Like many people that have multiple locations, I sometimes have to get in my car and sneaker-net a hard drive to another facility. Sometimes I ship them via FedEx. In any event, whenever I take a hard drive out of my business, I run the risk of becoming another statistic. These days, it seems that a month doesn't pass where some high profile data has been breached. It happens frequently enough that there's a blog devoted to it.
Anyway, I've been looking for ways to encrypt the drives I transport. It looks like the "best" way is to use TrueCrypt for encrypting the entire device. It's cross platform (Windows, MacOS, and Linux) and has a great interface and is pretty easy to script.
My problem is that it is a comparative pain in the butt to get running on my platform of choice (CentOS/RHEL5). If you look, the only supported Linux versions are Ubuntu and SLES. Yes, I can compile from the source, and I have to test things, but I don't want to have to manually recompile things on production servers. I suppose I could compile it once and package an RPM if I had the time and knowledge (and the time to acquire the knowledge). Instead, I decided that it wasn't the solution for me, unless it was the only solution available. So I kept searching.
Today I chanced upon what I think is a great solution. Using the dm-crypt software along with built in loop devices, it's possible to encrypt a device without using any non-native software.
In the (hopefully) unlikely event that the link I pointed to goes away, here is the (much abridged) process:
If you're using a file, rather than a device (to have an encrypted volume sitting on an otherwise unencrypted filesystem), create the file, here using 'dd':
dd of=/path/to/secretfs bs=1G count=0 seek=8
Setup the loop to point to your file/device:
losetup /dev/loop0 /path/to/secretfs
Create the encrypted volume with cryptsetup:
cryptsetup -y create secretfs /dev/loop0
Create the filesystem on the device:
Mount the encrypted filesystem:
mount /dev/mapper/secretfs /mnt/cryptofs/secretfs
And now you have access.
To remove the filesyste, perform the last few steps in reverse:
cryptsetup remove secretfs
losetup -d /dev/loop0
Whenever you want to remount the device, just follow all the steps above that don't use dd or create filesystems.
There you go, an easy way to have encrypted volumes on your CentOS/RHEL machines.