#1 2019-06-14 11:17:48

CanadianClubXXX

Member

From: Barcelona

Registered: 2019-04-23

Posts: 28

secure disk partition with LUKS

Hi,

I have some content I want to secure (anything illegal XDD) and I have created a LUKS (Linux Unified Key Setup) container with a filesystem inside to save securely my data.

dd if=/dev/zero     of=encrypted.img   bs=1      count=0  seek=500M
dd if=/dev/urandom  of=mykey.keyfile   bs=1024   count=1

This two lines create a file that will securely contain our data (encrypted.img) and a key file that only will allow to us to decrypt and access to them (mykey.keyfile). You can use whatever file you want as a key if you don't change it, of course (a photograph, a private key generated with openssl....).

Now we encrypt our disk with LUKS (using cryptsetup, the only required package to be installed, available for sure in every distro).

sudo cryptsetup  luksFormat  encrypted.img  mykey.keyfile

Now, we create an ext4 filesystem inside the container. First we open the container, and then we format as an ext4:

sudo cryptsetup  luksOpen    encrypted.img  myEncryptedVolume  --key-file mykey.keyfile
sudo mkfs.ext4   /dev/mapper/myEncryptedVolume
sudo cryptsetup  luksClose   myEncryptedVolume

LUKS automatically generates a virtual device in /dev/mapper + label we use... so we can directly format them. Finally, we closed the container.

And we are done !

So now we can use it. We have to prepare a path with enough permission to write in, once the disk is mounted. And copy our key file to a secure place (in my case, in a little and old 1GB pendrive I always travel with). Please, backup your keyfile because if we lose it, we lose all the data inside the container.

Finally, I put here (right down) an script (secure.sh) I make to automatically mount and unmount my secure device. I copy the container in my 3 computers, and only travel with the key (pendrive).

I use:

secure up
secure down

to open and close the container. I have to throw an error if the container of the key are not in the right places... but yeah. It works for me. I want to make a little dmenu program to make even easier the mounting and unmounting

I used zulucrypt before, to do absolutely the same... but I had problems installing it in debian10. So I decided to make my own command line utility.

Any thoughts or possible better ways to do anything... will be welcome.

Thx !!

#!/bin/sh
#
# Quick overview:
#
# sudo cryptsetup luksOpen diskImage.iso secureLuks --key-file  ~/.secureKeyFile.txt
# sudo mount /dev/mapper/secureLuks /mnt/secure
#
# sudo umount /mnt/secure
# sudo cryptsetup luksClose secureLuks
#
#
# Many thanks to Mr Will Haley: 
# https://willhaley.com/blog/encrypted-file-container-disk-image-in-linux/
#

CONTAINER_PATH=~/encrypted.img
KEYFILE_PATH=/media/xavi/KINGSTON/mykey.keyfile

if [ $# -eq 0 ]
then
    echo " "
    echo "Correct syntax is:  secure up/down."
    echo " "
elif [ "$1" = "up" ]
then
  sudo cryptsetup luksOpen ${CONTAINER_PATH} secureLuks --key-file "$KEYFILE_PATH"
  sudo mount /dev/mapper/secureLuks /mnt/secure
elif [ "$1" = "down" ]
then
   sudo umount /mnt/secure
   sudo cryptsetup luksClose secureLuks
else
    echo " "
    echo "Correct syntax is:  secure up/down."
    echo " "
fi

Last edited by CanadianClubXXX (2019-06-14 13:01:07)