Version 2.4.x of the Linux kernel allowed easy access to encrypted filesystems via the loopback device. While the 2.6 series provides improved facilities in the form of the device-mapper, they are more complicated to use and require superuser privileges. To get back to simplicity, English developer RW Penney created cryptmount, a utility that manages all the details so that a user can just type cryptmount my_filesystem or cryptmount -u my_filesystem to make their data available or hidden.
cryptmount makes it easy for anyone comfortable with the command line to access secure filesystems simply by typing their password. More mainstream encryption tools for Linux typically require users to have administrator rights, or to execute a complicated sequence of operations before using their filesystem or even changing their password, especially if they don’t need their encrypted data every time they boot up or log in. cryptmount allows sensitive personal information to be kept secure until it is actually needed, especially if the user doesn’t need access every day. The package also includes a cryptmount-setup script that lets users interactively set up a basic encrypted filesystem without needing to repartition the hard disk.
Penney says he’s been working on crypmount for more than four years, mostly on his own and in his spare time, “but with some extremely helpful support from many people across the world.” He does his development on a Debian client, using QEMU for virtualizing the many different Linux systems on which he tests cryptmount.
Penney says cryptmount now has most of the command-line features necessary for a wide range of tasks, so he doesn’t anticipate a rapid series of future releases. “However, I’d be very keen to see more internationalization of cryptmount, especially through translations of text messages and manual pages. I’ve had some great support in producing French and German localizations, but more international coverage would be welcome. I’ve also had plans to integrate cryptmount with SELinux for a while, but have had higher priorities elsewhere. Some help in pushing forward the SELinux link would also be valuable. Anyone interested in helping could contact me via the cryptmount pages on SourceForge.net.”