Locked History Attachments

LuisCruz/HowTo/EncryptedFilesystem

Unless they where build directly into your working kernel, you'll need to load the following modules:

modprobe cryptoloop
modprobe crypto_null

You will also need to load the module for the encryption algoritm you want to use: aes, blowfish, twofish, etc. In this example I will use aes, which is said to be a good compromise between performance and security.

modprobe aes

Before formating the filesystem, flush the disk with random data, this will make it harder for an attacker to detect patterns in your encrypted partition.

dd if=/dev/urandom of=/dev/sda1 bs=1M

Or create a file in an existing partition:

dd if=/dev/urandom of=~/.crypto bs=1024k count=30000

Next set up a loop device:

losetup -e aes /dev/loop0 /dev/sda1

And next, make the filesystem:

mkfs.ext3 /dev/loop0

Next mount the filesystem with the following instruction:

mount -t ext3 /dev/loop0 /media/crypto

After trying it out unmount it and detach the loop device:

umount /media/crypto
losetup -d /dev/loop0

You can now mount the filesystem with the following instruction:

mount -t ext3 /dev/sda1 /media/crypto/ -oencryption=aes

Or better yet, add the following line to your /etc/fstab file to make life easier:

/dev/sda1               /media/crypto          ext3    user,noauto,encryption=aes       0 0

And that's it, more peace of mind,..