Some time ago I’ve written an article named 16 GB encrypted candy file describing how to create encrypted filesystem within regular file. After quick research it became clear that cryptoloop is vulnerable and there is open exploit available on the web: see it here (thanks to everybody who commented that article). So I don’t recommend to use cryptoloop but instead take a look at truecrypt that makes it possible not only to encrypt whole storage but also to create encrypted file just like I’ve described in 16 GB encrypted candy file article.
Truecrypt is cross platform disk/file encryption software that is available for windows, mac os and linux. In order to get started visit www.truecrypt.org site and download the latest version of this software (direct link) and install it:
wget -c http://www.truecrypt.org/download/truecrypt-6.3a-linux-x86.tar.gz
tar -xvzf truecrypt-6.3a-linux-x86.tar.gz
When installation is finished you will see Trucrypt item in Gnome menu (if not or use different X manager — type truecrypt in command line). Here how it looks like:
In order to create encrypted file press “Create Volume” button and follow instructions:
Use long passwords like “e07910a06a086c83ba41827aa00b26ed” instead of “123″ or “iloveyou”:
Once encrypted candy is created you can store it on usb flash drive or elsewhere, it doesn’t matter how that storage is formatted — it can be CD or windows formatter ipod.
Use the same utility to open the file — press “Select File” and point to newly created encrypted file, then choose first slot and select “Mount Volume” in drop down menu (it will ask for your sudo password and then password you typed when created the file):
As the result encrypted filesystem will be mounted into /media/truecrypt1 directory:
Copy your sensitive files there and unmount /media/truecrypt1 when done (select “Dismount” in drop down menu).