Cryptography -- You have the right to remain private

... so why don't you seize that right today? Attempts to gain access to your personal data on behalf of governmental agencies as well as the corporates become more insolent by the hour; your only line of defence in this war is strong cryptography without backdoors. The question here is not whether you actually have anything to hide (or think you do/don't), the question is whether you will allow the bastards to violate your privacy like a sheep or fight for your privacy as befits a citizen of the so-called "free world". So why not start today with a GnuPG key which will allow you to put your email in a titanium-grade envelope?

This page is under construction and will eventually cover GnuPG as well as cryptographic filing systems on Linux using the cryptoloop extension. For the time being the main purpose of this page is to publish two very handy scripts to use with the cryptoloop.

• cryptomount: this script makes mounting encrypted image files much easier by uniting the two basic steps (setting up the loop and mounting the image) and removing the need to specify a loop device to use (the script will automatically use the first available loop when mounting and read the loop device from /etc/mtab when unmounting). I suggest you copy this script to /usr/local/sbin/. Usage is as follows:
  • Mounting: cryptomount -e cipher [-k keybits -t vfstype -r] imagefile mountpoint
  • Unmounting: cryptomount -u mountpoint
  where the -e and -k switches are mapped directly to losetup and -t and -r are mapped directly to mount, so consult these manpages for more information. I recently made this script safer by making sure that all parameters can only be specified at most once. This makes it feasible to allow regular users access to the command via sudo while restricting the potential mount points below a special directory (e.g. /mnt/) rather than anywhere in the system. It'd be easier if sudo supported full regular expressions, though...
• cryptohome.sh: this script goes into /etc/init.d/ if you want to mount a cryptoloop image when booting and unmount it when shutting the machine down. It expects the cryptomount script in /usr/local/sbin and has to be adapted for your image file and mountpoint (lines 12, 13). Additionally you'll have to make sure the script is executed at the right time (consult the manpages for your distribution to determine how to achieve that).