DM CryptFS software provides helper tools for setting up swap partitions and filesystems using the device mapper crypt target of the Linux kernel 2.6.4 and later.
cryptfs allows you to encrypt some filesystems and offers a simple form of logical volume management.
All information about the encrypted filesystems have to be provided in a xml file. An example with explanations is provided in example/cryptfs.xml or on Debian systems in /usr/share/doc/dmcryptfs/cryptfs.xml.gz. A simple setup with one encrypted filesystem would be:
< ?xml version="1.0" encoding="UTF-8"? >
< dmcryp >
< !-- For the first setup these options can be overriden with
the -m option to be able to create a filesystem on it. -- >
< option name="fsck" value="yes"/ >
< option name="mount" value="yes"/ >
< storage device="/dev/hda6" >
< entry name="home" cipher="aes256-cbc-essiv:sha256"/ >
< /storage >
< action name="boot" >
< key type="passphrase" >
/home filesystem encryption
< /key >
< map name="home"/ >
< /action >
< /dmcrypt >
As you can see this xml file consists of three parts:
- some options,
- the definition of the storage for the encrypted data and
- the definition of actions (i.e. asking for a key, decrypting the data, fscking and mounting the filesystem).
A complete description of these parts is given in example/cryptfs.xml resp. /usr/share/doc/dmcryptfs/cryptfs.xml.gz.
This xml file should be saved as /etc/cryptfs.xml. A call of 'cryptfs boot' will then activate this encrypted filesystem. ("boot" is the name of the action in the xml file.)
There is an init script called cryptfs, which will call 'cryptfs boot' during boot if there is such an action available. (On Debian systems this script will be installed automatically. So don't name your actions "boot" unless they should be started at boot time.)
What's New in This Release: [ read full changelog ]
· This release offers access control options to allow cryptfs to be run as setuid root.
· A --remove option was added to remove all mappings that are associated with the given action.