bobs
/
Luks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Luks Encrypt a Disk Image
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
173 KiB
 
Tag: Branch: Tree: 64ca764143
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '64ca764143'
${ noResults }
Luks/README.MD

2.6 KiB
Raw Blame History Escape

LUKS-Encrypted Disk Images on Linux

Using your package manager: (apt, etc...) install the following:

Requires: cryptsetup [Example:$ sudo apt install cryptsetup]

As well as: losetup, mount, umount, findmnt, blkid

Optional: VBoxManage (VirtualBox), virsh (libvirt)

1st Make a symbloic link to your bin path:

sudo ln -s "$(pwd)/luks-img.sh" /usr/local/bin/

Make a folder for images and change into it.

mkdir -p "$HOME/DiskImages"
cd "$HOME/DiskImages"

Quick Starts

Have a passphrase ready in mind and then [mydisk.img could be named anything useful like mydocs.img etc...]:
1) Create & mount a new 4 GB encrypted image:
sudo luks-img.sh create --file mydisk.img --size 4G

2) Close (unmount, close mapper, detach loop):
sudo luks-img.sh close --file mydisk.img

3) Open & mount an existing image [note its easyer if you name the /mnt/mydisk path something like /mnt/mydocs etc... to match the image name]:
sudo luks-img.sh open --file mydisk.img --mount /mnt/mydisk

4) Change DIR perms and change into it.
sudo chown $USER:$USER /mnt/mydisk
cd /mnt/mydisk

NOW copy data to it, and use it...

5) Backup the LUKS header:
sudo luks-img.sh header-backup --file mydisk.img --out mydisk.header

*) Add a new key using an existing keyfile:
sudo luks-img.sh add-key --file mydisk.img --keyfile /path/newkey --existing-keyfile /path/oldkey

When Done - Repeat step #2 to CLOSE

How to make a Compressed backup:

zstd -19 -T0 mydisk.img

How to use the backup:

First close the image from step #2, then:
mv mydisk.img mydisk.old.img
unzstd mydisk.img.zst

If you want to add the image file to a VM:

Virtual Box:

sudo luks-img.sh launch-vbox --file mydisk.img --vm "Ubuntu VM" --start
sudo luks-img.sh detach-vbox --vm "Ubuntu VM"

libvirt/QEMU VM:

sudo luks-img.sh attach-virt --file mydisk.img --vm myvm --target vdb --persistent
sudo luks-img.sh detach-virt --vm myvm --target vdb --persistent

Please NOTE: This will not work on an LXC unprivileged container!

To make it work inside an LXC: You’d need to modify your container config (as root on the host):

lxc.apparmor.profile = unconfined
lxc.cap.drop =
lxc.cgroup.devices.allow = b 7:* rwm     # /dev/loop*
lxc.cgroup.devices.allow = c 10:237 rwm  # /dev/mapper/control
lxc.mount.auto = proc:rw sys:rw
lxc.include = /usr/share/lxc/config/common.conf

And run the container as privileged (security.privileged = true).

Security warning: privileged LXC containers with these capabilities are essentially “mini-VMs” with host-level power. Not recommended on multi-tenant systems!!