Setup an Encrypted filesystem on linux

2004 Dec 5 at 05:29 » Tagged as :

I had a sudden attack of paranoia and thought of placing some important stuff like source code and cryptographic keys on an encrypted file system. The losetup man page has a very good description of how this is done but there are couple of things to watch out for.

The first one is that you need to load two kernel modules (if they have not been loaded already). The first of these is the cryptoloop module. Then you need to decide the encryption algorithm to use, it's said that twofish gives a nice balance between hard to crack and speed.

On my Fedora Core 3 installation, the exact steps to create a crypto filesystem of 256MB was as follows:

dd if=/dev/zero of=/mnt/bakup/swap bs=16k count=16k

insmod /lib/modules/2.6.9-1.667/kernel/drivers/block/cryptoloop.ko

insmod /lib/modules/2.6.9-1.667/kernel/crypto/twofish.ko

losetup -e twofish /dev/loop1 /mnt/backup/crypto

mkfs -t ext2 /dev/loop1

mount /dev/loop1 /mnt/crypto

In your linux system you may not need to enter the full path to the module . You will need to have the loop devices in your /dev/ folder or you can create them with the MAKEDEV command (or equivalent) for your platform. In mycase /mnt/backup is the mount point for an existing partition, instead of dedicating an entire partition to the encrypted filesystem, I decided that it should be a file on an existing partition.

Now the most important thing of course is not to forget the password that you choose when invoking losetup. After you unmount the file system you should call losetup -d on it. When you want to reuse it remember not to call dd and mkfs.