Linux: use a file as an encrypted partition with losetup

On my notebook i’ve decided to have a / partition and a cripted home for my user, automagically mounted at boot.
That’s what you need to do, after a fresh Slackware 13.1 installation:

Create the user:

adduser username

then the file to mount as home partition:

dd if=/dev/zero of=/cryptedfile bs=1k count=5000

load the cryptoloop module:

modprobe cryptoloop


link the file to the loop device:

losetup -e blowfish /dev/loop0 /cryptedfile

now choose a good password and DON’T FORGET IT!

create the filesystem:

mkfs -t ext3 /dev/loop0

mount the loop device to the mountpoint:

mount -t ext3 /dev/loop0 /home/username

You’re done.
Here is what i’ve on my rc.local and rc.local_shutdown to mount and umount the crypted file:
I’ve added a KILL to the user’s processes to stop all write to the encrypted file when i umount it.

rc.local:

echo  "MOUNTING CRYPTED HOME.."
modprobe cryptoloop
losetup -e blowfish /dev/loop0 /cryptedfile
mount -t ext3 /dev/loop0 /home/username/

rc.local_shutdown

skill -KILL -u username
sleep 4
umount /home/username
losetup -d /dev/loop0

If you’ve something to suggest, leave a comment.

2 pensieri riguardo “Linux: use a file as an encrypted partition with losetup”

  1. this works. but from a security viewpoint, it’s a bad idea altogether.

    a) cryptoloop should not be used, at all. there’s significant flaws (the whole API is a flawed crypto implementation). the most important one being watermark attacks. have a lookie @ http://lkml.indiana.edu/hypermail/linux/kernel/0402.2/1137.html
    b) blowfish. use twofish instead if you must use a -fish cipher. (go serpent if you ask me)
    c) if you must use onboard resources, dm-crypt is ok these days.
    d) go loop-AES if you value your sanity

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *