Title: encrypted_filesystem
Subject: This will create a read/write encrypted file system.
REF: http://forums.gentoo.org/viewtopic.php?t=163762

1. Configure kernel:
 cd /usr/src/linux
 make menuconfig

 Device Drivers->Multi-device support (RAID and LVM)->
  [*] Multiple devices driver support (RAID and LVM)
  <M>	Device mapper support
  <M>	  Crypt target support
 Device Drivers->Block-devices->
  <M> Loopback device support
 Cryptographic API->
   <M>   AES cipher algorithms
   <M>   Blowfish cipher algorithm

 genkernel --menuconfig --no-clean --splash=livecd-2007.0 --splash-res=1440x900 all
  
2. Create a loopback file. 
  dd if=/dev/zero of=/home/secret bs=1M count=3500

3. Setup this as a loop device:
  losetup /dev/loop0 /home/secret
  
4. Install cryptsetup
  emerge cryptsetup
  eix cryptsetup

    [I] sys-fs/cryptsetup
    	 Available versions:  0.1-r3 1.0.5-r1 1.0.6-r2 {dynamic nls selinux}
    	 Installed versions:  1.0.6-r2(10:07:14 PM 06/17/2009)(nls -dynamic -selinux)
    	 Homepage:	      http://luks.endorphin.org/ http://code.google.com/p/cryptsetup/
    	 Description:	      Tool to setup encrypted devices with dm-crypt

5. Setup the crypt-device: 
  modprobe dm_mod
  modprobe dm_crypt
  cryptsetup -c aes -y create secret /dev/loop0

    Enter passphrase:	<passphrase>
    Verify passphrase:  <passphrase>

6. Make filesystem on crypto device (ext3 in this case).
  mke2fs -j /dev/mapper/secret

    mke2fs 1.41.3 (12-Oct-2008)
    Filesystem label=
    OS type: Linux
    Block size=4096 (log=2)
    Fragment size=4096 (log=2)
    192000 inodes, 768000 blocks
    38400 blocks (5.00%) reserved for the super user
    First data block=0
    Maximum filesystem blocks=788529152
    24 block groups
    32768 blocks per group, 32768 fragments per group
    8000 inodes per group
    Superblock backups stored on blocks:
  	    32768, 98304, 163840, 229376, 294912

    Writing inode tables: done
    Creating journal (16384 blocks): done
    Writing superblocks and filesystem accounting information: done

    This filesystem will be automatically checked every 36 mounts or
    180 days, whichever comes first.  Use tune2fs -c or -i to override.

7. Mount
  mkdir /mnt/secret
  mount /dev/mapper/secret /mnt/secret
  chmod -R 1777 /mnt/secret

8. Use file system
  rsync -a ~/secretstuff /mnt/secret/

    rsync: failed to set times on "/mnt/secret/.": Operation not permitted (1)

9 (Optional) fstab might look like this
  /dev/mapper/secret     /mnt/secret    ext3           noauto,noatime           0 0

10. Unmount
  umount /mnt/secret
  cryptsetup remove secret
  losetup -d  /dev/loop0

11. Remount
  losetup /dev/loop0 /home/secret
  cryptsetup -c aes -y create secret /dev/loop0
  
    Enter passphrase:   <passphrase>
    Verify passphrase:  <passphrase>

  #
  # If passwd is correct, we will have /dev/mapper/secret
  #
  if [[ -f /dev/mapper/secret ]]; then
      mount /dev/mapper/secret /mnt/secret
  fi