cryptmount - a utility for accessing encrypted filesystems

cryptmount command-line screenshot cryptmount is a utility for GNU/Linux operating systems which allows an ordinary user to mount an encrypted filing system without requiring superuser privileges. It is aimed at recent Linux systems using the 2.6 kernel series.

There are currently two main approaches to using encrypted filesystems within the linux kernel:

The (older) cryptoloop system has grown in parallel with the loopback device-driver of 2.4 kernel series, but has now been superseded by the device-mapper capabilities of the 2.6 kernel series. The newer devmapper system offers a cleaner organization of encryption and device-access, and superior performance has been noted. Alternative user-space tools which allow individual files to be encrypted are also widely available, but allow some information about file sizes & organization to be exposed.

With the older cryptoloop system, it was possible to describe all the details of an encrypted filesystem within /etc/fstab so that it could be configured completely by 'mount'. This meant that it was particularly easy to give any user permission to mount those encrypted filesystems simply by providing the 'user' option within /etc/fstab.

With the newer device-mapper infrastructure, there are more stages involved in mounting an encrypted filing system, and neither does 'mount' currently allow this nor does the syntax of /etc/fstab lend itself to describing all the necessary filesystem parameters. This is especially so if the filesystem is stored in an ordinary file, which would require separate configuration of a loopback device and a devmapper target before the filesystem could be accessed.

cryptmount was written to make it as easy for ordinary users to access encrypted filesystems on-demand using the newer devmapper mechansism as it was to use the older, now deprecated, cryptoloop methods. This offers the following advantages:

There are a number of different ways of accessing encrypted filesystems under linux, each with their own strengths and weaknesses. Some of the closest alternatives to cryptmount are as follows:

cryptmount is hosted on Sourceforge, where you can download the latest release, and is also listed on FreshMeat. cryptmount is also currently available as a Debian package (within release 7.0, "Wheezy"), as an Ubuntu package (within the "Saucy" release), and as a Gentoo overlay.

The manual pages of cryptmount-4.5.1 for the executable and its configuration file are also available online.

The author would welcome constructive feedback on this webpage or on cryptmount itself. These can be sent to rwpenney«AT»users«DOT»sourceforge«DOT»net .


Last updated 15 February 2014
© Copyright RW Penney, 2006-2014