View previous topic :: View next topic |
Author |
Message |
edwindoebler n00b
Joined: 07 Jan 2009 Posts: 8
|
Posted: Tue Jul 21, 2009 10:14 pm Post subject: Making an encrypted "folder" |
|
|
So my lappy's hdd is encrypted with dm-crypt, but I wanted to have a seperate folder that I can leave locked until I want to save/view something. This is what I came up with after searching the internets for a little while, and I'm writing it down here so I can find it if I forget what I did somewhere down the road.
First I created an empty file. I chose 100MB because I didn't need much room.
Code: | dd if=/dev/urandom of=./file.img bs=1M count=100 |
Then used losetup to create a block device using that file (or whatever it does)
Code: | losetup -f file.img
losetup -a
/dev/loop/0: [fd01]:5488872 (/file.img) |
Then encrypt and open it with cryptsetup:
Code: | cryptsetup -y --cipher serpent-cbc-essiv:sha256 --key-size 256 luksFormat /dev/loop/0
cryptsetup luksOpen /dev/loop/0 crypt |
Format and mount:
Code: | mkfs.ext3 /dev/mapper/crypt
mkdir /mnt/crypt
mount /dev/mapper/crypt /mnt/crypt |
From here I used it as a normal mounted device. To close it out, here is what I did:
Code: | umount /mnt/crypt
cryptsetup luksClose /dev/mapper/crypt
losetup -d /dev/loop/0 |
Bit of work, but file.img can be named whatever you want, and put wherever you want and will still work. I know losetup has an encrypt option, but I thought cryptsetup was a better choice. I've been out of things for a bit so I'm sure I've made this out to be more work than it needs to. Comments are welcome! |
|
Back to top |
|
|
Sadako Advocate
Joined: 05 Aug 2004 Posts: 3792 Location: sleeping in the bathtub
|
Posted: Tue Jul 21, 2009 10:30 pm Post subject: |
|
|
If you want to make it even better, you could "append" the encrypted file onto a binary file, like a 600 mb avi video file, both losetup and cryptsetup support starting at offsets within the file/device specified.
It'd be easy to have a script around this to make setting it up easier, however I get the impression you want no trace left, so are you doing anything about your shell history? _________________ "You have to invite me in" |
|
Back to top |
|
|
edwindoebler n00b
Joined: 07 Jan 2009 Posts: 8
|
Posted: Tue Jul 21, 2009 10:42 pm Post subject: |
|
|
Hopeless wrote: | If you want to make it even better, you could "append" the encrypted file onto a binary file, like a 600 mb avi video file, both losetup and cryptsetup support starting at offsets within the file/device specified.
It'd be easy to have a script around this to make setting it up easier, however I get the impression you want no trace left, so are you doing anything about your shell history? |
I like the idea. Don't quite know how to do that yet (appending) but I'll look around. I read a few things on stenography (sp?) and figured I'd play around with things.
And I'll be doing something about my shell history now |
|
Back to top |
|
|
Sadako Advocate
Joined: 05 Aug 2004 Posts: 3792 Location: sleeping in the bathtub
|
Posted: Tue Jul 21, 2009 10:58 pm Post subject: |
|
|
If you add HISTCONTROL="ignorespace" to your shell profile (for example I have it in my /etc/bash/bashrc), then any command you enter preceeded by a space isn't saved in your history, which is quite useful.
As for appending, just record the size in bytes of a file (du -b filename), append your loopback image to the file with cat (cat file.img >> filename), then append the size in bytes of the loopback image to the losetup command with --offset, for example `losetup -f file.img -b 1234567`.
Only tricky thing is to remember the offset, but you can pick a number higher than what du reported, something easier to remember, although you should probably fill the space between the end of the (for example) avi file and the offset where the loop device begins with random data.
Although you'd still have the luks header... _________________ "You have to invite me in" |
|
Back to top |
|
|
edwindoebler n00b
Joined: 07 Jan 2009 Posts: 8
|
Posted: Wed Jul 22, 2009 1:33 am Post subject: |
|
|
Thanks, I've got appending figured out.
As far as losetup goes, this is what I did.
My original filesize for the test was 81 (found through ls -la file). My test appendage (lol) was 10mb in size.
After the 'cat image.img >> oldfile.txt', I did:
Code: | losetup -f oldfile.txt -o 81 |
I had set up the appendage using cryptsetup, and it still opened up and accepted my password so I guess the luks header didn't get screwy. Thanks for the help!
I also uncommented the "clear" option in my /etc/bash/bashrc. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|