People think about encrypting some or all their files for several reasons. Whether they can't depend on physical security to keep their files safe or they're carrying around a portable laptop with sensitive files and they're afraid of it being stolen or who knows for what other reasons. The encryption process will obscure certain information, making it unreadable without a special password or passcode.
This article will explain how to setup an encrypted filesystem under Fedora Core Linux, using only Fedora tools. No external tools will require compiling and installing. After following this guide, your Linux system will have a new partition where you can move your sensitive files. This new partition will be encrypted at all times and reading the files in it won't be possible unless the proper password is used. Your current filesystem will be kept intact so don't worry about the possibility of damaging any files on your hard drive. It's not possible.
- First, load the loop blockdevice adaptor by executing the following command:
- Next, you'll need to choose which algorithm to be used for encrypting the filesystem. To take a look at which algorithms are available on your system, run the command:
- Now you need to create a file block as your filesystem. Its size can vary depending on your needs but it shouldn't overtake the size of the current disk's free space. For this tutorial, I've created a 650MB file block so it could easily be burned onto a CDR. To create the 650MB file block, run the command:
NOTE: The first command will ask you for a password. This password will be used for mounting the encrypted filesystem at a later time so don't lose it!
mkfs.ext3 /dev/loop0
mount -t ext3 /dev/loop0 /mnt/secure
losetup -d /dev/loop0
sync
(you will be asked for the encrypt password you've set earlier)
mount -t ext3 /dev/loop0 /mnt/secure
To make things easier, you can make a couple of bash aliases in order to make mounting and unmounting the encrypted filesystem easier by adding these to the /root/.bashrc file:
alias umountsecure='umount /dev/loop0; losetup -d /dev/loop0; sync'
# mountsecure
(enter the encrypt password)
To umount and disable it:
# umountsecure