Das Werkstatt

what we do? everything.
http://das-werkstatt.com/forum/werkstatt/

Create encrypted disk image file

http://das-werkstatt.com/forum/werkstatt/viewtopic.php?f=24&t=2239

Page 1 of 1

Create encrypted disk image file

Posted: Wed Jul 29, 2015 1:55 am
by ^rooker
Here's an instruction how to create an image file that behaves like an encrypted partition.
This is useful to conveniently store data securely, handling like a virtual encrypted USB stick.

Create a disk image:
In order to create a 2 GB image file, execute the following command:

Code: Select all

$ dd if=/dev/zero of=4gb_sd.bin bs=1G count=4
Find a free loop device:
The following command should return the name of a loop device that's free for you to use:

Code: Select all

$ sudo losetup -f
In most cases that will be /dev/loop0, since you probably don't have any loops in use.
But if you do, then it will list the next "free" loop device :)

Setup partition encryption (LUKS):
$DEV is a variable for the loop device, assigned to this image. In our example it's "/dev/loop0".
$IMAGE is the image file, created previously using "dd".

Code: Select all

$ sudo losetup $DEV $IMAGE
$ sudo cryptsetup luksFormat $DEV
This will map the image file "4gb_sd.bin" to "/dev/loop0" and initialize the encryption layer. This is where you enter your passphrase.
The "cryptsetup luksFormat" dialog will look somewhat like this:
WARNING!
========
This will overwrite data on /dev/loop3 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Now, open the encrypted partition:

Code: Select all

$ sudo cryptsetup luksOpen $DEV $NAME
You will now be prompted for the passphrase you've entered before:
Enter passphrase for /dev/loop3:
Enter it.
If everything works correctly, it will return nothing.

Partition / format it:

Code: Select all

$ sudo mkfs.ext4 -F -L "$PARTITON_LABEL" "$/dev/mapper/$NAME"
Close the encrypted partition:

Code: Select all

$ sudo cryptsetup luksClose /dev/mapper/$NAME
Links:

Mount / unmount encrypted partition image file

Posted: Wed Jul 29, 2015 2:09 am
by ^rooker
Remove ("unplug") the image:
As long as the loop device is linked to the image, the partition will show up on your Desktop (e.g. on Debian, Ubuntu, etc).
In order for the icon to disappear, unlink the loop:

Code: Select all

$ sudo losetup -d /dev/loop0
(Unmount the partition before, otherwise it will not work ;))

"Plug in" and mount the image:

Code: Select all

$ sudo losetup /dev/loop0 4gb_sd.bin
On Debian, Ubuntu, etc. an icon should now appear on your desktop, labeled "4 GB Encrypted" or similar.
You can now mount/decrypt the data within by a single double-click :D

Re: Create encrypted disk image file

Posted: Fri Aug 14, 2015 2:31 am
by ^rooker
The instructions above were tested using Xubuntu 12.04 LTS.
Unfortunately, there seem to be issues with unmounting the encrypted loop device in a way that the passphrase is forgotten.
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited