Cryptography -- You have the right to remain private
... so why don't you seize that right today? Attempts to gain access to
your personal data on behalf of governmental agencies as well as the
corporates become more insolent by the hour; your only line of defence
in this war is strong cryptography without backdoors. The question
here is not whether you actually have anything to hide (or think you
do/don't), the question is whether you will allow the bastards to violate
your privacy like a sheep or fight for your privacy as befits a citizen
of the so-called "free world". So why not start today with a
GnuPG key which will allow you to put
your email in a titanium-grade envelope?
This page is under construction and will eventually cover GnuPG
as well as cryptographic filing systems on Linux using the cryptoloop
extension. For the time being the main purpose of this page is to publish
two very handy scripts to use with the cryptoloop.
- cryptomount: this script makes mounting
encrypted image files much easier by uniting the two basic steps (setting up
the loop and mounting the image) and removing the need to specify a loop
device to use (the script will automatically use the first available loop
when mounting and read the loop device from /etc/mtab when unmounting).
I suggest you copy this script to /usr/local/sbin/. Usage is as
where the -e and -k switches are mapped directly to losetup
and -t and -r are mapped directly to mount, so consult these
manpages for more information. I recently made this script safer by making sure that
all parameters can only be specified at most once. This makes it feasible to allow
regular users access to the command via sudo while restricting the potential
mount points below a special directory (e.g. /mnt/) rather than anywhere in
the system. It'd be easier if sudo supported full regular expressions,
- Mounting: cryptomount -e cipher [-k keybits -t vfstype -r] imagefile mountpoint
- Unmounting: cryptomount -u mountpoint
- cryptohome.sh: this script goes into
/etc/init.d/ if you want to mount a cryptoloop image when booting
and unmount it when shutting the machine down. It expects the cryptomount
script in /usr/local/sbin and has to be adapted for your image file and
mountpoint (lines 12, 13). Additionally you'll have to make sure the script is
executed at the right time (consult the manpages for your distribution to
determine how to achieve that).
Back to my index page.
You can contact me by email here.