HOWTO: Encrypted Fake Partition

From Sabayon Wiki
Jump to: navigation, search

Encrypted Fake Partition

The goal of this how-to is to create a container on your hard drive that you can encrypt and mount as a new drive. This equates roughly to making a fake partition inside an existing one. It's a great and sneaky way to protect your sensitive data without having to encrypt your whole drive or repartition to make a dedicated storage partition. The size of the article may seem daunting. Don't worry, it's as big as it is because I took the time to explain a few things along the way. For the most part its a cookie cutter procedure.

This whole operation will be done as root, so you might as well do that now.

$ su 

Step One: Make the container

For this we will use dd to create a one gig blank file, or in this case what we will be using for our container.

# dd if=/dev/urandom of=/path/to/file bs=1024k count=1024

This makes dd read (if=) from a random number generator, take that and output it (of=) to a file that you define the name and location of in 1024 kilobyte chunks. The count=1024 make it write 1024 blocks of 1024k, in other words 1 gigabyte. This can take a minute or two, maybe long enough to go grab a cup of coffee.

Step Two: Mount the file as a loopback device

Next up is to make the computer think that the file is actually a device. This is a simple one liner.

# losetup /dev/loop1 /path/to/file

Now the computer see's the file you made pretty much just as it see's your hard drives, if with a different name.

Step Three: Encrypt the new device

Now we will encrypt the device. During the process it will ask you to set a password. Make sure it is something you can remember, if you forget or loose the password then the container is a brick. You cant hack or crack into it, which is why we are encrypting it anyways.

# cryptsetup -y -s 256 luksFormat /dev/loop1

Step Four: Create a file system

We have to give the system access to the device now and tell it that it is block device.

# cryptsetup luksOpen /dev/loop1 somename

Finally we are going to make a file system for the container. Without that we cant put things in there. For the example I will be using ext3, you can use whatever you like.

# mkfs.ext3 /dev/mapper/somename
(somename is the one you used above)

Step Five: Make a mountpoint

This will be used later, but it's simple and easy to make a dedicated mount point for it now. You can name it whatever you like, and out of habit I make all my mountpoints in /mnt you can make it where ever you like.

# mkdir /mnt/container 

Step Six: Cleaning up

Everything is done, you have an encrypted container. Lets shut everything down. In the next section I will show you how to bring it up for normal use.

# cryptsetup luksClose somename
(somename is the one you used above)
# losetup -d /dev/loop1

Now your system is back in the condition it was before we started, with the exception that we have our fake partition (or container) all ready to mount up and use.

Using The Container

This section can be easily scripted, I'll leave that up to you. For this we will be doing it manually step by step.

Step One: Mounting it all up

You have seen most of this already. But this time we will just be setting it up for use.

# losetup /dev/loop1 /path/to/file
# cryptsetup luksOpen /dev/loop1 somename
# mount /dev/mapper/somename /mnt/container

Where you see `somename` you can make that whatever you want. However it has to be the same name in both commands.

Some notes on use

At this point the device is ready to use, but right now only root has access to it. Since the device is encrypted, takes a password that only you will use to unlock it, and has to be manually mounted, I just give it full read/write access to make life easier. This can be done with one simple command.

# chmod 777 /mnt/container

That command only has to issued once, ever. You wont have to do it again. You can now access it as a normal user. If you like you can symlink it where ever you want to for ease of use the the `ln -s` command. Example as normal user:

$ ln -s /mnt/container ~/

This will create an easy to use link in the users home directory. You can leave the link there or remove it as you like. I personally don't bother with this step.

Step two: Unmounting, Closing, Locking

So your all done, and you want to close everything up so no one can get at what you have stored. Simple enough, remember unmounting requires you to be root.

# umount /mnt/container
# cryptsetup luksClose somename
# losetup -d /dev/loop1


All in all it's not too difficult a task. I hope you learned something and I hope you see that securing your data, even on an unencrypted machine is not all that difficult.

Have Fun ~Az