Setup crypted Partition
You can use a cryptfile, but a partition is more comfortable than a 20gb file and more stable.
Commands - modern encryption - Android 6:
openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > /dev/mmcblk0_foo
cryptsetup -c aes-xts-plain64 --key-size 512 --hash sha512 -y luksFormat /dev/mmcblk0p2 cryptsetup luksOpen /dev/mmcblk0p2 sdhome mkfs.ext4 -j -m 1 -O dir_index,filetype -L homecrypt /dev/mapper/sdhome
Old android:
On a Android 4.0 device i used these settings, because the kernel does not support the cipher above:
cryptsetup luksDump ... Cipher name: twofish Cipher mode: cbc-plain Hash spec: sha1
This works, too:
cryptsetup -c aes-cbc-essiv:sha256 --hash sha256 -y luksFormat /dev/mmcblk0p2
Test:
mount /dev/mapper/sdhome /mnt/sd/ # cop< stuff .. umount /mnt/sd cryptsetup luksClose /dev/mapper/sdhome # retry
Mount the partition in linux bootscript:
busybox mkdir $chrootdir/dev/block/ busybox -o bind /dev/block/ /$chrootdir/dev/block
Then inside the chroot, it can be mounted
cryptsetup luksOpen /dev/block/mmcblk0p2 sdhome mount /dev/mapper/home /mnt/sd