Linux: Create an encrypted filesystem inside a file

Create encrypted FS in a file

#Create a file and allocate its size : here 1GB

dd if=/dev/zero of=encrypteddrive bs=1024 count=1048576

#Setup the encrypted file

cryptsetup -y luksFormat encrypteddrive

(enter passphrase and confirm)

#Open the Encrypted device

sudo cryptsetup luksOpen encrypteddrive secretdata

(enter password)

#Create an EXT4 filesystem inside the encrypted file

sudo mkfs.ext4 /dev/mapper/secretdata

#Create a directory to be the mountpoint

mkdir ../mp-encrypted

#Mount the encrypted FS

sudo mount /dev/mapper/secretdata ../mp-encrypted/

#After use, unmount the encrypted FS and close the encrypted file

sudo umount ../mp-encrypted/

sudo cryptsetup luksClose secretdata

Use:

#To access Data, open the file and mount it

sudo cryptsetup luksOpen encrypteddrive secretdata

sudo mount /dev/mapper/secretdata ../mp-encrypted/

#To close after use, unmount the partition and close the file

sudo umount ../mp-encrypted/

sudo cryptsetup luksClose secretdata

Resize the secret file filesystem example: add 2 GB

#Add 2 GB to the file (8 x 256M)

dd if=/dev/zero of=encrypteddrive bs=256M count=8 oflag=append conv=notrunc

#Open the Encrypted device

sudo cryptsetup luksOpen encrypteddrive secretdata

#resize the encrypted partition

sudo cryptsetup resize secretdata

#check the EXT4 filesystem inside the encrypted file

sudo e2fsck -f /dev/mapper/secretdata

#Resize the EXT filesystem

sudo resize2fs /dev/mapper/secretdata

Commentaires

Posts les plus consultés de ce blog

GNS3: Simulating a 100% opensource site2site VPN using Wireguard, VyOS and OpenVSwitch

This is something I had in mind but didn't find the time to accomplish before. It just took a very cold day to convince me that I have to play with Wireguard on VyOS. I used GNS3 of course, on my personal Linux laptop to create this setup. Of course the performance was not that great since it is just a simulation. In real life, I am using Wireguard on a 10 years old Raspberry Pi Model B and amazingly with just a 700MHz single core ARM CPU and less than 512 MB of RAM I had a decent and stable permanent Wireguard tunnel. (My bandwidth would reach 24 Mbps without issue) Back to my simulation, this is what it looks like : Quick explanation: the VYOS routers labeled IPERF1 and IPERF2 are only used for an iperf3 test, which was able to reach about 50 to 60 Mbps each time. It ain't much but it was honest (and free) secure bandwidth! I won't get into the details of this setup but I will just post the two most important configurations : R-East and R-West : #### VYOS WireGuard Site...

GNS3 on Manjaro/Arch Linux: How to create virbr0 for NAT to work

Problem: You can't add a NAT connection to your GNS3 simulation, and you get the error : "ERROR template_manager:226 Error while creating node from template: NAT interface virbr0 is missing, please install libvirt" Steps to resolve: 1- Create a file named /tmp/default.xml 2- Paste this content and save: <network> <name>default</name> <bridge name="virbr0"/> <forward mode="nat"/> <ip address="192.168.123.1" netmask="255.255.255.0"> <dhcp> <range start="192.168.123.2" end="192.168.123.254"/> </dhcp> </ip> </network> 3- Execute the following commands in your shell : virsh net-define /tmp/default.xml sudo virsh net-start default sudo virsh net-autostart default

AutoWG: a simple Bash script to connect two devices with Wireguard

I made today a quite simple BASH script that allows to connect two devices running Wireguard (tested with Debian Linux 12, but should work with any device) You can check it out (and fork it if you want) in this Gitlab Page This is the source code as of now, but I could modify it later (any suggestions are welcome) : #!/bin/bash # # AUTOWG written by Hamdi KADRI # No copyright in any form or kind # This script is intended to create configurations for # a point-to-point Wireguard connection between a server # and a client (/30 network) # # Step zero: declare configurations as variables servercfg="[Interface] Address = <serverwgIP> SaveConfig = true ListenPort = <port> PrivateKey = <server-privatekey> [Peer] PublicKey = <client-pubkey> AllowedIPs = <clientwgIP> " clientcfg="[Interface] PrivateKey = <client-privatekey> Address = <clientwgIP> [Peer] PublicKey = <server-pubkey> AllowedIPs = 0.0.0.0/0 EndPoint = <serverIP...

HK blog

Rechercher dans ce blog