The above works fine for the root user, but I wanted something where "joe user" could mount, unmount, and read / write to the encrypted container. After a little trial and effort, here is what I have come up with…

This example shows how to create an ext2 file system on encrypted file. This example creates a 5 MB file (/mnt/msdos/scratch/cryptfile) for storage and a directory (/mnt/crypt) as a mount point.

Note: This example is intentionally simple to help you understand basic loop encryption, but is also vulnerable to optimized dictionary attacks. Also, the "losetup -e" command asks for a 20 character encryption password, make up one and don't forget it.

Execute the following commands (as root), modifying paths and filenames for your purposes:

dd if=/dev/zero of=/mnt/msdos/scratch/cryptfile bs=4k count=1280
losetup -e AES128 -T /dev/loop1 /mnt/msdos/scratch/cryptfile
mkfs -t ext2 /dev/loop1
losetup -d /dev/loop1
mkdir /mnt/crypt
cd /mnt/crypt
chown knoppix.knoppix *
chown knoppix.knoppix .
chown knoppix.knoppix ..
cd ..
chown knoppix.knoppix crypt

Next, add this to your /etc/fstab file (all one line):

/mnt/msdos/scratch/cryptfile /mnt/crypt ext2 noauto,users,exec,loop=/dev/loop1,encryption=AES128 0 0

Exit the root account, to your joe user account (knoppix in this example).

Now regular users should be able to mount the file system as follows (after answering the password prompt correctly).

mount /mnt/crypt

The can then unmount it like this:

umount /mnt/crypt

The only thing that needs done now is to create a desktop icon that will let users mount and unmount the container. Creating an icon that shows the "disk" as mounted and lets you unmount is no problem, but when you go to mount it, you will get an error because the password is needed. Currently, I am mounting (as joe user) from a terminal, then using the icon (or command line) to dismount. If anyone comes up with anything a little more user friendly that is tested and working, please post.

documented on: Jul 08, 2003, pau1knopp

> How do I send the password automatically for attaching the encrypted file to
> the loopbackdevice.
>
> I want the password to come from the output of another program.

The answer to my own question is, use the -p option.

You can search google for "losetup -p" for more information, or just use my example below.

echo <password> | losetup -p0 -e AES128 /dev/loop0 /file

documented on: Oct 03, 2003, rneff

Since my work PC is Windows 2000, I have been wanting to use my same AES containers created on Linux in my Windows environment, and vice versa. Found a most excellent tool called CrossCrypt for this very purpose.

http://www.scherrer.cc/crypt/

It is command line driven, so you may want to use the GUI overlay designed for it.

http://www.sdean12.org/CrossCryptGUI.htm

Finally, there is also a utility that let's you manage your containers from a system tray icon.

http://www.sdean12.org/zipped2/SecureTrayUtil391.zip

The system tray also supports other Win32 FOSS and commercial encrypted containers you might be using (freeOETF, bestcrypt, E4M, pgpdisk, scramdisk, and truecrypt) as well as adds shredder functionality, and integrates into the Windows shell pretty well.

documented on: Jul 01, 2005, pau1knopp