Utilities for cryptographic filesystems

2009-03-14

cryptfs-utils version 1.0.2 is released:

• Ensures that progress messages are written to the standard error and not to the standard error.
• Removes a useless progress message about the fsck option.
• Ignores and unblocks signals in child processes. This avoids races with child commands which unblock all signals.
• Fix regression: encryption implies loop.

2009-03-12

cryptfs-utils version 1.0.1 is released:

• Does not let ordinary users interrupt device setup commands.
• Always unblocks signals before executing child commands.
• Simplifies device option flag handling.

2009-02-28

cryptfs-utils version 1.0.0 is released:

• Mount options:
  • Fixes support for startsector without numsectors.
  • Makes cipher and ivoffset to imply noluks.
  • Adds support for autoluks.
• Device IDs are represented using major and minor numbers.

The cryptfs-utils package provides mount and umount utilities which can

• decrypt encryption keys required for setting up devices required for mounting cryptographic filesystems
• setup loop devices and device mapper devices required for mounting cryptographic filesystems
• check cryptographic filesystems on opened devices
• mount and unmount cryptographic filesystems
• close and remove device mapper devices and release loop devices

This extends the functionality of the mount and the umount commands by adding support for basic device mapper devices (for the dm-linear and the dm-crypt devices), for key files and scripts and for filesystem checking at mount time while retaining support for loop device encryption. Key files can contain plaintext keys or keys encrypted using GnuPG or OpenSSL.

Key and device setup is controlled using only mount options. Thus, unlike in the case of some other similar solutions, keys, devices and filesystems can and must be specified either in fstab or on the command line (which may be constructed by a tool such as an automounter). Alternative configuration files are neither required nor supported.

Following are the main features of the cryptfs-utils packages:

• Controlled using only mount options thus:
  • Filesystems and mount options can be specified
    • in the /etc/fstab file,
    • using automounter maps or
    • on the command line.
  • Standard mounting permissions apply thus system administrators can permit ordinary users to mount filesystems
    • by adding suitable entries to the /etc/fstab file,
    • by setting up suitable automounter maps or
    • by any other method which allow ordinary users to invoke the mount command directly or indirectly.
  • Additional configuration files are not required (nor supported).
• Supports multiple encryption key sources:
  • Plaintext key files
  • GnuPG encrypted key files (all symmetric ciphers and all public key algorithms are supported)
  • OpenSSL encrypted key files (all symmetric ciphers are supported)
  • Environment variables
  • Key scripts (to be used when built-in sources are not enough)
  • Key source chaining (using contents of plaintext key files as passphrases for symmetric OpenSSL ciphers, for instance)
• Supports standard loop devices.
• Supports Loop-AES loop devices.
• Supports basic device mapper devices (dm-linear and dm-crypt devices).
• Supports filesystem checking at mount time.
• Closes, removes and releases devices when unmounting filesystems.

Utility reference manuals

Downloadable releases are distributed using the File Release System (FRS) provided by SourceForge.net.

Please report bugs using the bug tracker and feature requests and other wishes using the feature request tracker.

The development branch source code can be accessed using Subversion:

svn co https://cryptfs-utils.svn.sourceforge.net/svnroot/cryptfs-utils/dev/trunk cryptfs-utils

See also installation instructions INSTALL.VCS (for building and installing Subversion checkouts), INSTALL (for the common installation procedure) and README (for package specific details).

The source code can also be browsed using a web interface.