[dm-crypt] encryption of single files using cryptsetup ala gpg -c

Arno Wagner arno at wagner.name
Wed May 9 00:26:05 CEST 2012

On Tue, May 08, 2012 at 06:05:30PM -0400, .. ink .. wrote:
> > first, let me say that you are horribly abusing cryptsetup here,
> > with, I am sure, all kinds of repercussions that will come to haunt
> > you. That said...
> >
> > can you expand on this? It seem the most logical step to take after what i
> already have.
> zulucrypt can create encrypted volumes in files,same as truecrypt. It first
> creates a file,put a file system in it and then encrypt the file. how does
> truecrypt create encrypted volumes in files?
> All i seem to be doing is skipping a step,the file system creation step.

Ah. But that is competely different from encrypting a file with
GnuPG. If you encrypt a file with GnuPG, you cannot change any
part without all later blocks becomming unreadable. That is what 
the CFB mode used does. This is a massive gain in security, 
but of course completely unusable to encrypt anything that 
has a filesystem in it that is written to.

If you just put an encrypted filesystem in a file, that is 
basically described in FAQ item 2.3. Is that what you are 
doing? But that is not file encryption. That is still 
filesystem encryption with all its limitations compared to
file encryption, but the advantage that you can change sectors
without influencing others.

As to "static encrypted strings" in the second case, do not worry.
The filesystem already puts plenty of them in there. In fact,
trying a "mount" is a pretty reliable way of determining whether
the right key was used in decryption.

Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 

More information about the dm-crypt mailing list