↓ Twitter is updated more often, so read it! ↓
«
»

HOWTO Set up an encrypted filesystem on Ubuntu Feisty

2007 September 13 1339

I set up an encrypted filesystem image on one of my Ubuntu boxen recently. I won’t tell what is going on mine, but one might use it for personal documents of financial nature or anything that you really don’t want someone to read without having gone through hell trying to decrypt the image or torturing you to get the password.

It was really quite simple.

dd if=/dev/urandom of=/path/to/image bs=1M count=50

This command creates a 50 MB file filled with random bytes. It’s ready to be looped and formatted. Lock it down with sudo chmod 600 /path/to/image.

sudo modprobe cryptoloop;sudo modprobe aes;sudo modprobe loop;

This command inserts the required kernel modules.

sudo losetup -e aes /dev/loop0 /path/to/image

This command puts the image onto a loopback device. You’ll be asked for a password. Be as complex as you can remember.

sudo mkfs.ext3 /dev/loop0

This command formats the image with an ext3 filesystem. You could also use ext2.

mkdir /path/to/encrypted/mountpoint

This command creates the mountpoint so you can have it mount with mount. Lock it down with sudo chmod 700 /path/to/encrypted/mountpoint

sudo vi /etc/fstab

Once in vi or your text editor of choice (pico, emacs, gedit, etc.), add this to /etc/fstab:

/path/to/image /path/to/encrypted/mountpoint ext3 defaults,noauto,loop=/dev/loop0,encryption=aes 0 0
sudo losetup -d /dev/loop0

This command will disconnect the image from the loop device so it can be mounted with mount.

sudo mount /path/to/encrypted/mountpoint

This command will mount the image and you’ll be able to cd into it. You might be asked for a password twice. The first one is your sudo password, the second, the the only one if only once, is your image password. You might want to sudo something else before you mount the image just to make sure that you’re entering the correct password.

sudo umount /path/to/encrypted/mountpoint

This command will unmount the image.

OK, let’s put all this together.

dd if=/dev/urandom of=/path/to/image bs=1M count=50
sudo chmod 600 /path/to/image
sudo modprobe cryptoloop;sudo modprobe aes;sudo modprobe loop;
sudo losetup -e aes /dev/loop0 /path/to/image
sudo mkfs.ext3 /dev/loop0
mkdir /path/to/encrypted/mountpoint
sudo chmod 700 /path/to/encrypted/mountpoint
sudo vi /etc/fstab
echo "Don't forget to stuff to your fstab!"
sudo losetup -d /dev/loop0
sudo mount /path/to/encrypted/mountpoint

If you get stuck, a quick Google search for encrypted loopback will shed some light and further explain things I didn’t.

Category: howto  |  Tags: Tags:  |  Comment (RSS)  |  Trackback

Leave a comment