Content-type: text/html
Manpage of ppddinit
ppddinit
Section: User Commands (1)
Updated:
Index
Return to Main Contents
NAME
ppddinit - initialise a file or disc partition for ppdd
SYNOPSIS
This is the first step in creating an encrypted filesystem under ppdd.
The master keys are generated and a user pass phrase is used to encrypt
them. The encrypted control block is written as the first 1024 bytes of
the file or partitiion.
DESCRIPTION
In order to use ppdd the first step after installing and compiling the
software is to create a "host" file or disc partition. The first 1024 bytes
are set aside for holding key and control information. This block of data is
itself encrypted using a key derived from the users pass phrase. This program
creates that control block.
It also allows the user to elect to fill the remainder of the file or disc
partition with random data or to encrypt an already existing filesystem.
Random data
For filling the disc with random data, ppdd encrypts with blowfish using a
random key.
For keys and the like, ppdd uses the /dev/urandom device but adds some
input from the real random device and uses blowfish to mix the data very
thoroughly - just in case there is a problem with either of these Linux
devices. This is what happens when you choose the "-w" option.
For high quality random data for keys, ppdd uses both the /dev/random
device and combines this with user entered data. Both the time between
character strokes and one bit of the actual character contribute to the
end result along with the output from /dev/random. This is what you get
without the "-w" option.
You can choose to repeat this process by using the "-s" option.
Pass phrases
The ppdd system allow two lines of pass phrase. Each line can be up to 104
characters long. You should aim for pass phrases that are hard to guess. Now that is easier said than done. If you use verbatim well known sayings or quotes -
or even less well known ones you are open to a dictionary attack. The use of
non-English phrases doesn't help much.
The pass phrase you enter in ppddinit is the master pass phrase.
You can change it later with ppddpassw if you wish.
OPTIONS
If any invalid combination of switches and arguments is used the program
displays a primitive help message. The program takes exactly two
argument(s) and various switches.
The first argument is a ppdd device e.g. /dev/ppdd0
The second argument is a real device e.g. /dev/hda1 or a file.
If it is a file then this file must already exist and have been filled with
data e.g.
dd if=/dev/zero of=/home/ppddfile bs=1k count=1k
Switches are as follows:
-w use weaker random data for keys
-s use stronger random data
If you omit both -w and -s you have to press random keys to help the random
number process. With the -s option you do this twice. Both switches together
is an illegal combination.
-r fill the file of device with random data
It takes a number of bytes as argment, zero means full to overflowing.
It is well worth doing from a security point of view.
-x encrypt the data already on the file or device
This is very useful for converting an existing filesystem to ppdd.
If you select this option you must let the encryption run to the end.
The encryption takes place in the same disc area as the original data so
if you interupt the process all is lost.
The -r and -x switches are mutually exclusive.
-b write a backup control block
This takes a filename as argument. A copy of the first 1024 bytes is
written to this file. See the various documentation about security of
backups to understsand why you might want this.
RETURN VALUE
The program returns 0 if everything worked as expected. That means that the
ppdd device has been successfully connected to the host device or file.
The program returns 1 if anything has gone wrong.
ERRORS
All ppdd utilities display fairly meaningful errors (mostly on stderr).
In all cases the errors have a unique error number to help locate the
problem in the source code. If an error message is not clear then best
source of explanation at this stage is the source itself.
ENVIRONMENT
The program does not use any environment variables.
FILES
Files (and devices) are specified as arguments.
SEE ALSO
ppdd(1)
ppddcsum(1)
ppdddown(1)
ppddmchk(1)
ppddpassw(1)
ppddsetup(1)
ppdduprev(1)
ppdecrypt(1)
ppdncrypt(1)
ppddtab(5).
(c) 1999 Allan Latham - version 0.9
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- Random data
-
- Pass phrases
-
- OPTIONS
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- RETURN VALUE
-
- ERRORS
-
- ENVIRONMENT
-
- FILES
-
- SEE ALSO
-
-
This document was created by
man2html,
using the manual pages.
Time: 16:35:57 GMT, September 14, 1999