- 1 dm-crypt
- 2 eCryptfs
- 3 OpenSSL
- 4 Tomb
- 5 True Crypt
Dm-crypt is part of the Linux Kernel. Some distributions might not include it in their kernel configurations, however. It is a lot like TrueCrypt: it allows you to mount encrypted files or partitions and decrypt/encrypt them on-the-fly.
Your distro probably comes with a tool to simplify using dm-crypt (also see Tomb below). However, here is how you would manually mount a file-hosted dm-crypt volume. The hashalot tool is used to prompt you for and process your password. This is used both to create the device and access it:
losetup /dev/loop0 ~/encrypted HASH=`hashalot -s InsertSaltHere sha256 | hexdump -e '32/1 "%02x"'` echo 0 `blockdev --getsize /dev/loop0` crypt aes-cbc-essiv:sha256 \ $HASH 0 /dev/loop0 0 | dmsetup create dmDevice mount /dev/mapper/dmDevice /mnt/encrypted
- Losetup makes the container file (~/encrypted in this case) act like a device.
- The hashalot command prompts you for a password and then hashes it, adding the specified salt. The salt should be random, but it mustn't change.
- The hexdump command puts the binary hashalot output into the format required for dm-crypt
- Dm-crypt is set up on the /dev/loop0 device created by losetup. It uses the password hash created previously. The aes-cbc-essiv:sha256 encryption method is secure, though probably not as secure as Truecrypt's XTS method, which does not appear to be available in official kernel releases as far as I can tell. The dm-crypt device is created as /dev/mapper/dmDevice in this example.
- The device is mounted. Before you do this for the first time, you need to run mke2fs. If you ever enter the wrong password, the device will appear to contain random data and attempting to mount it will fail.
eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux.
Examples can be found in Damien Oh's article How To Encrypt Files in Linux with eCryptfs.
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
Based on Grondilu's post, to encrypt the wallet, from a terminal in the bitcoin parent directory, type:
openssl enc -aes256 -in ./.bitcoin/wallet.dat -out wallet.aes256
openssl enc -d -aes256 -in wallet.aes256 -out wallet.dat
There is a small shell script that automates the whole process of 1) decrypting wallet 2) launching Bitcoin 3) encrypting the wallet afterwards and cleaning up the unencrypted bits. bitcoin-launch-script
Tomb is a simple tool to manage encrypted storage on GNU/Linux.
Tomb generates encrypted storage files to be opened and closed using their associated keyfiles, which are also protected with a password chosen by the user.
A tomb is like a locked folder that can be safely transported and hidden in a filesystem; its keys can be kept separate, for instance keeping the tomb file on your computer harddisk and the key files on a USB stick.
Open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux. True Crypt creates a virtual encrypted disk within a file and mounts it as a real disk.