You can use cryptmount
to encrypt a filesystem, also if the filesystem is on a file.
The cryptmount
manual page has a very simple and detailed explanation that I report (modified) here, and it do mention explicitly a file based filesystem.
Step 1
Add an entry in /etc/cryptmount/cmtab
, as follows:
mycrypt {
dev=/media/data/mycrypt dir=/home/enzotib/mycrypt
fstype=ext4 mountoptions=defaults cipher=twofish
keyfile=/etc/cryptmount/mycrypt.key
keyformat=builtin
}
where /media/data/mycrypt
is the support file created by dd
and /home/enzotib/mycrypt
is the desired mountpoint.
Step 2
Generate a secret decryption key
sudo cryptmount --generate-key 32 mycrypt
Step 3
Execute the following command
sudo cryptmount --prepare mycrypt
you will then be asked for the password used when setting up the key
Step 4
Create the filesystem
sudo mkfs.ext4 /dev/mapper/mycrypt
Step 5
Execute
sudo cryptmount --release mycrypt
Step 6
Now mount the filesystem
mkdir /home/enzotib/mycrypt
cryptmount -m mycrypt
then unmount it
cryptmount -u mycrypt
Also, if you need to crypt a directory, encfs
may be worth to take into consideration.
Can you check the contents of /etc/fstab file ?
As its a very important file, backup it first.
sudo cp /etc/fstab /etc/fstab.bak
Instead of doing it on command line, do it using GUI tools please check this
http://www.webupd8.org/2011/11/how-to-mount-partitions-automatically.html
Note: Its a very important file. Please double check before doing any changes.
Update : Looks like you are not able to change settings with pysdm due to some bug in it - "No matter what I do with pysdm - Mount file system in read-only mode, still remains checked."
This can be fixed by manually editing /etc/fstab file . Changed
/dev/sda1 /media/sda1 ntfs nls=iso8859-1,ro,umask=000,user 0 0
to
/dev/sda1 /media/sda1 ntfs nls=iso8859-1,rw,umask=000,user 0 0
or even
/dev/sda1 /media/sda1 ntfs nls=iso8859-1,umask=000,user 0 0
and rebooted the system.
Best Answer
Your procedure is correct, but when mounting a file image as a filesystem you have to add the
-o loop
option to themount
command:Also, the
-t ext3
option is not strictly required, becausemount
can automatically determine the filesystem type.