# Sample configuration file for cryptmount

# The following target uses a raw file to act as a LUKS encrypted container.
# cryptmount will automatically configure a vacant loopback device on mounting
crypt_basic {
    dev=/home/crypt.fs
    dir=/home/some_username/crypt
    fstype=ext4
    keyformat=luks
}

# The following target uses a raw file to contain the encrypted fs
# but uses a separate key-file managed via libgcrypt
crypt_detached {
    dev=/home/crypt.fs
    dir=/mnt/crypt
    fstype=ext3         mountoptions=defaults
    cipher=aes
    keyfile=/home/secretiveuser/crypt.key
    keyformat=libgcrypt
}


# The following target uses part of a raw disk partition as the encrypted fs:
# (sectors 512-16895 are used here. Remove the 'startsector' and 'numsector'
# parameters to use the whole partition.)
crypt_sdb63 {
    dev=/dev/sdb63      startsector=512 numsectors=16384
    dir=/mnt/crypt63
    fstype=ext3         mountoptions=defaults \
    cipher=serpent      # filesystem encryption

    # information about file used to store decryption key:
    keyfile=/etc/cryptmount/crypt_sdb63.key
    keyformat=openssl-compat keyhash=md5 keycipher=bf-cbc
}


# The following target uses part of a raw disk partition to create
# an encrypted swap (paging) area.
crypto_swap {
    dev=/dev/sdb63      startsector=16896 numsectors=1024
    fstype=swap         flags=mkswap
    cipher=twofish
    keyfile=/dev/random        keymaxlen=16
    keyformat=raw
    bootaction=swap
}
