Dm-crypt is part of the Linux Kernel. Some distributions might not include it in their kernel configurations, however. It is a lot like TrueCrypt: it allows you to mount encrypted files or partitions and decrypt/encrypt them on-the-fly.
Your distro probably comes with a tool to simplify using dm-crypt (also see Tomb below). However, here is how you would manually mount a file-hosted dm-crypt volume. The hashalot tool is used to prompt you for and process your password. This is used both to create the device and access it:
losetup /dev/loop0 ~/encrypted
hashalot -s InsertSaltHere sha256 hexdump -e '32/1 "%02x"'
blockdev --getsize /dev/loop0 crypt aes-cbc-essiv:sha256 \
$HASH 0 /dev/loop0 0 dmsetup create dmDevice
mount /dev/mapper/dmDevice /mnt/encrypted
- Losetup makes the container file (~/encrypted in this case) act like a device.
- The hashalot command prompts you for a password and then hashes it, adding the specified salt. The salt should be random, but it mustn't change.
- The hexdump command puts the binary hashalot output into the format required for dm-crypt
- Dm-crypt is set up on the /dev/loop0 device created by losetup. It uses the password hash created previously. The aes-cbc-essiv:sha256 encryption method is secure, though probably not as secure as Truecrypt's XTS method, which does not appear to be available in official kernel releases as far as I can tell. The dm-crypt device is created as /dev/mapper/dmDevice in this example.
- The device is mounted. Before you do this for the first time, you need to run mke2fs. If you ever enter the wrong password, the device will appear to contain random data and attempting to mount it will fail.
eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux.
Examples can be found in Damien Oh's article How To Encrypt Files in Linux with eCryptfs.
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
Based on Grondilu's post, to encrypt the wallet, from a terminal in the bitcoin parent directory, type:
openssl enc -aes256 -in ./.bitcoin/wallet.dat -out wallet.aes256
openssl enc -d -aes256 -in wallet.aes256 -out wallet.dat
There is a small shell script that automates the whole process of 1) decrypting wallet 2) launching Bitcoin 3) encrypting the wallet afterwards and cleaning up the unencrypted bits. bitcoin-launch-script
CCrypt is a linux command-line utility by Peter Selinger(1) that replaces the Unix crypt command. CCrypt is much more secure than crypt because it uses the Rijndael block cipher, the same encryption algorithm as AES and SSL, the algoirthms of choice for the US government and the commercial banking industry. The command line syntax for ccrypt is a bit simpler than openssl because it doesn't require the user to select an encryption algorithm or name the output file, but merely specify the direction (encrypt or decrypt).
or in a Debian distribution like Ubuntu just execute
sudo apt-get install ccrypt
To encrypt your wallet:
To decrypt the file created above:
or ccrypt -d ~/.bitcoin/wallet.dat.cpt
Tomb is a simple tool to manage encrypted storage on GNU/Linux.
Tomb generates encrypted storage files to be opened and closed using their associated keyfiles, which are also protected with a password chosen by the user.
A tomb is like a locked folder that can be safely transported and hidden in a filesystem; its keys can be kept separate, for instance keeping the tomb file on your computer harddisk and the key files on a USB stick.
Open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux. True Crypt creates a virtual encrypted disk within a file and mounts it as a real disk.
Open-source software for Linux. xorsplit copies a file into 3 separate backup files. Any two of the backup files are sufficient to reconstruct the original -- but any one of the files will yield at most half of the original information (the odd bytes or the even bytes).
Optionally, each of the backup files can be encrypted with a password.
Home page, Download, Donation, and Documentation
xorsplit file -- splits the file into file.1, file.2, and file.3
xorsplit-p file -- same, but requesting a password (no password means no encryption)
xorsplit file.3 file.1 outfile -- combine file.1 and file.3 into outfile.
xorsplit-p file.3 file.1 outfile -- same, after using the password to decrypt
GNU Privacy Guard
GnuPG allows to encrypt and sign your data.