# On-The-Fly-Disk-Encryption without Kernel Module

## RobinVossen

Well my Question is easy.

Does anyone know a On-The-Fly-Disk-Encryption program that does not use a kernel module.

So I need one that only uses Normal Modules (or non at all)

I also dont want to use /proc nor do I want to use /dev Can anyone help me with this?

I just need a OTFDE deamon or something..

I am talking about something like Truecrypt, BestCrypt or ScramDisk (SD4L)

Can anyone help me with this?

I really need this.. please! Anyone ^^

Cheers,

Robin

Will this work?

```
    dd if=/dev/zero of=/tmp/store1 bs=1024 seek=2047 count=1

    cryptsetup create ~/device
```

Should this work?

Ill try it but well maybe I do something wrong or something..

I tryed it but I still get a error same one..

Edit:

What is losetup and more important. How does it work?

Edit:

I found http://linuxgazette.net/114/kapil.html but that doesnt really help I onlt have 7 loop Devices I want to be able to have at least 30 mount points in the same time..

----------

## Adwin

I once wrote a tutorial, available here:

https://forums.gentoo.org/viewtopic-t-401301-highlight-crypted+losetup.html

But this is for losetup.

I have long since then moved to cryptsetup-luks, lvm2 and dm-raid.

I will make another tutorial if I have the time, but google should help you with it.

And yes, you can always dd if=/dev/zero to some file and mount-loop it.

But that would be kindda pointless.

----------

## RobinVossen

Thanks a lot but I understand here that I have to Repartition my drive then?

If I read that I understand that I have to use a partition as Data-Container

But I want to use a Single file as a Data-Container. I want the files to be Portable (So I can store them on a USB Drive and take them with me)

is that possible?

Cheers,

Robin

----------

## Anarcho

 *RobinVossen wrote:*   

> Thanks a lot but I understand here that I have to Repartition my drive then?
> 
> If I read that I understand that I have to use a partition as Data-Container
> 
> But I want to use a Single file as a Data-Container. I want the files to be Portable (So I can store them on a USB Drive and take them with me)
> ...

 

You don't need to repartition. You can create using dd a virtual partition file (as above) and mount it using losetup. Then you have a valid block device (e.g. /dev/loop0). This blockdevice can be used just as a partition. You can use cryptsetup on this loop file or just use crypto-loop. I didn't try it but you should also be able to use truecrypt etc.

Another way would be FUSE and an appropriate plugin.

But transparent encryption without any kernel support will be impossible AFAIK. You have to go through the kernel VFS in order to support all applications with "normal" view on the file system.

----------

## RobinVossen

Ah, well as I understand you only have 7 loop devices to well IU need like 30 or maybe even more..

So can that still be done?

I thought Id just make a Device-File with dd

Then Id give it a file system.

Then id Encrypt that file like file x.

Then I decrypt that file to file y

I mount file y to /mnt/crypt

On logout I umount /mnt/crypt encrypt y back to x and Wish it works..

Can that be done?

Since I dont need a Kernel Mod then. Its not on the fly then but it should work.. (right?)

Cheers,

Robin

----------

## Anarcho

 *RobinVossen wrote:*   

> I mount file y to /mnt/crypt

 

This will already invoke a kernel function  :Wink: 

What you can do is create the loop device file as you said and then crypt/decrypt that complete file with e.g. aespipe oder gpg, yes. But, as you said, that will not be very transparent...

Also I think that it will be possible to get more than just the 7 loop devices.

----------

## RobinVossen

Ok, I can USE kernel stuff  :Wink:  but no extra modules.. Truecrypt adds his own script to the kernel..

I have a Kernel now, but I CANT recompile it..

I know that NOBODY can get in the box. So It doenst has to be TO secure.. 

As long as a Non-Security guy will not notice it (and I have to use a real encryption so not xor or tar  :Razz: )

Ill go to Google and search how to get more loop devices.

And Anarcho, Ill be visiting your Country tomorrow ^^ to the GREAT airport  :Wink:  (again lol)

----------

## Anarcho

 *RobinVossen wrote:*   

> Ok, I can USE kernel stuff  but no extra modules.. Truecrypt adds his own script to the kernel..
> 
> I have a Kernel now, but I CANT recompile it..
> 
> I know that NOBODY can get in the box. So It doenst has to be TO secure.. 
> ...

 

I'm sorry but I haven't quite understand the complete scenario, yet.

Raise the number of loop devices:

For build-in loop device driver add "max_loop=..." to the kernel command line in your bootloader config

For module loop driver add "max_loop=..." to the module parameters

If you go to the airport a little bit more often one could think you work there  :Wink: 

----------

## RobinVossen

 *Quote:*   

> I'm sorry but I haven't quite understand the complete scenario, yet.

 

Well I run in a Virtual PC (OpenVZ) so I cant really change the kernel in a OpenVZ box since its not changeable

THere isnt a Bootloader or anything on that box.. (Weird eh  :Wink: ) Anyhow If I can make more loopDevices with that  *Quote:*   

> 
> 
> ```
> max_loop=...
> ```
> ...

  code In Debian (the Host of Gentoo) I should be fine  :Smile: 

 *Quote:*   

> If you go to the airport a little bit more often one could think you work there 

 

I am planning NOT to work there. Since they run Windows.  :Smile: 

----------

