This article will describe how to encrypt entire partition with a Cryptoloop. Cryptoloop is a disk encryption module for Linux. It was first introduced in the 2.5.x kernel series. Cryptoloop has an ability to create an encrypted file system on a single partition or within a regular file, which can later simply be mounted by the mount command. Cryptoloop uses so called loopback device, which needs to be called with any file system request. Currently there are many alternatives for Cryptoloop usage and the most common is Loop-AES. This article will explain a simple usage of the cryptoloop module for partition encryption and mounting within a Linux Operating system.
As it was already mentioned the cryptoloop module was introduced to Linux with the 2.5 kernel series. Therefore, the chances are that this module is already available on your system. To confirm that the cryptoloop module is available on your system run:
If no output has been produced that means that the module is unavailable and you will need to load it with:
Another tool, which we are going to need is losetup, which should be already a variable on your system.
3. Setting up a loopback device
Cryptoloop can be used to create an encrypted filesystem within the entire partition or single file. The procedure is the same for both of them. The only difference is the supplied argument either to be a path to a regular file or to block the device. As an example in this tutorial we will encrypt a block device /dev/sdb1.
First, we can make sure to overwrite entire partition with some random data. This step is optional but recommended.
WARNING: note that the below command will physically erase any data you may already have on your partition:
Disregard any possible error message about a full disk space.
In the next step we need to choose a type of encryption. A list of encryption algorithm available on your system can be seen by the following command:
We will use AES encryption algorithm. In the next step we use the losetup utility to attach our /dev/sdb1 block device to the system's loopback device /dev/loop0.
You will be prompted to enter a password, which will be used to mount and unmount your partition. Choose a strong password right from the beginning as there is no easy way to change this password later.
4. Create a filesystem
At this point we should have our /dev/sdb1 partition attached to /dev/loop0 with AES 256 bit encryption. Next we use the /dev/loop0 device to create a filesystem. Feel free to use any type of filesystem you deem it to be worthy. I will use ext4:
# mkfs.ext4 /dev/loop0
5. Mounting Loopback device
To mount a loopback device in this case is as simple as mounting any other block devices. First, we need to create a mount point:
Once ready, we use the mount command to mount /dev/loop0 as ext4 filesystem:
At this point we are able to navigate to /mnt/cryptoloop/ and store some data. For example, let's create a new file foo.txt:
Once you finish using your new encypted filesystem you simply unmount it and detach it from a loopback device:
After executing the above commands your data ( foo.txt ) will no longer be available.
6. Cryptoloop permanent mount
Once the new /dev/sdb1 file-system was created and encrypted with use of cryptoloop and the loopback device we can mount it again without use of the pseudo loopback device /dev/loop0.
To be able to mount off our encrypted partition easily with the simple mount command we need to add the following line into the /etc/fstab file:
Now, we are able to mount this partition with:
You can find many other crypto utilities available on your Linux system. One worth to mention in conjunction to cryptoloop is its successor dm-crypt. Cryptoloop is part of Linux Crypto API since the kernel version 2.6.