cryptmount is a software tool for managing encrypted file systems under the GNU/Linux family of operating systems. It uses the device mapper and dm-crypt infrastructure to provide transparent encryption of file systems stored in disk partitions or within ordinary files.

The main features of cryptmount are as follows:

• Filesystems can be (un)mounted whenever needed by ordinary users, without requiring superuser/administrator privileges
• Multiple encrypted filesystems can be stored within a single disk partition
• Configuration information about encrypted filesystems is stored within a free-format human-readable file
• Access keys can be protected by a wide range of encryption and hashing algorithms provided by the libgcrypt library
• Access keys can be compatible with the OpenSSL command-line tool, and be stored & backed-up separately from the filesystem that they protect
• Encrypted swap partitions are supported, and can be configured automatically on system boot-up
• An interactive setup script is supplied to allow basic, but effective, encrypted file systems to be created

Design choices

The design of cryptmount has been driven by a number of choices:

• It should be possible for rarely used encrypted filesystems to be left normally unmounted, but easily made visible when needed
• The setup of loopback devices needed to access encrypted filesystems within ordinary files should occur as transparently as possible
• Any user who knows the access password for an encrypted filesystem should be able to mount it when needed
• There is little value in obscuring information about the choice of encryption algorithm if that information is freely available to anyone who already has superuser privileges — i.e. textual configuration files to which only root has access are not significantly less secure than fixed-format binary information embedded within a disk partition.
• Only a single access password should be allowed on any encrypted filesystem — so that all users who control access to the filesystem have a shared interest in having a strong password, without any individual being able to choose their own a weak password.

External links

• Official website
• cryptmount on SourceForge.net