Cryptmount a utility which allows user to access encrypted files, which is developed by Linux Operating Systems here they do not require root privileges. Cryptmount requires Linux Distributions with kernel 2.6 or later. Encrypted files and encrypted partitions, both are handled by Cryptmount. Simple administration and system administrator are offered by Cryptmount for creating and managing encrypted file systems. Two approaches to use encrypted file systems in the kernel are the cryptoloop device driver and device-mapper system, using the dm-crypt target.
- Cryptoloop Device Driver: Gives detailed information on encrypted file systems within /etc/fstab to configure it completely using mount. It is easy to give users permission for mounting the encrypted file systems.
- Device-mapper: Accessing encrypted file systems for normal users is easier than cryptoloop, using the devmapper process gives access to different devices translating to superior performance and allowing the cleaner organization of encryption.
Features of Cryptmount:
- Access to enhanced kernel functionality
- Unified support for automatic filesystem setup on system boot
- Encryption to filesystem access keys which enable password access for modifying without re-encrypting the whole filesystem.
- Multiple encrypted file system on the single disk partition
- File system which isn’t used often doesn’t require mounting during system startup
- Locking every un-mounted file system in order to conduct only when it is mounted by the user or root user.
- Adapt cryptsetup with the encrypted file system
- Supporting encrypted superuser
- Support for creating ad handling file system at system boot-up
$ sudo apt install cryptmount
# yum install device-mapper-devel (On CentOS/RHEL 7) # dnf --enablerepo=PowerTools install device-mapper-devel (On CentOS/RHEL 8 and Fedora)
Now, install the Cryptmount Source files using wget command it is necessary to install them in the Linux/Ubuntu Kernel as it is required to install the cryptmount and set up cryptmount’s environment in the Kernel. Execute the following commands for installing Cryptmount tar.gz file after which we can set up the cryptmount.
$ wget -c https://sourceforge.net/projects/cryptmount/files/cryptmount/cryptmount-5.3/cryptmount-5.3.3.tar.gz $ tar -abc cryptmount-5.3.3.tar.gz $ cd cryptmount-5.3.3 $ ./configure $ make $ make install
After installation of Cryptmount, we’ll start using Cryptmount by executing the following command,
After executing the command there will be a series of questions asked to create a file system, and it’ll also ask you to generate a password for your file system for encrypting the file. Firstly, it’ll ask the target name for the filesystem, the user who should own the encrypted file system, the location for saving the file system and size of the file system, creating a filename for the filesystem to access it, asking for the location of the key to save and password for the target name.
In the above image gfg1 is the target name, we leave blank for gfg1 filesystem configuration on who should own it as the user is “root” in this case, then it’ll ask for the destination for the filesystem and key file for the encrypted file system.
To access the encrypted filesystem use the command cryptmount gfg1(target name) after executing this you’ve entered the password generated while creating the encrypted file system.
$ cryptmount gfg1
To move the destination folder/directory where the encrypted filesystem is saved use the cd command. For unmounting the target use –unmount command followed by target name then the encrypted file system will be unmounted.
$ cd /home/crypt2 $ cd $ cryptmount --unmount gfg1
To check the number of encrypted filesystems that exist, use -l switch to list the filesystems. We can also change the password for the target name by using the -c flag. Make sure you remember the previous password created initially, otherwise it is difficult to change the password of the target name again. It’s necessary to have a backup file of the key-file, in any case, the file system is deleted or corrupted then the encrypted file system may affect accessing the file. Remove the entire encrypted filesystem from the directory if you don’t remember the password. The lost data cannot be recovered again.
$ cryptmount -l $ cryptmount -c gfg1
Make use of cmtab and cryptmount man pages to understand the setup process and how the commands are used. For comprehensive guidance on the man page of cryptmount visit here
In the session encrypted filesystem uses ext3, it is possible to specify the filesystem ext2, ext3, etc. For using them and also in the directory /etc/cryptmount/cmtab file. Invocation of cryptmount-setup creates an entry in cmtab so to view the details of that particular filesystem execute the command using cat,
$ cat /etc/cryptmount/cmtab
- dev — option displays the name of filename where the filesystems are to be stored,
- dir option — defines the location to mount the encrypted filesystem
- fstype — specifies the type of filesystem
- cipher — option to choose encryption algorithm to use for the filesystem, for this default is AES
In case there is an encryption built-in kernel or which will be loaded in the kernel module then it’ll be displayed in /proc/crypto. After the command is executed we can see that it displays information of the encrypted filesystem by mentioning the driver used, the module used, size of the block in the filesystem, minimum and maximum sizes.