Hi Julien,
What would be the best way to get an encrypted
directory, on which I can
still easily work? So not just gpg or pgp encrypt some data, because it's
around 3G and I wouldn't want to pack and unpack it all the time, there's
audio in there as well.
Since you're a seasoned command line hacker you don't
need any packages or special tools at all.
The text below is from
<http://blogs.techrepublic.com.com/opensource/?p=67>
To begin, you’ll need to load the aes and cryptoloop
modules in the kernel if they are not already available.
This can be done by executing:
# modprobe cryptoloop
# modprobe aes
Most modern Linux distributions provide these modules from
the get-go, so you shouldn’t have to recompile the kernel.
Once this is done, create the filesystem container, associate
it to a loopback device interface, and format it:
# dd if=/dev/urandom of=enc.img bs=1M count=50
# losetup -e aes /dev/loop0 enc.img
Password:
# mkfs -t ext2 /dev/loop0
# mount /dev/loop0
# mount -o loop,encryption=aes enc.img /media/disk
The first step creates an empty image file called enc.img
with a size of 50 MB; you can increase this by changing
the count value. Next, use losetup to associate the enc.img
file to the /dev/loop0 device and tell it that the device
is to be encrypted with AES encryption. This command uses
128-bit AES encryption; look at the losetup manpage to see
what other encryption types you can use. You will have to
provide a password that will be used from that point forward
to access the image.
Next, the filesystem is formatted with the ext2 filesystem.
Finally, it is mounted to /media/disk. The options passed
to mount tell it to use the loopback interface and the
encryption type needed. When you call mount, you will have
to provide the password you used to encrypt the image.
Putting this kind of image in /etc/fstab will not work
unless you want to be prompted for your password on each
boot. Instead, this should be accessed as needed. For
instance, you could store the file as ~/.enc.img so it’s
hidden from normal view, with mode 0600 permissions.
Wrapper scripts could be written to mount and umount the
image easily:
#!/bin/sh
mount ~/.enc.img
mkdir -p /media/secure && mount -o loop,encryption=aes ~/.enc.img /media/secure
And to unmount the volume when you’re finished with it:
#!/bin/sh
umount /media/secure && rmdir /media/secure
These two commands could be saved as ~/bin/ms and ~/bin/ums
respectively. Alternatively, you could add the following to
~/.bashrc and uses aliases instead:
alias ms="mkdir -p /media/secure && mount -o loop,encryption=aes ~/.enc.img
/media/secure"
alias ums="umount /media/secure && rmdir /media/secure"
Ciao,
--
FA
Io lo dico sempre: l'Italia è troppo stretta e lunga.