7. Using a file instead of a partition

It is just as easy to create an encrypted file system within a file on another file system. This is especially useful if you want to back up this file by burning it to a DVD, etc. You can then easily move the file around to other machines as well.

To initially create a 100MB file containing random data use the following command:

dd if=/dev/urandom of=/mystuff.aes bs=1k count=100000

If you want to change the size of the file, change the count value accordingly. The above command creates 100000 blocks of 1k in size, but you can change this to whatever you like. Just make sure it is not too small to hold the file system you chose. You can choose any file name and path you want instead of /mystuff.aes as long as there's enough space on the partition.

You can then create the encrypted file system within this file, similar to the way it is done above:

losetup -e aes-256 /dev/loop0 /mystuff.aes

Now you can create the file system:


mkfs.ext3 /dev/loop0

and mount it:


mount -t ext3 /dev/loop0 /mnt/crypto

Finally, unmount and detach the loop device:


umount /mnt/crypto
losetup -d /dev/loop0

You can then mount the file system later on as follows:

mount /mystuff.aes /mnt/crypto -oencryption=aes-256

If you want to move the file or burn it to a CD or DVD, make sure you unmount it first.