Daily use of the CryptoBox
Activate your encrypted filesystem
You can activate your encrypted filesystem by doing following these steps:
- Point your web browser at the address of your CryptoBox. The default is https://192.168.0.23.
- Click on Activation of encrypted data. A new page asking for your crypto password appears.
- Enter your crypto password and click on the button below labeled activate encrypted filesystem.
Now the filesystem is accessible. To use it, search for a computer in your network neighborhood. When asked for the name, enter the above IP address (default: 192.168.0.23). Now you can use it like any other network resource.
Use your encrypted data
Linux - command line
To use the encrypted data partition with regular user rights add the line below to your /etc/fstab:
//192.168.0.23/public /mnt/ smbfs defaults,noexec,noauto,user,guest 0 0
Now you can mount the encrypted data partition to /mnt:
mount /mnt
resp. unmount:
smbumount /mnt
Windows
Run the the Windows Explorer and choose Map network drive in the Tools menu:
- select a drive of your choice
- enter \\192.168.0.23\public (default setting) as target
Now you can use your encrypted data like any other network resource.
Deactivate your encrypted filesystem
You can deactivate the encrypted filesystem by clicking at Deactivation of encrypted data in the web interface of your CryptoBox.
Your data is now protected again.
Shut down your CryptoBox
Click at the Shutdown link in the menu of the web interface. There you can choose poweroff or reboot. The shutdown takes some seconds.
If the hardware of your CryptoBox is quite recent, it will power-off automatically. Otherwise you have to do it manually.
In case of emergency
If you have to protect the drive really fast, just power-off the CryptoBox machine instantly by pulling the plug or pushing the power button. This is not very clean and can (in very rare circumstances) corrupt open files, but it is the fastest method to secure your data.
back to CryptoBoxUser
Questions and Answers
Windows: network drive cannot be mapped
This error message may appear, if you did not login during the booting of you windows machine (or you closed the login dialog by pressing ESC).
Solution: Choose Logout in the Start menu and login again.
Linux: only root can unmount //192.168.0.23/public
You can't unmount the partition with umount.
Solution: Use smbumount instead:
smbumount /mnt
Linux: Operation not permitted / smbmnt failed: 1
The attempt to mount the partition as a regular user ends up with:
cannot mount on /mnt/: Operation not permitted smbmnt failed: 1
Solution: Set the directory's owner to the same user that mounts the share (e.g. phil):
chown phil. /mnt
Comments
Comment by evert mouw <post@…> on Mon Dec 11 22:51:09 2006
So, basically there is no password on the samba share? Which means EVERYBODY on the network can access ALL data from the cryptobox? I suggest to make passwords obligatory in this case.
Hi mouw, thanks for your comment!
We discussed this topic, too, but we concluded that the amount of coding-work necessary for this feature is to high compared to the (very little) additional security gained by samba passwords. If a bad guy is in the same network as the cryptobox, then he can sniff all the transfered data, as windows still does not support any kind of encryption for the smb-share traffic (passwords are encrypted, of course). Thus we assume, that the network is safe. I do not think, that we will change this approach as long as the network filesystem does not encrypt traffic. In this regard WebDAV would be a good alternative to samba/cifs, but it is not yet easily usable with all major operating systems.
Of course, you are free to write a plugin for samba user management, if you like. The CryptoBox v0.3 (coming very soon) will be easily extensible. regards, Lars
