Create encrypted disk image file

Step-by-Step descriptions of how to do things.
Post Reply
User avatar
^rooker
Site Admin
Posts: 1481
Joined: Fri Aug 29, 2003 8:39 pm

Create encrypted disk image file

Post by ^rooker »

Here's an instruction how to create an image file that behaves like an encrypted partition.
This is useful to conveniently store data securely, handling like a virtual encrypted USB stick.

Create a disk image:
In order to create a 2 GB image file, execute the following command:

Code: Select all

$ dd if=/dev/zero of=4gb_sd.bin bs=1G count=4
Find a free loop device:
The following command should return the name of a loop device that's free for you to use:

Code: Select all

$ sudo losetup -f
In most cases that will be /dev/loop0, since you probably don't have any loops in use.
But if you do, then it will list the next "free" loop device :)

Setup partition encryption (LUKS):
$DEV is a variable for the loop device, assigned to this image. In our example it's "/dev/loop0".
$IMAGE is the image file, created previously using "dd".

Code: Select all

$ sudo losetup $DEV $IMAGE
$ sudo cryptsetup luksFormat $DEV
This will map the image file "4gb_sd.bin" to "/dev/loop0" and initialize the encryption layer. This is where you enter your passphrase.
The "cryptsetup luksFormat" dialog will look somewhat like this:
WARNING!
========
This will overwrite data on /dev/loop3 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Now, open the encrypted partition:

Code: Select all

$ sudo cryptsetup luksOpen $DEV $NAME
You will now be prompted for the passphrase you've entered before:
Enter passphrase for /dev/loop3:
Enter it.
If everything works correctly, it will return nothing.

Partition / format it:

Code: Select all

$ sudo mkfs.ext4 -F -L "$PARTITON_LABEL" "$/dev/mapper/$NAME" 
Close the encrypted partition:

Code: Select all

$ sudo cryptsetup luksClose /dev/mapper/$NAME
Links:
Jumping out of an airplane is not a basic instinct. Neither is breathing underwater. But put the two together and you're traveling through space!
User avatar
^rooker
Site Admin
Posts: 1481
Joined: Fri Aug 29, 2003 8:39 pm

Mount / unmount encrypted partition image file

Post by ^rooker »

Remove ("unplug") the image:
As long as the loop device is linked to the image, the partition will show up on your Desktop (e.g. on Debian, Ubuntu, etc).
In order for the icon to disappear, unlink the loop:

Code: Select all

$ sudo losetup -d /dev/loop0
(Unmount the partition before, otherwise it will not work ;))

"Plug in" and mount the image:

Code: Select all

$ sudo losetup /dev/loop0 4gb_sd.bin
On Debian, Ubuntu, etc. an icon should now appear on your desktop, labeled "4 GB Encrypted" or similar.
You can now mount/decrypt the data within by a single double-click :D
Jumping out of an airplane is not a basic instinct. Neither is breathing underwater. But put the two together and you're traveling through space!
User avatar
^rooker
Site Admin
Posts: 1481
Joined: Fri Aug 29, 2003 8:39 pm

Re: Create encrypted disk image file

Post by ^rooker »

The instructions above were tested using Xubuntu 12.04 LTS.
Unfortunately, there seem to be issues with unmounting the encrypted loop device in a way that the passphrase is forgotten.
Jumping out of an airplane is not a basic instinct. Neither is breathing underwater. But put the two together and you're traveling through space!
Post Reply