cryptmount
From Wikipedia, the free encyclopedia
| cryptmount | |
|---|---|
| Design by | RW Penney |
| Latest release | 2.2 / January 20, 2008 |
| OS | Linux |
| Genre | Disk encryption |
| License | GNU General Public License |
| Website | http://cryptmount.sf.net/ |
cryptmount is a software tool for managing encrypted file systems under the GNU/Linux family of operating systems. It uses the device mapper and dm-crypt infrastructure to provide transparent encryption of file systems stored in disk partitions or within ordinary files.
 |
This article or section seems to contain embedded lists that may require cleanup. To meet Wikipedia's style guidelines, please help improve this article by: removing items which are not notable, encyclopedic, or helpful from the list(s); incorporating appropriate items into the main body of the article; and discussing this issue on the talk page. |
The main features of cryptmount are as follows:
- Filesystems can be (un)mounted whenever needed by ordinary users, without requiring superuser/administrator privileges
- Multiple encrypted filesystems can be stored within a single disk partition
- Configuration information about encrypted filesystems is stored within a free-format human-readable file
- Access keys can be protected by a wide range of encryption and hashing algorithms provided by the libgcrypt library
- Access keys can be compatible with the OpenSSL command-line tool, and be stored & backed-up separately from the filesystem that they protect
- Encrypted swap partitions are supported, and can be configured automatically on system boot-up
- An interactive setup script is supplied to allow basic, but effective, encrypted file systems to be created
[edit] Design choices
The design of cryptmount has been driven by a number of choices:
- It should be possible for rarely used encrypted filesystems to be left normally unmounted, but easily made visible when needed
- The setup of loopback devices needed to access encrypted filesystems within ordinary files should occur as transparently as possible
- Any user who knows the access password for an encrypted filesystem should be able to mount it when needed
- There is little value in obscuring information about the choice of encryption algorithm if that information is freely available to anyone who already has superuser privileges — i.e. textual configuration files to which only root has access are not significantly less secure than fixed-format binary information embedded within a disk partition.
- Only a single access password should be allowed on any encrypted filesystem — so that all users who control access to the filesystem have a shared interest in having a strong password, without any individual being able to choose their own a weak password.
