Hi Julien, > What would be the best way to get an encrypted directory, on which I can > still easily work? So not just gpg or pgp encrypt some data, because it's > around 3G and I wouldn't want to pack and unpack it all the time, there's > audio in there as well. Since you're a seasoned command line hacker you don't need any packages or special tools at all. The text below is from <http://blogs.techrepublic.com.com/opensource/?p=67> To begin, you’ll need to load the aes and cryptoloop modules in the kernel if they are not already available. This can be done by executing: # modprobe cryptoloop # modprobe aes Most modern Linux distributions provide these modules from the get-go, so you shouldn’t have to recompile the kernel. Once this is done, create the filesystem container, associate it to a loopback device interface, and format it: # dd if=/dev/urandom of=enc.img bs=1M count=50 # losetup -e aes /dev/loop0 enc.img Password: # mkfs -t ext2 /dev/loop0 # mount /dev/loop0 # mount -o loop,encryption=aes enc.img /media/disk The first step creates an empty image file called enc.img with a size of 50 MB; you can increase this by changing the count value. Next, use losetup to associate the enc.img file to the /dev/loop0 device and tell it that the device is to be encrypted with AES encryption. This command uses 128-bit AES encryption; look at the losetup manpage to see what other encryption types you can use. You will have to provide a password that will be used from that point forward to access the image. Next, the filesystem is formatted with the ext2 filesystem. Finally, it is mounted to /media/disk. The options passed to mount tell it to use the loopback interface and the encryption type needed. When you call mount, you will have to provide the password you used to encrypt the image. Putting this kind of image in /etc/fstab will not work unless you want to be prompted for your password on each boot. Instead, this should be accessed as needed. For instance, you could store the file as ~/.enc.img so it’s hidden from normal view, with mode 0600 permissions. Wrapper scripts could be written to mount and umount the image easily: #!/bin/sh mount ~/.enc.img mkdir -p /media/secure && mount -o loop,encryption=aes ~/.enc.img /media/secure And to unmount the volume when you’re finished with it: #!/bin/sh umount /media/secure && rmdir /media/secure These two commands could be saved as ~/bin/ms and ~/bin/ums respectively. Alternatively, you could add the following to ~/.bashrc and uses aliases instead: alias ms="mkdir -p /media/secure && mount -o loop,encryption=aes ~/.enc.img /media/secure" alias ums="umount /media/secure && rmdir /media/secure" Ciao, -- FA Io lo dico sempre: l'Italia è troppo stretta e lunga. _______________________________________________ Linux-audio-user mailing list Linux-audio-user@xxxxxxxxxxxxxxxxxxxx http://lists.linuxaudio.org/mailman/listinfo/linux-audio-user
