Essential Encryption Part II - Linux Loopback

-=[ About It ]=-
The most popular way to encrypt large amounts of data in Linux is to create an encrypted loopback device. These are very versitile, and can cypher anything from an mp3 file to a raid array. They're also very simple to use, once you know what you're doing.

-=[ How To Use Them ]=-
To use encrypted loopback devices, you need to have the correct options enabled in your kernel. Make sure you have the CONFIG_BLK_DEV_LOOP option enabled (in 'Device Drivers -> Block Devices' in menuconfig), and a cryptographic module installed, such as CONFIG_CRYPTO_AES_586 (In the Cryptographic API section). You'll also need the 'losetup' utility, but that should come with your distro.

Next, you need to have something to encrypt data into, called the cypher container. I'm going to use a 5MB file of random data:

$ dd if=/dev/urandom of=/tmp/vault bs=1M count=5

Use losetup to give your file a device node in '/dev'. Know that if you have an older version of losetup, I've found that the syntax for running the node through the cryptographic API may be different:

# losetup -e aes-128 /dev/loop0 /tmp/vault

Note that you can feed a drive device node to losetup instead of a file as a container to encrypt to an entire drive. losetup should then ask you for a password, and connect the device node. Next, you'll need a filesystem. Since this container is so small, not much else will fit, so we'll use ext2:

# mkfs.ext2 /dev/loop0

Then mount it:
# mkdir /mnt/vault

This creates a mountpoint at /mnt/vault

# mount /dev/loop0 /mnt/vault

This mounts the container. Anything you drop in /mnt/vault will be encrypted with 128-bit AES. Remember to umount it before you turn off your computer.