Thu 27 Oct 2011
Encrypted FlatFile Volume
Posted by Internat under Bash, Debian, Linux
No Comments
I used to have an encrypted volume on my file server, for storing sensitive things, but after an upgrade to the newest version of Debian, that stopped working. So after some mucking around and getting the old module for cryptoloop put back into my current kernel, I figured i might as well migrate over to the newer version, which uses cryptsetup, losetup, and luks.
Ive shamelessly stolen these commands (although ive changed some of them)from elsewhere..
Create the file system and restricted access.
dd of=/path/to/secretfs bs=1G count=0 seek=8
chmod 600 /path/to/secretfs
Create a loopback device for the file
losetup /dev/loop0 /path/to/secretfs
Creates the volume, asks you for the key, and then creatss the DM mapping
cryptsetup -y luksFormat /dev/loop0
cryptsetup luksOpen /dev/loop0 secretfs
Pad the file so it generates its random data
dd if=/dev/zero of=/dev/mapper/secretfs
Create the filesystem
mkfs.ext3 dev/mapper/secretfs
# Mount the new filesystem in a convenient location
mkdir /mnt/cryptofs/secretfs
mount /dev/mapper/secretfs /mnt/cryptofs/secretfs
And an encrypted volume is setup.
Now how to unmount:
umount /mnt/cryptofs/secretfs
cryptsetup luksClose secretfs
losetup -d /dev/loop0
Remount:
losetup /dev/loop0 /path/to/secretfs
cryptsetup luksOpen /dev/loop0 secretfs
(enter password when prompted)
mount /dev/mapper/secretfs /mnt/cryptofs/secretfs
Now stuff that i can never remember how to do is grow the volume.
Make sure the volume is closed, unmounted etc.
umount /mnt/cryptofs/secretfs
cryptsetup luksClose secretfs
losetup -d /dev/loop0
Add 20gig to the file
dd if=/dev/zero bs=1G count=20 >> /dev/mapper/secretfs
Remount and reopen part of it
losetup /dev/loop0 /path/to/secretfs
cryptsetup lucksOpen /dev/loop5 EncryptedFS
check the FS first
e2fsck -f /dev/mapper/EncryptedFS
once thats done grow it
resize2fs /dev/mapper/EncryptedFS
and your done. You can now open the volume for use