tech stuff.

The Linux kernel supports encrypted loop images via the cryptoloop driver, so you can use losetup(8) to create simple encrypted loop devices for those situation when cryptsetup/LUKS/device-mapper is unavailable or too complicated.

You’ll need the following modules loaded (or compiled in):

• loop
• cryptoloop
• twofish (or whatever algorithm you prefer)

First you’ll need to allocate the file:

# dd if=/dev/zero of=<file> bs=1k count=<fs-size-in-kilobytes>

After that, you can ask losetup to loop it to the first free loop device and report back which it chose:

# losetup -e twofish -f -s <file>

The first time out you’ll want to format the device (e.g. mke2fs -j /dev/loop0), after that it’s just a matter of mounting (mount /dev/loop0 /mnt).  After you’re done you can use losetup to close the file and remove the device:

# losetup -d /dev/loop0

An important note about this method is that there is no sort of password validation.  Whatever password you enter will be used by the encryption algorithm.  That means if you enter the incorrect password then you’ll just read (or worse: write) a bunch of garbled data from the device.