I can be either
    • Block device (partition), or
    • Any continuous file.
    Continuous files can be created by dd utility (please refer to dd(1) man page for details):

    [foo@bar ]$ dd if=/dev/zero of=my_swap_file bs=1k count=1024

  2. Next, link your storage to free BestCrypt device in raw mode. Using random password is recommended.

    [foo@bar ]$ bctool raw_link my_swap_file /dev/bcrypt1 -p
    or
    [foo@bar ]$ bctool raw_link /dev/hdd3 /dev/bcrypt1 -p

  3. Finally, initialize and activate your newly created swap space:

    [foo@bar ]$ mkswap /dev/bcrypt1

    [foo@bar ]$ swapon /dev/bcrypt1

 

  Table of contents Up Previous Next Glossary Home   Top