Worked Further With Encryption On Linux

I looked into the command line options for partition encryption on Linux today. It is possible to have more than one key to encrypt/decrypt a partition. I tried first to add a further encryption key (passphrase) to the partition. But first I had a look into the keys that already in the wallet of the partition with:
cryptsetup luksDump <device>
e.g.: cryptsetup luksDump /dev/sda3

I got a list of key slots. Only the key slot 0 has a value. It contains the encryption key (passphrase), which was set during the installation.

I could add a new encryption key with the command:
cryptsetup luksAddKey <device>
e.g.: cryptsetup luksAddKey /dev/sda3

I had to add the passphrase of the already existing encryption key and could afterwards insert a passphrase for the new encryption file (twice, because of verification). The passphrase will not be visible during typing.

I rerun the cryptsetup luksDump command and got the information that there were occupied two key slots yet, the slots 0 and 1.

Because there are two encryption keys available for this partition yet, it is possible to remove one of them. I use the remove command for this:
cryptsetup luksRemoveKey <device>
e.g. cryptsetup luksRemoveKey /dev/sda3

I was asked for the passphrase of the encryption key that I wanted to remove. I typed in the passphrase for the key on slot 0 and the key from this slot were removed. I checked this with the cryptsetup luksDump command. The key slot 0 was empty yet.

I added a further encryption key with the cryptsetup luksAddKey command. I had first to submit the passphrase of one of the available keys for the partition, in this case the passphrase for the key in slot 1. Then I could add a new key by typing in its passphrase twice (to verify it). I checked again with the cryptsetup luksDump command. The new encryption key was writen to first available free key slot, in this case key slot 0.

Experimentation With Encryption On Linux

I replaced the hard disk of my notebook and installed a fresh openSuSE Leap 15 distribution on it. I took this opportunity to get some knowledge about encryption using Linux. openSuSE makes it easy to create the encryption during the installation process. I could choose it for every partition with only one additional click. I tried it out with encryption for all partitions that I created during the installation process and also with the encryption of only the data (home) partition. I decided that the second option would work for me and thus I went with that option.

If I didn’t overlook something openSuSE offers only the option to set the first key for the encryption of a partition. Thus I had to use the command line to add further keys to the encryption key wallet.

Installation Of OpenSUSE Leap 15.0

I installed the latest OpenSUSE Leap distribution to a notebook. The installation tooks about half an hour and the new KDE Plasma desktop looks very well. It’s always easy and fast to install a new Linux distro these days. If I would have tried to do the same with a current MS Windows on the same machine, I wouldn’t have finished yet (but not sure, if the machine would be able to run a current version).

Upgrade To Leap 42.3

I upgradet my notebook to openSuSE Leap 42.3 with zypper dup and everything went well. It took only a relatively short time in comparison with an upgrade of MS Windows and I had not to restart my box several times.

The upgrade needed only some edits to the software repositories that I used for the notebook. Nearly all of them needed only a change of the version number in the URL Form 42.2 to 42.3. The LibreOffice Factory repository (needed especially for building) needed a different tweek. There is no sub-repo for 42.3 yet. This I had to change to the sub-repo ‘openSUSE_Factory’ instead. That was all I had to do before I run the zypper dup command.

Really easy to update the Linux distribution. And I had not to reedit my user configuration etc. Everything works AS before.

OpenSuSE Leap 42.1 and Brother MFC 7320

I tried to get the scanner of a Brother MFC 7320 into work with openSuSE Leap 42.1. I could install the software with a script ‚linux-brprinter-installer-2.0.0-1‘ downloaded from the support page of the vendor. But there was an issue with the conection to the scanner via USB-Port. Although the model is not new the scanner was not listed in /etc/udev/rules.d/55-libsane.rules. I looked with scanimage -L out for the scanner and it was listed. Then I run lsusb and got the vendor-id and the device-id. I added a new entry to the libsane.rules file:

# Brother MFC-7320 ATTR(idVendor)==“04f9″, ATTR(idProduct)==“01eb“, MODE=“0664″, GROUP=“lp“, ENV(libsane_matched)=“yes“

Then I had to add the user to the group ‚lp‘ and after a restart the scanner works.

Xsane got the scanner and I could also use the automatic scanner utility to scan more than one page at once. There is a special mode for this in xsane for this (drop down menu on the top right). I had to count the pages of the multipage scan and put the number in the field on the top left. There is a pop up window where I had to create a multipage project. Then everything was done by xsane and its toolbox.