Re: Bug#376588: ITP: cryptomount -- a utility for accessing encrypted filesystems
On 03/07/2006 Baruch Even wrote:
> * Package name : cryptomount
> Version : 1.0.1
> Upstream Author : rwpenney«AT»users«DOT»sourceforge«DOT»net
> * URL : http://cryptmount.sourceforge.net/
> * License : GPLv2 or later
> Programming Lang: C
> Description : a utility for accessing encrypted filesystems
> cryptomount enables the user to simply create and mount an encrypted
> device based on dm-crypt. It can handle either a raw device or a loop
> mounted file as the base for dm-crypt.
> It offers the following advantage:
> * access to improved functionality in the kernel
> * transparent support for filesystems stored on either raw disk
> partitions or loopback files
> * separate encryption of filesystem access keys, allowing access
> passwords to be changed without re-encrypting the entire
> * storing multiple encrypted filesystems within a single disk
> partition, using a designated subset of blocks for each
> * rarely used filesystems do not need to be mounted at system
> * un-mounting of each filesystem is locked so that this can only be
> performed by the user that mounted it, or the superuser
> * encrypted filesystems compatible with cryptsetup
> * encrypted access-keys are compatible with openssl
i like the idea of cryptomount, as it seems to have advantages over
cryptsetup. for example cryptsetup does not support to store multiple
filesystems on one disk out of the box.
nevertheless most of cryptmount seems like a reinvention of cryptsetup,
do you know the cryptsetup package from debian? we have a rather complex
initscript called cryptdisks there, which implements lots of additional
features for encrypted disks.
additional, cryptsetup has support for LUKS devices, which cryptomount
maybe you're interested in joining the maintainer group:
Debian Cryptsetup Team <firstname.lastname@example.org>
we could maintain cryptomount as an additional package or discuss the
possibility to merge the advantages into cryptsetup/cryptdisks.
David Härdeman currently tries to reimplement cryptdisks (the
initscript) as a standalone wrapper for cryptsetup, written in c.
the idea is to implement a system similar to mount, with a /etc/crypttab
and similar syntax.
maybe we can join our efforts to develop a good implementation for
encrypted harddisks in debian :-)