usage=" # Create can use an encrypted directory # realative to the current working directory. # The mountpoint is entered into /etc/fstab. # # All filenames are set in this script (not optional). # # Script takes one of three option: # create : crate a "cryptfile" # mount : cryptfile via losetup and /dev/loop0 on cryptdir # umount: unmount /dev/loop0 unset loop " # Debug what is done. #set -vx #echo "parameter: $1" # Specify the encryption algorithm : "twofish", "AES128", "aes-256" etc ciphername="twofish256" # File with encryted data: cryptfile="cryptfile${USER}" # mount point: cryptdir="cryptdir" # Size needed for the data in kb: cryptfilesize=100 # Fs for the cryptfile filesystemtype=ext2 ###################### create ######################## if [ "$1" == "create" ] then if [ -a "cryptfile" ] then echo "Cryptfile exists: $cryptfile" echo "Delete $cryptfile first." exit 1; fi # Check if the mountpoint for the cryptfile exists if [ -d "$cryptdir" ] then echo "$cryptdir exists: ok" else echo "mkdir $cryptdir" mkdir $cryptdir #chown ${USER}:users $cryptdir chmod u=rwX $cryptdir fi # Create a cryptfile that serves as medium for writing (like paper). # Done only once, the cryprfile can be overrwritten, reused. # This is where the data is, so do not delete this file later. echo "create: cryptfile with size $cryptfilesize K" dd if=/dev/urandom of=$cryptfile bs=1024 count=$cryptfilesize ll $cryptfile # Module loop_fish2 has to be loaded. if lsmod | grep -q loop_fish2 ; then echo "Module loop_fish2 loaded: ok" else echo "Load module loop_fish2:" echo "Root Password (modprobe):" su -c "modprobe loop_fish2" fi # Setup the encryption filter on the /dev/loop for read/write. # The cryptfile serves as medium (like a disk device). echo Enter first su passwork than crypt-password: echo "Root Password (losetup):" su -c "echo \"Crypt Password (min 8)\" ; \ losetup -d /dev/loop0 2>/dev/null ; \ losetup -e $ciphername /dev/loop0 $cryptfile ; \ losetup -a " # Make a filesystem on the device, hence on the cryptfile. # Also this is done only once as long as the cryptfile is reused. # Fix the rights after mkfs, where root owns some dirs. echo "Root Password (mkfs):" su -c "mkfs.$filesystemtype /dev/loop0 ; \ mount -t $filesystemtype /dev/loop0 $cryptdir ; \ chown ${USER}:users -R $cryptdir ; \ chmod -R go= $cryptdir ; \ chmod -R u=rwX $cryptdir; \ umount /dev/loop0 ; \ losetup -d /dev/loop0 " # You next edit your /etc/fstab to include the following line: # Options ,uid=$UID,gid=$GROUPS do not work. echo add cryptdir to /etc/fstab fstab_line="`pwd`/$cryptfile `pwd`/$cryptdir auto defaults,noauto,loop,encryption=$ciphername,user 0 0" echo $fstab_line echo "Root Password (/etc/fstab):" su -c "echo $fstab_line | cat >>/etc/fstab" echo "Create done." exit 0; fi ###################### mount ######################## if [ "$1" == "mount" ] then echo "Mounting $cryptfile at $cryptdir" # Setup the cryptfile-system as above, # losetup -e $ciphername /dev/loop0 $cryptfile # mount the cryptfile with the filesytem via the /dev/loop # su -c "mount -t $filesystemtype /dev/loop0 $cryptdir" # Use the entry in /etc/fstab: mount $cryptdir # Now IO to the cyptfile-system is open. # cd $cryptdir echo "Done." exit 0; fi ###################### umount ######################## if [ "$1" == "umount" ] then echo "Un-mounting $cryptfile at $cryptdir" # unmount the /dev/loop #su -c "umount /dev/loop0" # Unset the encrypted connection of /dev/loop to cryptfile. # su -c "losetup -d /dev/loop0" # Use the entry in /etc/fstab: umount $cryptdir echo "Done." exit 0; fi ###################### default ######################## echo "ERROR: Unknwon option" printf "$usage\nusage:\n\n $0 [ create | mount | umount ]\n\n" exit 1