Encrypted filesystems

[david at thekramers.net (David Kramer)]

Who has had positive experience with one of these?  When searching for info 
about encrypted filesystems, 95% of them seem to be either mostly working 
but abandoned, or partly started then mostly abandoned.  Many also require a 
kernel recompile, which I would rather not do.

I'm looking into this for two reasons.  I would like to have encrypted 
content on my server, and I would like to have encrypted content on my USB 
pen drive (Sandisk 1GB).

But it did work.  I created a file-based filesystem:
dd if=/dev/zero bs=1MB count=200 of=testfs
mke2fs -v testfs
mount -o loop testfs /mnt/uni

Then I put stuff on it.  It worked just like a regular filesystem on a 
partition.  Then I unmounted it.

I tried gpg --encrypt-files -r david at thekramers.net testfs
That worked at acceptable speed.  The big downside is that I would have to 
carry around by secret keyring.  Is that a safe thing to do?  To do anything 
meaningful with it you need the passphrase (and I have a nice long one), but 
is that safe?

I tried zip -e testfs.zip testfs
That was a little slower, but worked well.  I don't know how good the 
encryption in zip is; I saw a cracking program for zip files on the 
internet, but I think it was brute force, and you needed at least one sample 
of the original contents.  On the other hand, zip is Windows-compatible, so 
that's a plus.

Both are nice in that if the filesystem is not full, the file gets 
compressed much smaller than the filesystem.  It would be nice to have a 
nontrivial encryptiion program that encrypts in place, so I don't have to 
take up twice the space and have to delete the unencrypted version.


So what do y'all use?