Google Site SearchFN Site Search FN Blog Login FN Blog Login
Site Navigation:

Loopback Encrypted Filesystem

by Alexandre de Abreu on Jun 10, 2004

This tutorial will show you how to setup an encrypted filesystem under Fedora Linux, this is usefull when we need to store sensitive data on the disk. All steps covered here will be done by using Fedora tools without needing to compile any other software.

First of all, we need to choose if the target will be a file or a disk partition. The same process can be applied for both of them, but here it will be done by using a file, this file will be then mounted as an ext3 and filesystem encripted with some algorithm.

The first step is to load the loop blockdevice adaptor, this can be done by executing the command below:

modprobe cryptoloop && lsmod | grep cryptoloop

If everything goes fine, this command loads the adaptor and then lists the loaded module. The next step will be the file target setup. There are many algorithms that can be used to encrypt the filesystem, to take a look at which of them are available on your system ensure the command:

modinfo /lib/modules/2.6.5-1.358/kernel/crypto/*

The output of the above command will be some information about the available encrypt modules on your system, note that the number "2.6.5-1.358" is the version of the Kernel. For our setup we will choose "Serpent" as the encrypt algorithm, Serpent uses a 128-bit block cipher. Here are the steps for creating a 10MB file block as our filesystem:

dd if=/dev/zero bs=1M count=10 of=/root/.mycryptofs

Now we have the target file setup done, the next step will be to associate it with the encrypt type using the losetup program as follows, be sure to remember the password asked here:

losetup -e serpent /dev/loop0 /root/.mycryptofs

Create the ext3 filesystem:

mkfs.ext3 /dev/loop0

And finally, mount it:

mount -t ext3 /dev/loop0 /mnt/crypto/

If every step succeeds any file stored at the mount point "/mnt/crypto" will be encrypted. To umount and disable it, type the commands:

umount /mnt/crypto

losetup -d /dev/loop0

So, how can I check if everything is going fine? Try to umount and disable the loop device as showed above and then redo the process of activating and remounting it using another password(do not re-create the ext3 fs again at this time). This will results on an error when mounting the encrypted filesystem.