Last active
December 11, 2015 19:28
-
-
Save chanux/4648160 to your computer and use it in GitHub Desktop.
Portable encrypted vitual disk.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
How to create encrypted virtual disk (with luks) | |
1) First we create a file with random data in it. You can chose a size that matches your needs. In this example I’m making a 20MB virtual disk so I will create a 20MB file in this step. | |
$ dd if=/dev/urandom of=~/sekret bs=1M count=20 | |
Here, the dd command creates 20 1MB blocks and fill it with random data. ~/sekret means that we create the device named sekret in your home directory. You can chose a file name you like and also a path you like. | |
2) Next we need to create a block device from the file. For that find a free loop device with | |
$ sudo losetup -f | |
And use that loop device and create the block device. Let’s assume /dev/loop0 is free. | |
$ sudo losetup /dev/loop0 ~/sekret | |
3) Now we need to luks format the device. FYI: LUKS stands for Linux Unified Key System. | |
$ cryptsetup luksFormat -c aes-cbc-essiv:sha256 /dev/loop0 | |
This will warn you that the data in /dev/loop0 are gonna be overwritten. Hope you are confident enough to say yes. Then you are required to enter a pass-phrase for this encrypted this. Chose a powerful pass-phrase here. And then confirm the pass-phrase. The process will report success if we are lucky. | |
4) Map the crypto partition with | |
$ sudo cryptsetup luksOpen /dev/loop0 mycrypt | |
To be sure about the success run $ sudo dmsetup ls | |
This will output something like mycrypt (252, 0). | |
5) Now we create file system on the device we created. $ sudo mkfs.ext3 /dev/mapper/mycrypt | |
This will create EXT3 file system on the device. You can format it with your choice of file system. At the successful finishing of formatting, we have our own encrypted disk ready to use. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# This script allows easy mounting/unmounting of your encrypted disks created | |
# with dm-crypt and LUKS (Linux Unified Key System) | |
# Read more on http://wp.me/p1rVu-ae | |
#check for required programs | |
type -P dmsetup &>/dev/null || { echo "dmestup rquired but not installed. Aborting." >&2; exit 1; } | |
type -P cryptsetup &>/dev/null || { echo "cryptsetup rquired but not installed. Aborting." >&2; exit 1; } | |
CRYPTDEV=cryspdev | |
TEMPFILE=/tmp/crysp-$SUDO_USER | |
usage(){ | |
echo "Usage:" | |
echo -e "\t $0 mount /encrypted/virtual/disk /mount/point" | |
echo -e "\t $0 umount /mount/point" | |
exit 1 | |
} | |
case "$1" in | |
mount) | |
if [ $# != 3 ];then | |
usage | |
fi | |
LOOPDEV=$(losetup -f) | |
echo $LOOPDEV > $TEMPFILE | |
losetup $LOOPDEV $2 | |
cryptsetup luksOpen $LOOPDEV $CRYPTDEV | |
mount /dev/mapper/$CRYPTDEV -rw $3 | |
chown -R $SUDO_USER $3 #workaround to allow nautilus r/w access to the mount | |
;; | |
umount) | |
if [ $# != 2 ];then | |
usage | |
fi | |
LOOPDEV=$(cat /tmp/crysp-$SUDO_USER) | |
sync | |
umount $2 | |
cryptsetup luksClose $CRYPTDEV | |
losetup -d $LOOPDEV | |
;; | |
*) | |
usage | |
;; | |
esac | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment