Skip to main content

How to encrypt a partition with Cryptoloop


1. Introduction

This article will describe how to encrypt entire partition with a Cryptoloop. Cryptoloop is a disk encryption module for Linux. It was first introduced in the 2.5.x kernel series. Cryptoloop has an ability to create an encrypted file system on a single partition or within a regular file, which can later simply be mounted by the mount command. Cryptoloop uses so called loopback device, which needs to be called with any file system request. Currently there are many alternatives for Cryptoloop usage and the most common is Loop-AES. This article will explain a simple usage of the cryptoloop module for partition encryption and mounting within a Linux Operating system.

2. Prerequisites

As it was already mentioned the cryptoloop module was introduced to Linux with the 2.5 kernel series. Therefore, the chances are that this module is already available on your system. To confirm that the cryptoloop module is available on your system run:
# lsmod | grep cryptoloop
cryptoloop             12671  1
If no output has been produced that means that the module is unavailable and you will need to load it with:
# modprobe cryptoloop
Another tool, which we are going to need is losetup, which should be already a variable on your system.

3. Setting up a loopback device

Cryptoloop can be used to create an encrypted filesystem within the entire partition or single file. The procedure is the same for both of them. The only difference is the supplied argument either to be a path to a regular file or to block the device. As an example in this tutorial we will encrypt a block device /dev/sdb1.
First, we can make sure to overwrite entire partition with some random data. This step is optional but recommended.
WARNING: note that the below command will physically erase any data you may already have on your partition:
# dd if=/dev/urandom of=/dev/sdb1 bs=1M
Disregard any possible error message about a full disk space.
In the next step we need to choose a type of encryption. A list of encryption algorithm available on your system can be seen by the following command:
 # cat /proc/crypto
We will use AES encryption algorithm. In the next step we use the losetup utility to attach our /dev/sdb1 block device to the system's loopback device /dev/loop0.
# losetup -e aes -k 256 /dev/loop0 /dev/sdb1
Password:
You will be prompted to enter a password, which will be used to mount and unmount your partition. Choose a strong password right from the beginning as there is no easy way to change this password later.

4. Create a filesystem

At this point we should have our /dev/sdb1 partition attached to /dev/loop0 with AES 256 bit encryption. Next we use the /dev/loop0 device to create a filesystem. Feel free to use any type of filesystem you deem it to be worthy. I will use ext4:
# mkfs.ext4 /dev/loop0

5. Mounting Loopback device

To mount a loopback device in this case is as simple as mounting any other block devices. First, we need to create a mount point:
# mkdir /mnt/cryptoloop
Once ready, we use the mount command to mount /dev/loop0 as ext4 filesystem:
# mount -t ext4 /dev/loop0 /mnt/cryptoloop/
At this point we are able to navigate to /mnt/cryptoloop/  and store some data. For example, let's create a new file foo.txt:
# echo LinuxTechTips.com > foo.txt
Once you finish using your new encypted filesystem you simply unmount it and detach it from a loopback device:
# umount /mnt/cryptoloop/
# losetup -d /dev/loop0
After executing the above commands your data ( foo.txt ) will no longer be available.

6. Cryptoloop permanent mount

Once the new /dev/sdb1 file-system was created and encrypted with use of cryptoloop and the loopback device we can mount it again without use of the pseudo loopback device /dev/loop0.
# mount -t ext4 /dev/sdb1 /mnt/cryptoloop/ -o encryption=aes
# cd /mnt/cryptoloop/
# cat foo.txt
LinuxTechTips.com
To be able to mount off our encrypted partition easily with the simple mount command we need to add the following line into the /etc/fstab file:
/dev/sdb1       /mnt/cryptoloop        ext4       noauto,encryption=aes
Now, we are able to mount this partition with:
# mount -a
OR
# mount /mnt/cryptoloop

7. Conclusion

You can find many other crypto utilities available on your Linux system. One worth to mention in conjunction to cryptoloop is its successor dm-crypt. Cryptoloop is part of Linux Crypto API since the kernel version 2.6.


Comments

Popular posts from this blog

Shell Script: Find Number Of Arguments Passed

Many times , when we create shell scripts we try to do repetitive tasks through functions. Some functions take arguments & we have to check the no. of arguments that are passed to it. Each bash shell function has the following set of shell variables: [a] All function parameters or arguments can be accessed via  $1, $2, $3,..., $N . [b]  $*  or  $@  holds all parameters or arguments passed to the function. [c]  $#  holds the number of positional parameters passed to the function. [d] An array variable called  FUNCNAME  ontains the names of all shell functions currently in the execution call stack. Example Create a shell script as follows: #!/bin/bash # Purpose: Demo bash function # -----------------------------   ## Define a function called test() test(){   echo "Function name:  ${FUNCNAME}"   echo "The number of positional parameter : $#"   echo "All parameters or arguments passed to the function: '$@'"   e

AMD Radeon™ HD 7670M on Ubuntu 12.04

Update:   Recently I install kubuntu 13.10 and there is no problem with graphics. It just works  fine out of the box. I've seen many blog posts on how to make AMD HD7670M work on Ubuntu 12.04, specially when its in switchable graphics board like Dell Inspiron 15R 5520. I tried many things to make it work so that I could use the cinnamon desktop on ubuntu & other things too.. But to my surprise even the drivers from AMD site didn't work. Then I tried a combination of those blog posts I read & somehow I became successful in running the full graphics including compiz settings inside My Ubuntu Machine. Following are the steps I followed & it worked... 1. Create a backup of your xorg configuration file: sudo cp /etc/X11/xorg.conf /etc/X11/xorg.conf.BAK 2. Remove/purge current fglrx and fglrx-amdcccle : sudo apt-get remove --purge fglrx* 3. Install the driver: sudo apt-get install fglrx fglrx-amdcccle 4. Install additional

CentOS / Redhat : Configure CentOS as a Software Router with two interfaces

Linux can be easily configured to share an internet connection using iptables. All you need to have is, two network interface cards as follows: a) Your internal (LAN) network connected via eth0 with static ip address 192.168.0.1 b) Your external WAN) network is connected via eth1 with static ip address 10.10.10.1  ( public IP provided by ISP ) Please note that interface eth1 may have public IP address or IP assigned by ISP. eth1 may be connected to a dedicated DSL / ADSL / WAN / Cable router: Step # 1: Enable Packet Forwarding Login as the root user. Open /etc/sysctl.conf file # vi /etc/sysctl.conf Add the following line to enable packet forwarding for IPv4: net.ipv4.conf.default.forwarding=1 Save and close the file. Restart networking: # service network restart Step # 2: Enable IP masquerading In Linux networking, Network Address Translation (NAT) or Network Masquerading (IP Masquerading) is a technique of transceivin