tech stuff.

Simple encrypted disk images in Linux

leave a comment »

The Linux kernel supports encrypted loop images via the cryptoloop driver, so you can use losetup(8) to create simple encrypted loop devices for those situation when cryptsetup/LUKS/device-mapper is unavailable or too complicated.

You’ll need the following modules loaded (or compiled in):

  • loop
  • cryptoloop
  • twofish (or whatever algorithm you prefer)

First you’ll need to allocate the file:

# dd if=/dev/zero of=<file> bs=1k count=<fs-size-in-kilobytes>

After that, you can ask losetup to loop it to the first free loop device and report back which it chose:

# losetup -e twofish -f -s <file>

The first time out you’ll want to format the device (e.g. mke2fs -j /dev/loop0), after that it’s just a matter of mounting (mount /dev/loop0 /mnt).  After you’re done you can use losetup to close the file and remove the device:

# losetup -d /dev/loop0

An important note about this method is that there is no sort of password validation.  Whatever password you enter will be used by the encryption algorithm.  That means if you enter the incorrect password then you’ll just read (or worse: write) a bunch of garbled data from the device.

Written by Lee Verberne

2009-01-08 at 16:08

Posted in Linux

Tagged with

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: