Intro / Reasoning
While I do use full partition encryption using LVM+LUKS, I have a few files on Dropbox that I want to be encrypted there as well. So, I have chosen to use file containers.
And now that TrueCrypt is no longer trusted,
and I no longer use any of the files I had
put in TrueCrypt containers under Windows,
I have switched to using just
This topic has been covered in a lot of places by a lot of people, but it has been simplified across the years. And, I’m using the steps out of a couple articles, which makes it annoying every time I try to remember and then find the steps. So, I’m posting them here, because I think I can remember my own site!
Preparation / Creating the container
Here we are going to create the container, generate and add a random LUKS key, put a file system on it and set up a directory to mount it to.
Almost all of these commands require root privileges, so take whatever means you need to do that first; I’m using CrunchBang, a port of Ubuntu.
# Simplify pathing; change to your working directory cd ~/Dropbox # switch to super-user sudo su # install cryptsetup if needed apt-get install cryptsetup # create the container; I'm making # a 256M container: dd if=/dev/urandom of=test.bin bs=1M count=256M # set it up for luks; answer caps YES cryptsetup luksFormat test.bin # it will prompt you twice for a password # now add an extra key so you don't # have to type the password every # time you want to use the container # - add the directory if needed mkdir -p /etc/keys # - make the key w/ 2K of random text dd if=/dev/urandom of=/etc/keys/test.key bs=512 count=4 # - change the key so only root can read chmod 400 /etc/keys/test.key # - assign the key to the next slot for test.bin cryptsetup luksAddKey test.bin /etc/keys/test.key # open the container using our key; maps it to /dev/mapper/test cryptsetup luksOpen test.bin test -d /etc/keys/test.key # create a file system in it (so we can actually use it) mkfs.ext2 /dev/mapper/test # create a directory to mount to, # and give yourself ownership mkdir /mnt/test mount /dev/mapper/test /mnt/test chown damon:damon /mnt/test # we can close it for now umount /mnt/test cryptsetup luksClose test # and exit the super user exit
Subsequently using the container
Now, we have created the file container,
and it’s ready to go for future use.
still requires root permissions, but here
we only have a couple commands so I’ll sudo
instead. In the future you just:
# 1. open the container cd ~/Dropbox sudo cryptsetup luksOpen test.bin test -d /etc/keys/test.key # 2. mount it sudo mount /dev/mapper/test /mnt/test # 3. make our changes cd /mnt/test touch urFace rm urFace # take his face... off # 4. unmount it cd sudo umount /mnt/test # 5. close the container sudo cryptsetup luksClose test
And that’s it.