Now we are going to setup an encrypted file system for a user private use, and this encrypted file system is under the home directory of this user.

We can use another file system structure to be encrypted in stand of the user's home directory, like "/crypt/users", which contains both the encryption container and the each user's encrypted file system.

The following commands are to show you how to create an encryption container:

• Step 1: Define the environment variables

Here we define the path and the parameters for the encryption, and we give a name to the file which will be the container of the encrypted file system.

//choose one from the available loop devices, and number is between 0 and 7
#LOOP=/dev/loop0
//point the location of the encryption mount point
#MOUNTPOINT=$HOME/crypt
//the name of the encrypted file which contains the encrypted file system
#CONTAINER=$MOUNTPOINT/.crypt.img
//define the encryption algorithm, here we use AES
#CYPHER=aes
//set the offset
#read sector
#OFFSET=$($sector*512)
//get the size of the container (Mb)
#read SIZE

• Step 2: The creation of the encryption container
  

//just remember not to use the directory /dev/zero for the encryption container
#mkdir –p $MOUNTPOINT
#dd if=/dev/urandom of=$CONTAINER bs=2M count=$SIZE
#chmod 600 $CONTAINER

• Step 3: Activation of the encryption system

At this step, the system will ask you to choose a password for the encrypted file system.

//add the modules into memory, the system running kernel
#modprobe loop
#modprobe Cryptoloop
#modprobe aes
// active the daemon of Cryptoloop, and give the password
#/usr/loca/sbin/losetup –e $CYPHER –o $OFFSET $LOOP $CONTAINER
//if you want to get the configuration information about the loop devices, you can do it like this:
#/usr/local/sbin/losetup $LOOP

Notes: if you use util-linux2.12, the length of the password is fixed to 256bits. Any password whose length is more than that will not be accepted. So, try to choose a password less than 32 characters (256bits).

• Step 4: Initialization of the encryption

First we need to choose the type of the Linux local file system. For example, here we use ext3, the update version of ext2, and has been added the journaling function. So, in this way, the encryption container which is in ext3 file system can also be logged.

//create a file system for the loop device
#mkfs.ext3 –j –m 0 –L “home_crypt” $LOOP
//mount this file system to the mount point, and just remember that the encryption container $LOOP can not be accessed.
#mount –t ext3 $LOOP $MOUNTPOINT
//change the file’s owner and group for the certain user
#chown <username>:<groupname> $MOUNTPOINT
//change back to the certain user’s login shall, and change the permission on his encrypted file system
#su user1
$chmod 700 $MOUNTPOINT

//if you want to unmount the encrypted file system, as root
#umount $MOUNTPOINT

//to delete a loop device, as root
#losetup –d $LOOP

And we can do all the commands above in a single one:

//active and mount the encrypted file system
#/usr/local/bin/mount –t ext3 –o default, user1,exec,loop,encryption=$CYPHER,offset=$OFFSET $CONTAINER $MOUNTPOINT

//if you want to umonut it
#/usr/local/bin/umount $MOUNTPOINT