Encrypting Devices Mini HowTo

Posted on 21 January, 2007 by Spark E.

//=======================//
// Encrypted_HArddrive_Mini Howto
// sparken@sparksonline.org
// June 2005 rev 2 April 2006
//
// Free to Copy or run as a script with
// this header intact please
//======================//

// Using a USB stick but replace /dev/sda with your device
// The device can even be a file just replace /dev/sda with /home/username/somefilename

// This HowTo Assumes you have the cryptoloop module for your kernel and/or
// AES encryption is included. Also the mount and losetup binaries
//Had to be compiled with encryption options included.

// First we scramble the current drive for security
// This will delete all data on it! Backup your data 1st
dd if=/dev/urandom of=/dev/sda

// Now we create an encrypted loop device to act as a scrambler
// for the actual hardware device which is sda, a USB Stick
// Note: your distro may or may not have the encryption ability
// compiled into the mount and losetup commands enabling this to work
losetup -e AES256 /dev/loop0 /dev/sdb
// NOTE: you will only be promted once for the password, no verification, so don’t muck it up
[enter password] // password will need to be at least 20 chars for 256bit encryption

// NOw our device is accesible via the loop
// we need to create a filesystem on it
// I chose ext2 – journaling would only
// make it harder to shred & delete files
mke2fs /dev/loop0
//or more modern systems syntax:
mkfs.ext2 /dev/loop0

// lets mount the device and write data to it
// First make a place to mount it:
mkdir /home/username/crypt

// Now We mount it …
mount -t ext2 /dev/loop0 /home/username/crypt

// Create a test file
touch /home/username/crypt/test.txt

// Set user permissions
chown -R username.usergroup /home/username/crypt

//Unmount the loop
umount /dev/loop0
// Destroy the loop we no longer need it
losetup -d /dev/loop0

// insert the kernal module for encryption
// todo: describe how to do this automagically at boot
modprobe cryptoloop

// ENtry for Fstab – I’ll add the “users” option so that the user can mount it without being root
/dev/sdb /home/username/crypt ext2 noauto,loop,encryption=AES256,sync,users,dev 0 0

// Now users can mount the device by using this command and PW:

mount /dev/sdb
[enter password]

// When you are finished, don’t forget to unmount it
// ( remember to leave that directory (close browser windows) first) then:
umount /dev/sdb

// Voila, you are done

This entry was posted in Linux. Bookmark the permalink.

Comments are closed.