The important part of the above command is the "seek" statement, which tells dd to make the file sparse. I used 1G for the file size simply because it was roughly double the size of the sensitive files I wanted to store.
The next thing to do was to mount the loop device, set it up as encrypted, and then format it. To do that, I typed:
I entered my password--twice--and the encrypted part was done. Then it was time to format the device:
Then I mounted my new device:
I changed directory to ~/secrets, copied all my sensitive files into it and I was done.
Of course, I had to now test the system. I reversed the process of mounting my loop device:
Then I checked the filesize using both du and ls and got the following results:
It seemed to me at that point the setup was working as planned. I created a pair of shell scripts to mount and unmount the loop device, and will test the system for a couple of weeks to see if it continues to work well. The one wrinkle I've encountered since going to this new system has been in the copying of the unmounted sparse file, which requires letting rsync/cpio/tar/cp know through an option on the command line. Otherwise, the programs will copy over the set (rather than the actual) file size, which defeats the whole purpose of having a sparse file. I've already modified my backup scripts appropriately.
~~~~~~~~~~~~~~~~~~~~~~~~~