This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new!

Feature: Security

Encrypt filesystems with EncFS and Loop-AES

By Tom Haddon on March 20, 2006 (8:00:00 AM)

Share    Print    Comments   

Encrypted filesystems may be overkill for family photos or your résumé, but they make sense for network-accessible servers that hold sensitive business documents, databases that contain credit-card information, offline backups, and laptops. EncFS and Loop-AES, which are both released under the GNU General Public License (GPL), are two approaches to encrypting Linux filesystems. I'll compare the two and then look at other alternatives.


EncFS provides an encrypted filesystem in userspace and runs without any special permissions. In fact, it's not so much a filesystem as a program that translates requests (encrypting or decrypting them as appropriate) and passes them to the underlying filesystem. It uses the Filesystem in Userspace (FUSE) library and kernel module to provide the filesystem interface, and it uses a pass-through filesystem as opposed to an encrypted block device. With a block device you have to preallocate the size of the data space that you want to encrypt, whereas a pass-through filesystem allows the size of the encrypted data to grow or shrink without being reformatted (because it's being allocated "on the fly"). In contrast to a block device, pass-through encryption exposes metadata about the encrypted files to the regular filesystem on top of which it sits. This means that anyone can see the number of encrypted files, the permissions on the files, the size of each file, and the approximate length of the filenames. With a pass-through system, you can perform backups on a file-by-file basis and, in the case of incremental or differential backups, the backup program will know which files have changed since the last backup, even if the program can't decipher what each file contains.

How you install EncFS depends on which distribution you run. I use Ubuntu Breezy, so installation was as simple as:

sudo apt-get install encfs

This installed all dependencies, including the FUSE library. I needed to add myself to the fuse user group and then log out and back in to be able to run the fusermount command. I also added fuse to /etc/modules so the appropriate kernel module loads on startup. Issue the following command to create an encrypted filesystem:

encfs ~/.crypt/ ~/crypt

When prompted for what options you want to use when creating the filesystem, choose between a default (paranoid) option and an expert option. Choosing expert gives you a number of options, including the encryption algorithm (AES, Blowfish, and blowfish-compat) and the specific key size and block size you want to use (depending on which encryption algorithm you've selected). Choosing expert also prompts you for the password used to determine access to the encrypted filesystem. You can use the encfsctl program to change the password at a later date. The filesystem is then mounted automatically; you can unmount it with this command:

fusermount -u ~/crypt

I threw together the following quick script to allow you to mount and unmount the EncFS encrypted filesystem easily:


    echo "crypt [m|mount|u|unmount]"
    echo " either mounts or unmounts encrypted file system"

    if [ -z $1 ]

    case "$1" in
            "m" | "mount" )
                    /usr/bin/encfs ~/.crypt ~/crypt
                    echo "Encrypted filesystem now mounted"
            "u" | "unmount" )
                    /usr/bin/fusermount -u ~/crypt
                    echo "Encrypted filesystem has been unmounted"
            * )

Examining Loop-AES

I next tried Loop-AES. Loop devices are block devices that don't store any data directly, but rather redirect all reads and writes to an underlying block device or file, possibly encrypting or decrypting data in the process. I chose to write to a file rather than a partition, so you need to modify my Look-AES example slightly if you want to encrypt an entire partition.

First, I installed the kernel-headers Debian package for my kernel, as well as loop-aes-source and the handy module-assistant package. This package does pretty much what you'd expect it to do -- it assists in building kernel modules. Using Loop-AES doesn't require any modification to the kernel, but it does require you to build a kernel module. To do so, as root, type the command:

module-assistant prepare module-assistant build loop-aes

If the module-assistant fails to build the appropriate module for you, you're most likely missing the appropriate kernel configuration files to allow it to do so. You can remedy this by determining which kernel you're using (uname –a) and copying the appropriate /boot/config-xxx file to /usr/src. This file is simply a list of the configuration options for your current kernel in plain text, and you can review it in any text editor.

From /usr/src/linux, type make menuconfig to bring up the text menu for choosing kernel options. Scroll to the bottom and choose "Load an Alternate Configuration File." Type in the path of the copied /boot/config-xxx file, and then save your changes and exit. Module-assistant should now be able to prepare the module correctly. Install it with this command:

apt-get install loop-aes-utils module-assistant install loop-aes

Next, create the filesystem-within-a-file that you want to encrypt using the dd command:

dd if=/dev/zero of=/location/of/file bs=4k count=2560

This creates a filesystem of 10MB, which illustrates one of the major differences between the Loop-AES approach and EncFS: With Loop-AES, you must preallocate the size of the filesystem before usage. This may mean that you end up with a significant amount of unused file space, or that you risk running out of space on your encrypted filesystem. If disk space is at a premium, this trade-off may be unacceptable.

Next, set up the loop device and specify that you want to use AES128 encryption (you can also use AES192 or AES256 for greater security, but with a higher performance hit):

losetup -e AES128 /dev/loop1 /location/of/file

If you don't have /dev/loop1, you can create one with this command:

cd /dev; MAKEDEV loop1

The losetup command prompts you for a password with a minimum of 20 characters. You could create a long, secure password simply with a random sequence of characters, but chances are something this long will require a photographic memory or (more likely) writing it down somewhere, which has its own security implications. Another alternative is to think of a memorable phrase/quote/song lyric and choose the first/last characters from each word. Choosing secure passwords is another article in itself and one that's been covered well elsewhere.

Next, make the filesystem and detach the loop device from it:

mkfs -t ext2 /dev/loop1 losetup -d /dev/loop1

Now, simply create your directory and mount the new encrypted filesystem on it:

mkdir /location/of/mount mount /location/of/file -o loop=/dev/loop1,encryption=AES128 /location/of/mount -t ext2

You'll be prompted again for the password because you're mounting the filesystem. To unmount it, simply type unmount /location/of/mount . You may need to unload your existing loop kernel module and load the new loop module. Also, add loop to /etc/modules to ensure it loads on startup.

Exploring alternatives

Two other programs worth mentioning are dm-crypt and TrueCrypt. dm-crypt leverages the new device-mapper infrastructure that the Linux 2.6 kernel introduced. This infrastructure provides a generic way to create virtual layers on top of real block devices and enables functions such as striping, concatenation, mirroring, and, in this case, encryption, using the new Linux 2.6 Crypto API. Write operations to the device are encrypted while reads from it are decrypted. It allows for filesystem mounting, but you can't access your data without the appropriate key. The cryptsetup package eases the administration of dm-crypt devices, with simple commands such as create, remove, reload, resize, and status. dm-crypt defaults to AES with a 256-bit key.

TrueCrypt holds future promise for Linux filesystem encryption. It can provide a virtual encrypted disk within a file and mount it as a real disk, or you can use it to encrypt an entire disk partition or device, such as a USB flash drive. In other words, it provides an encrypted block device rather than pass-through encryption.

TrueCrypt provides two levels of plausible deniability. First, hidden volumes are essentially composed of an encrypted filesystem hidden within another encrypted filesystem. Second, no TrueCrypt volume can be identified, as the data cannot be distinguished from random data. Furthermore, TrueCrypt offers numerous encryption algorithms, including AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES, and Twofish.

TrueCrypt offers binaries for Windows 2000/XP/2003, for a number of Linux distributions, and in source format. However, TrueCrypt's current version (4.1) has a big disadvantage for the Linux platform -- you cannot use it to create a TrueCrypt volume on Linux. The program is open source and the source code is available, but TrueCrypt was written originally for Windows, and the porting process only provides command-line options to manage a TrueCrypt volume. The volume creation portion is tied into the Windows GUI, and the TrueCrypt team is working on bringing this to Linux as well. Currently you have a number of options to create your TrueCrypt volume, including using a dual boot, another machine, QEMU, or VMware, but each option involves getting yourself to a Windows machine. Additionally, I had problems mounting a TrueCrypt volume that I'd created on Windows, and the Linux documentation is a little scarce. I look forward to the release of Linux TrueCrypt volume-creation utilities and the general polishing up of this program for Linux. It will provide a valuable addition to filesystem encryption.

Finally, David Zeuthen of Red Hat mentions on his blog that he's been working to integrate Linux Unified Key Setup (LUKS), which is the basis for dm-crypt, into the GNOME desktop. This promises to simplify encrypting volumes within GNOME, although the final details of how this will be integrated with existing partition management tools are still being finalized.

In summary, you can find a number of options for filesystem encryption in Linux exist, depending on your needs. The most important thing when choosing which one to use is to be clear about your needs. Will the size of the files you need to encrypt grow or stay static? Do you need to encrypt certain files or entire partitions? What level of security do you need? Answers to these questions will help determine the most appropriate program to use.

Share    Print    Comments   


on Encrypt filesystems with EncFS and Loop-AES

Note: Comments are owned by the poster. We are not responsible for their content.

Mandriva Diskdrake

Posted by: Anonymous Coward on March 21, 2006 10:42 AM
Mandriva Diskdrake makes encrypted and RAID partitions easy as pie. That is one point where Mandriva is still far ahead of the competition. Here is a guide that explains it: <a href="" title=""></a>


In this day and age

Posted by: Anonymous Coward on March 21, 2006 10:18 PM
I have to disagree. In this day and age, the ability to encrypt your data is not overkill under any circumstance. It is now standard operating procedure to seize computers or hard drives during arrests for just about anything. This is before any trial or determination of guilt or innocence. Also, any business of any size, because of the same reasons above, as well as the prevalence of identity theft and other reasons to be concerned about the security of data, needs working, seamless solutions to encryption.

The only thing this article has pointed out is that encrypting data on a GNU/Linux system is at the point where was at when it was called StarOffice 5.2

Star Office 5.2 was barely tolerable, but you knew that it was getting somewhere. You couldn't really transfer your data from/to StarOffice 5.2 because of the incompatibility of file formats at that time (though ps2pdf/pdf2ps and similar command line utilities helped), and because copying/pasting between applications was broken at that time. For those who were using GNU/Linux as their main desktop at that time will understand the comparison of the primitiveness of GNU/Linux in general at that time, and the comparison I'm making to the primitiveness of encryption today.

No mention was made of type of filesystem in use. Will TrueCrypt or the other encryption utilities mentioned work with ReiserFS? How about Reiser 4 which promises to be released and stable some time this century? What about other journaled filesystems, ext3, XFS, others? What about ext2? Or are they limited to just ext2, or all non-journaled filesystems? What about journaled filesystems that just journal their meta-data by default, like ReiserFS, instead of journaled file systems that journal their meta-data and data as well?

The article highlights that encryption on GNU/Linux is primitive and needs help. For single users, there should be the option of encrypting an entire partion (home) or directories within the partition. For a small business, the options should be to encrypt an entire partition (home) which includes every users' home partition, or to encrypt only certain directories under home (certain users' home directories), in addition to encrypting either entire partitions or directories within partitions for data such as financial data, other accounting data, bids, project financials, workers' medical records, personnel records, disciplinary records, customer data, supplier data, pricing data, and more.

Just thinking about a small business person's encryption needs, it is clear that the ability to encrypt data on an entire partition, as well as encrypting data sub-partition such as in smaller directories or at the single file level is needed. And it needs to be seamless.

Any encryption scheme that needs a GNU/Linux guru to understand/install/maintain is unacceptable in this day and age. It is acceptable and par for the course for the guru to use on his own system. But when we have Linux servers at 1/3 of Windows server share and Linux servers continuing to increase their market share at a much higher percentage rate than Windows servers, and Unix server market share still declining in a rising market, and when you consider that Linux server share may have even pulled even or surpassed Windows market share when considering all the free installations out there with Cent/OS and other distros, and you see seamless encryption on Mac systems, and seamless encryption coming to Windows Vista systems, it's time for GNU/Linux commercial distributors to lead, not follow.

It's time for Red Hat, Suse-Novell, Ubuntu, Cent/OS, Debian, Lindows-Linspire, and other distro managers with any commercial aspirations to provide funding for, or to spare the actual developers for developing a seamless encryption scheme that works with the current kernel effort and works with their respective chosen file system solutions.

It's time for distributions with commercial aspirations to lead, not follow on this important area. From HIPAA, to SEC, to various other initialed laws, policies, standards or rules, encryption on GNU/Linux needs to be seamless, built-in, and ubiquitous. While this may mean choosing one scheme over another, its the same difference with Red Hat choosing Gnome, Suse choosing KDE, and others doing the same with their desktop environment choices. Once installed, one can easily switch the default choice to his or her preference, just as one can change desktop environment defaults or which application opens<nobr> <wbr></nobr>.doc or<nobr> <wbr></nobr>.pdf as another example.

So which distro is going to lead, not follow? One other poster points to Mandriva as a disto that has encryption built in by default. While it probably isn't as advances as I stated it needed to be (encrypt files only, directories and files only, partition-wide, on-the-fly, seamless, most (including journaled) filesystems? It may not have all this, but it appears a step in the right direction, and a step that hasn't been taken by most other distros with commercial aspirations yet.

It's time to step up. Who's the player and who's the poser? Is your distro really ready for small and medium businesses? Is your distro really ready for the enterprise? If its lacking seamless encryption, its not. Time to make the change. Or the doughnuts. Your choice.


Re:In this day and age

Posted by: Daniel Carrera on March 22, 2006 04:18 AM
What makes you think Debian has "commercial" aspirations?


Linux Unififed Key Setup

Posted by: Anonymous Coward on March 21, 2006 04:36 AM
Linux Unififed Key Setup (LUKS) (the successor to cryptsetup) is a superior choice for encrypting one's fs. LUKS uses device-mapper crypt-mod to create mapped devices piping one's crypted-device through whatever cipher/hash one has available.

<a href="" title=""></a>

Also your lameness filter can not handle cap-letter words in the title of a post, time to retune it...



Posted by: Anonymous Coward on March 22, 2006 02:45 AM
Imagine this on a hidden wireless memory disk.

Could be hidden inside/behind a wall, under the desk, under the floor or behind a radiator.

Its a memory disk so there are no moving parts that rotate and make noise which reveals its presence.

It is wireless so you can remotely mount it from the computer. Perhaps using WiFI, RF or upcoming wireless USB.


Xandros has integrated dm-crypt

Posted by: Anonymous Coward on March 24, 2006 10:40 AM
Xandros Linux 3.02 has encrypted<nobr> <wbr></nobr>/home folder support integrated into the desktop through the control panel. It is controled through User Manager on the Encryption tab, and offers 11 algorithms including Blowfish and AES.

If you want something as easy to use as Apple's Filevault, I encourage you to check it out.


lower back pain

Posted by: Anonymous Coward on May 28, 2006 01:50 PM
[URL=] Pain relief [/URL]
[URL=] Back Pain [/URL]
[URL=] Pain relief [/URL]
[URL=] Pain relief [/URL]
[URL=<nobr>.<wbr></nobr> htm] Nerve pain relief [/URL]


lower back pain

Posted by: Anonymous Coward on May 30, 2006 12:57 AM
<tt>[URL=<nobr>.<wbr></nobr> htm] Nerve pain relief [/URL]
[URL=<nobr>k<wbr></nobr> pain.htm] Low back pain [/URL]
[URL=<nobr>b<wbr></nobr> ackpainrelief.htm] Back pain relief [/URL]
[URL=<nobr>l<wbr></nobr> es/kneepainrelief.htm] Knee pain relief [/URL]
[URL=<nobr>e<wbr></nobr> lief.html] Pain relief [/URL]
[URL=<nobr>i<wbr></nobr> nrelief/painreliefpreved.htm] Pain relief [/URL]
[URL=<nobr>t<wbr></nobr> ion-Pain-Relief.html] Medication pain relief [/URL]
[URL=<nobr>l<wbr></nobr> -Pain-Relief.html] Natural pain relief [/URL]

[URL=] Pain relief [/URL]
[URL=] Back Pain [/URL]
[URL=] Pain relief [/URL]
[URL=http://painreliefmedic.friendpages.c<nobr>o<wbr></nobr> m] Pain relief [/URL]


Pain relief

Posted by: Anonymous Coward on May 28, 2006 07:09 PM
[URL=] Pain relief [/URL]

  [URL=] Back Pain [/URL]

  [URL=] Pain relief [/URL]
[URL=] Pain relief [/URL]
[URL=<nobr>.<wbr></nobr> htm] Nerve pain relief [/URL]


TrueCrypt Now Creates Linux Volumes

Posted by: Anonymous Coward on July 24, 2006 06:18 PM
Thanks for the introductory article, which I located using Google.

Just worth pointing out that the TrueCrypt software can now create volumes on Linux, as of version 4.2 (April 2006)




pre-allocation fud

Posted by: Anonymous Coward on September 28, 2006 01:51 AM
You pre-allocation command for loop-aes is fud.
Use a sparse file to save disk space.

dd if=/dev/zero of=/location/of/file bs=4k sd if=/dev/zero of=/location/of/file bs=4k seek=2560 count=0

Simple as that. Also I'd recommend dm-crypt over loop-aes or cryptoloop, those are outdated.



Posted by: Administrator on March 21, 2006 11:24 PM
Don't forget, an easy way to mount these, specifically the later example woudl be to set up automount. That would make it quite easy to put on any system, and not have to worry about remembering commands, or writing scripts. You'd CD into it, and be prompted for the appropriate password.


still insufficient

Posted by: Administrator on March 22, 2006 07:39 AM
Filesystem encryption protects data from off-line attacks only. When the encrypted filesystem is mounted, the files on it are no more secure than on an unencrypted filesystem. A process running as root still has the capacity for tremendous damage/compromise.

Per-file encryption, based on proven user/process credentials, is a much more sound solution. It allows discrete privilege management, even of the root UID, while allowing regular file admin (backup, restore, etc.).


Encrypt filesystems with EncFS and Loop-AES

Posted by: Anonymous [ip:] on August 07, 2007 07:13 PM
The process to create a Loop-AES disc is a little random:

What does the -d option do on your dist? On mine it does not exit.
# mkfs -t ext2 /dev/loop1 losetup -d /dev/loop1
mkfs.ext2: invalid option -- d
Usage: mkfs.ext2 [-c|-t|-l filename] [-b block-size] [-f fragment-size]
[-i bytes-per-inode] [-I inode-size] [-j] [-J journal-options]
[-N number-of-inodes] [-m reserved-blocks-percentage] [-o creator-os]
[-g blocks-per-group] [-L volume-label] [-M last-mounted-directory]
[-O feature[,...]] [-r fs-revision] [-R options] [-qvSV]
device [blocks-count]

module-assistant prepare module-assistant build loop-aes
Expected output?
Mine gave this, but I don't know if it worked:
# module-assistant prepare module-assistant build loop-aes
Getting source for kernel version: 2.6.20-16-generic
Kernel headers available in /lib/modules/2.6.20-16-generic/build
apt-get install build-essential
Reading package lists... Done
Building dependency tree
Reading state information... Done
build-essential is already the newest version.
The following packages were automatically installed and are no longer required:
python-crypto cracklib2 python-pexpect python-crack
Use 'apt-get autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.


* You listed this command:
apt-get install loop-aes-utils module-assistant install loop-aes

It won't work. You repeated install twice. loop-aes: What is the repository. I can only see it available from the web page on Sourceforge.
However, still a useful page and I found out about FUSE filesystems. Thank-you.


Encrypt filesystems with EncFS and Loop-AES

Posted by: Anonymous [ip:] on February 13, 2008 06:48 AM
I think it is more important than ever now to encrypt your hard drives. So much so that I built my own live linux distro that encrypts both swap, root and home partitions during the installation using loopAES, it then creates the decryption boot cd that is the only way to decrypt any of the drives.

I mainly use this for my laptop, if it gets stolen, then at least I know they cannot read any of the data. And the worst they can do is to overwrite it with a new operating system. I am not a criminal, terrorist, peadophile, but just a concerned persom about my own privacy, identity theft is on the increase, I have had it once before, never again.


This story has been archived. Comments can no longer be posted.

Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya