One cryptographic kernel module, e.g. aes.ko loaded
To use an encrypted container file for example, you would type something like:
root@mybook:~# modprobe loop
root@mybook:~# modprobe cryptoloop
root@mybook:~# losetup -e aes /dev/loop0 containerfile
Password:
root@mybook:~# mke2fs /dev/loop0 # or continue using the volume here
Instead the container file, you also could use a disk or disk partition of course.
This method works well if you are the only person that needs to access the encrypted
volume (i.e. there is only ONE password). If you want to use container files,
you need the loop device in any case, since the other methods work on devices
only.
Encryption using cryptsetup
cryptsetup can be used to configure any blockdevice as an encrypted filesystem.
WARNING: All data on the block device will get DESTROYED when you
initialise the mapper device with the luksFormat command !
If you want to use this on a container-file (because you don't want to or can't
create a separate, encrypted block device (e.g. a separate partition), you need
to use losetup to bind the container file to a loop device.
To initialise a LUKS container, execute this commands:
root@mybook:~# cryptsetup luksFormat /dev/example_blockdevice
Enter LUKS password: foobar
To open an encrypted LUKS container, enter:
root@mybook:~# cryptsetup luksOpen /dev/example_blockdevice myvolumename
Enter LUKS password: foobar
key slot 0 unlocked.
root@mybook:~# ls -l /dev/mapper/myvolumename
brw-r----- 1 root root 254, 0 Jan 1 1970 /dev/mapper/myvolumename
If using this volume the first time, the filesystem needs to get created:
root@mybook:~# mke2fs /dev/mapper/myvolumename
Then you can work with this device like with any hard disk partition:
root@mybook:~# mount -t ext2 /dev/mapper/myvolumename /mnt
When you are done, don't forget to remove the device: