# Cryptographic Filesystems/layers, need tips

## huhmz

So far I have found CFS, TCFS, StegFS and something called Rubberhose.

The Problem with all of those seem to be that they are quite old, works only on 2.2 kernels. Are there no crypto fs/layers that work on 2.4?

Thanks

----------

## daroz

If you're running the crypto kernel, try this...

```

dd if=/dev/zero of=/path/to/some/FILE bs=1k count=<size_in_k>

losetup /dev/loop0 /path/to/some/FILE -e <choose_encryption>

#You'll be prompted for key size and password - ONCE

mke2fs /dev/loop0 <add -j for ext3>

losetup -d /dev/loop0

losetup /dev/loop0 /path/to/some/FILE -e <choose_encryption>

# Enter your key size and password again and we'll fsck the filesystem to make sure you got it right

fsck /dev/loop0

```

If all is good here, mount the filesystem (from /dev/loop0) wherever you need it. If fsck failed, you got the password wrong.

I tried to do the same with an IDE harddrive but ran into odd problems. All examples I've seen like this use files, not harddrives so...

There's also a /proc/ setting somewhere you can see what encryptions options are available. I've heard serpent is pretty decent and yet fast.

----------

## Frank Dittrich

You might want to check loop-aes, see

http://mail.nl.linux.org/linux-crypto/2002-08/msg00016.html

http://sourceforge.net/projects/loop-aes/

For a detailed discussion, see the thread related to the announcement of AES-v1.6e:

http://mail.nl.linux.org/linux-crypto/2002-06/msg00038.html

Make sure you read the README.

Another alternative:

http://www.kerneli.org/cryptoapi/howto/

Whatever method you choose, you´ll have to make sure you still have crypto-fs support after updating your util-linux or your kernel.

I think, encrypted filesystems are especially useful for laptops: just in case it´s stolen, at least the data is protected.

Nevertheless, StegFS could be useful in addition to loop-AES encrypted filesystems. Unfortunately, it doesn´t seem to work with a 2.4 kernel.

Frank

----------

## huhmz

I'll check all suggestions out, Im not sure if i need Plausable Deniability in my country but it would be nice with steganography support.

I'll report whatever findings in this thread.

----------

## Klavs

Found a linux-2.4 stego filesystem for you (long live Google  :Smile: 

http://xena1.ddns.comp.nus.edu.sg/SecureDBMS/nsteg/nsteg.html

Hope you like it - and please remember to tell us what your findings are. I'm going to test too.

----------

## Klavs

Tip from the author - to get nsteg to compile with latest kernels (also works with gentoo-sources) you just run make clean - before you continue as the README says  :Smile: 

Then it works - try it out - and share you experiences in this thread.

----------

## Skorgu

I tried compiling this nsteg package just to test it out, but it doesn't include properly. Compilation runs with warnings, but modprobe fails. I built it on the same machine, under the same kernel, with /usr/src/linux set right. In fact, 2.4.19 has never been on this machine. 

```

caltrop fs # uname -a

Linux caltrop 2.4.20-gentoo-r2 #13 SMP Sun Jun 29 00:36:56 UTC 2003

i686 Pentium III (Katmai) GenuineIntel GNU/Linux

caltrop fs # modprobe nsteg

/lib/modules/2.4.20-gentoo-r2/kernel/fs/nsteg.o: kernel-module version mismatch

        /lib/modules/2.4.20-gentoo-r2/kernel/fs/nsteg.o was compiled for kernel version 2.4.19

        while this kernel is version 2.4.20-gentoo-r2.

/lib/modules/2.4.20-gentoo-r2/kernel/fs/nsteg.o: insmod /lib/modules/2.4.20-gentoo-r2/kernel/fs/nsteg.o failed

/lib/modules/2.4.20-gentoo-r2/kernel/fs/nsteg.o: insmod nsteg failed

```

Hoping someone here has something obvious I'm missing before I go whining to the author. I wasn't able to find immediately where the source sets its kernel version with some simple grep-ing.

----------

