Cryptmount – A Utility to Create Encrypted Filesystems in Linux

Cryptmount is a powerful utility that allows any user to access encrypted filesystems on-demand under GNU/Linux systems without requiring root privileges. It requires Linux 2.6 or higher. It handles both encrypted partitions as well as encrypted files.

It makes it as easy (compared to older approaches such as cryptoloop device driver and dm-crypt device-mapper target) for ordinary users to access encrypted filesystems on-demand using the newer devmapper mechanism. Cryptmount helps a system administrator in creating and managing encrypted filesystems based on the kernel’s dm-crypt device-mapper target.

Cryptmount offers the following advantages:

  • access to enhanced functionality in the kernel.
  • support for filesystems stored on either raw disk partitions or loopback files.
  • different encryption of filesystem access keys, enabling access passwords to be modified without re-encrypting the whole filesystem.
  • keeping various encrypted filesystems on a single disk partition, using a designated subset of blocks for each.
  • hardly used filesystems don’t need to be mounted during system startup.
  • un-mounting of every filesystem is locked so that this can only be conducted by the user that mounted it, or the root user.
  • encrypted filesystems compatible with cryptsetup.
  • support for encrypted swap partitions (superuser only).
  • support for creating encrypted filesystems or crypto-swap at system boot-up.

How to Install and Configure Cryptmount in Linux

On Debian/Ubuntu distributions, you can install Cryptmount using the apt command as shown.

$ sudo apt install cryptmount

On RHEL/CentOS/Fedora distributions, you can install it from source. First start installing the required package(s) to successfully build and use cryptmount.

# yum install device-mapper-devel   [On CentOS/RHEL 7]
# dnf --enablerepo=PowerTools install device-mapper-devel [On CentOS/RHEL 8 and Fedora 30+]

Then download the latest Cryptmount source files using the wget command and install it as shown.

# wget -c -O cryptmount.tar.gz
# tar -xzf cryptmount.tar.gz
# cd cryptmount-*
# ./configure
# make
# make install 

After installation successful, it’s time to configure cyptmount and create an encrypted filesystem using the cyptmount-setup utility as superuser, otherwise use the sudo command as shown.

# cyptmount-setup
$ sudo cyptmount-setup

Running the above command will ask you a series of questions to setup a secure filing-system that will be managed by cryptmount. It will ask for target name for your filesystem, user who should own the encrypted filesystem, location and size of the filesystem, filename (absolute name) for your encrypted container, location of the key as well as password for the target.

In this example, we are using the name 'tecmint' for the target filesystem. The following is a sample output of the crytmount-setup command output.

Create Encrypted Filesystem in Linux
Create Encrypted Filesystem in Linux

Once the new encrypted filesystem is created, you can access it as follows (enter the name you specified for your target – tecmint), you will be prompted to enter the password for the target.

# cryptmount tecmint
# cd /home/crypt

To unmount the target run cd command to get out of the encrypted filesystem, then use the -u switch to unmount as shown.

# cd
# cryptmount -u tecmint
Access Encrypted Filesystem
Access Encrypted Filesystem

In case you have created more than one encrypted filesystem, use the -l switch to list them.

# cryptsetup -l 
List Encrypted Filesystems in Linux
List Encrypted Filesystems in Linux

To change the old password for a specific target (encrypted filesystem), use the -c flag as shown.

# cryptsetup -c tecmint
Change Encrypted Filesystem Password
Change Encrypted Filesystem Password

Take a note of the following important points while using this critical tool.

  • Do not forget your password, once you forget it, it’s not recoverable.
  • It is strongly recommended to save a backup copy of the key-file. Deleting or corrupting the key-file implies that the encrypted filesystem will in effect be impossible to access.
  • In case you forget the password or delete the key, you can fully remove the encrypted filesystem and start over, however you will lose your data (which is not recoverable).

If you wish to use more advanced setup options, the setup process will depend on your host system, you can refer to cryptmount and cmtab man pages or visit cyptmount homepage under the “files” sections for a comprehensive guide.

# man cryptmount
# man cmtab

cryptmount enables for management and user-mode mounting of encrypted filesystems on GNU/Linux systems. In this article, we have explained you how to install it on various Linux distributions. You can ask questions or share your thoughts about it, with us via the comment section below.

If you liked this article, then do subscribe to email alerts for Linux tutorials. If you have any questions or doubts? do ask for help in the comments section.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

4 thoughts on “Cryptmount – A Utility to Create Encrypted Filesystems in Linux”

  1. cd cryptmount-5.2.4” should be “cd cryptmount-5.2.4“. “./install” requires a C compiler installed (which I hadn’t), and libdevmapper-devel.

    which I failed to install, in spite of having downloaded the deb package. So it seems that your instructions are far from complete, at least to run on a standard Ubuntu installation.

    • @Agostinho

      True, installing from source on RHEL/CentOS/Fedora distributions requires a C compiler installed and libdevmapper-devel. Allow us to review this and update the article accordingly. Thanks for the useful feedback.


Got something to say? Join the discussion.

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.