You also could construct a blank file of the desired size, then mount it using the loopback device, encrypt it using luks, put a filesystem on it, and you would have a secure container for sensitive stuff.
You would need a couple of scripts to mount and open it, and later close and dismount it, but once you had those scripts worked out it would work transparently and would have good security. You could even have a pop-up requester (using kdialog or the equivalent for whatever desktop you are using) that would ask for the password when you tried to access that filesystem, and the mount/unmount scripts could be executed from a desktop icon.
Here is the basic procedure to do this:
1. Create your container file:
- Code: Select all
dd if=/dev/zero of=container bs=1M count=10
This will create a 10M container. Adjust as necessary to make the size what you want. I called the file "container"; you can use whatever name suits you best.
2. As root, attach your container to a loop device:
- Code: Select all
losetup /dev/loop3 container
I used loop3, but you actually may choose loopN where N is some digit (not sure what the maximum is).
3. As root, encrypt your container:
- Code: Select all
cryptsetup luksFormat /dev/loop3
You will be prompted to enter your passphrase; do it twice.
4. As root, open your encrypted container:
- Code: Select all
cryptsetup luksOpen /dev/loop3 crypt-loop3
Now, if you look in /dev/mapper, you will see an entry crypt-loop3
5. As root, create a filesystem on your encrypted container:
- Code: Select all
mkfs /dev/mapper/crypt-loop3
Now, you can mount this device on any convenient mountpoint. If you create a folder called mymnt in your home directory, as root:
- Code: Select all
mount /dev/mapper/crypt-loop3 mymnt
Now, if you cd mymount, you are inside your encrypted filesystem in your container. And this container is fully portable; you can copy it to another volume and take it with you. You just have to attach it to a loop device, open it, and mount it to use it anywhere.
I will leave how to nicely shut this down as an exercise for the reader, but basically, you dismount it, then close it, then detach it from the loop device.