http://wiki.sabayonlinux.org/index.php?title=HOWTO:_Encrypted_Fake_Partition&feed=atom&action=historyHOWTO: Encrypted Fake Partition - Revision history2013-05-24T22:43:39ZRevision history for this page on the wikiMediaWiki 1.19.4http://wiki.sabayonlinux.org/index.php?title=HOWTO:_Encrypted_Fake_Partition&diff=8716&oldid=prevAzerthoth: New article2010-07-18T21:26:36Z<p>New article</p>
<p><b>New page</b></p><div>=Encrypted Fake Partition=<br />
The goal of this how-to is to create a container on your hard drive that you can encrypt and mount as a new drive. This equates roughly to making a fake partition inside an existing one. It's a great and sneaky way to protect your sensitive data without having to encrypt your whole drive or repartition to make a dedicated storage partition. The size of the article may seem daunting. Don't worry, it's as big as it is because I took the time to explain a few things along the way. For the most part its a cookie cutter procedure.<br />
<br />
This whole operation will be done as root, so you might as well do that now.<br />
{{Console|<pre class="clear">$ su <br />
Password: <br />
</pre>}}<br />
==Step One: Make the container==<br />
<br />
For this we will use dd to create a one gig blank file, or in this case what we will be using for our container.<br />
{{Console|<pre class="clear"><br />
# dd if=/dev/urandom of=/path/to/file bs=1024k count=1024<br />
</pre>}}<br />
This makes dd read (if=) from a random number generator, take that and output it (of=) to a file that you define the name and location of in 1024 kilobyte chunks. The count=1024 make it write 1024 blocks of 1024k, in other words 1 gigabyte. This can take a minute or two, maybe long enough to go grab a cup of coffee.<br />
<br />
==Step Two: Mount the file as a loopback device==<br />
<br />
Next up is to make the computer think that the file is actually a device. This is a simple one liner.<br />
{{Console|<pre class="clear"><br />
# losetup /dev/loop1 /path/to/file<br />
</pre>}}<br />
Now the computer see's the file you made pretty much just as it see's your hard drives, if with a different name.<br />
<br />
==Step Three: Encrypt the new device==<br />
<br />
Now we will encrypt the device. During the process it will ask you to set a password. Make sure it is something you can remember, if you forget or loose the password then the container is a brick. You cant hack or crack into it, which is why we are encrypting it anyways.<br />
{{Console|<pre class="clear"><br />
# cryptsetup -y -s 256 luksFormat /dev/loop1<br />
</pre>}}<br />
<br />
==Step Four: Create a file system==<br />
We have to give the system access to the device now and tell it that it is block device.<br />
{{Console|<pre class="clear"><br />
# cryptsetup luksOpen /dev/loop1 somename<br />
</pre>}}<br />
Finally we are going to make a file system for the container. Without that we cant put things in there. For the example I will be using ext3, you can use whatever you like.<br />
{{Console|<pre class="clear"><br />
# mkfs.ext3 /dev/mapper/somename<br />
(somename is the one you used above)<br />
</pre>}}<br />
<br />
==Step Five: Make a mountpoint==<br />
This will be used later, but it's simple and easy to make a dedicated mount point for it now. You can name it whatever you like, and out of habit I make all my mountpoints in /mnt you can make it where ever you like.<br />
{{Console|<pre class="clear"><br />
# mkdir /mnt/container <br />
</pre>}}<br />
<br />
==Step Six: Cleaning up==<br />
<br />
Everything is done, you have an encrypted container. Lets shut everything down. In the next section I will show you how to bring it up for normal use.<br />
{{Console|<pre class="clear"><br />
# cryptsetup luksClose somename<br />
(somename is the one you used above)<br />
# losetup -d /dev/loop1<br />
</pre>}}<br />
Now your system is back in the condition it was before we started, with the exception that we have our fake partition (or container) all ready to mount up and use.<br />
<br />
=Using The Container=<br />
<br />
This section can be easily scripted, I'll leave that up to you. For this we will be doing it manually step by step.<br />
<br />
==Step One: Mounting it all up==<br />
You have seen most of this already. But this time we will just be setting it up for use.<br />
{{Console|<pre class="clear"><br />
# losetup /dev/loop1 /path/to/file<br />
# cryptsetup luksOpen /dev/loop1 somename<br />
# mount /dev/mapper/somename /mnt/container<br />
</pre>}}<br />
<br />
Where you see `somename` you can make that whatever you want. However it has to be the same name in both commands.<br />
<br />
==Some notes on use==<br />
<br />
At this point the device is ready to use, but right now only root has access to it. Since the device is encrypted, takes a password that only you will use to unlock it, and has to be manually mounted, I just give it full read/write access to make life easier. This can be done with one simple command.<br />
{{Console|<pre class="clear"><br />
# chmod 777 /mnt/container<br />
</pre>}}<br />
That command only has to issued once, ever. You wont have to do it again. You can now access it as a normal user. If you like you can symlink it where ever you want to for ease of use the the `ln -s` command. Example as normal user:<br />
{{Console|<pre class="clear"><br />
$ ln -s /mnt/container ~/<br />
</pre>}}<br />
This will create an easy to use link in the users home directory. You can leave the link there or remove it as you like. I personally don't bother with this step.<br />
<br />
==Step two: Unmounting, Closing, Locking==<br />
So your all done, and you want to close everything up so no one can get at what you have stored. Simple enough, remember unmounting requires you to be root.<br />
{{Console|<pre class="clear"><br />
# umount /mnt/container<br />
# cryptsetup luksClose somename<br />
# losetup -d /dev/loop1<br />
</pre>}}<br />
<br />
=Conclusion=<br />
<br />
All in all it's not too difficult a task. I hope you learned something and I hope you see that securing your data, even on an unencrypted machine is not all that difficult.<br />
<br />
Have Fun<br />
~Az</div>Azerthoth