Tip of the Trade: Cryptmount
Cryptmount makes strong file encryption for unprivileged Linux users much easier to manage and lets admins create advanced setups easily. You can encrypt entire partitions or create several encrypted filesystems within a single partition by storing each encrypted filesystem inside a single file. Cryptmount can also be used to encrypt swap space. Encrypted volumes require root privileges to create, and then ordinary users can open and close encrypted volumes without needing root privileges. Need strong file encryption for underprivileged users? Cryptmount puts a friendly face on the technology.
- Users can change their own passwords
- Encrypted filesystems can be initialized at boot-up, or on demand, so it's easy to manage encrypted filesystems that are only occasionally required
- Encrypted access keys are OpenSSL-compatible, and Cryptmount supports storing access keys on removable media
- It offers support for scripting
Cryptmount is a front-end to the standard Linux encryption tools, device mapper and dm-crypt. It uses the Linux kernel's loopback device to create encrypted filesystems inside files. But the user doesn't need to know any of this because Cryptmount puts a friendly face on it.
The first step is to run the cryptmount-setup command for the initial setup of an encrypted volume. It creates an encryption key, asks for the location and size, creates the correct /etc/cryptmount/cmtab, and asks you to create a password. Then, it's ready for an unprivileged user who needs to know only the password and two commands: cryptmount [volume name] and cryptmount --unmount [volume name]. If you really want to be slick, you can create menu icons for the user to click on.
Visit Cryptmount.sourceforge.net for downloads and information.