You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Robert
f9996d8120
|
4 weeks ago | |
|---|---|---|
| README.MD | 4 weeks ago | |
| luks-img.sh | 4 weeks ago | |
README.MD
LUKS-Encrypted Disk Images on Linux
Using your package manager: (apt, etc...) install the following:
Requires: cryptsetup [Exmaple:$ sudo apt install cryptsetup]
As well as: losetup, mount, umount, findmnt, blkid
Optional: VBoxManage (VirtualBox), virsh (libvirt)
1st Make a symbloic link to your bin path:
sudo ln -s "$(pwd)/luks-img.sh" /usr/local/bin/
Make a folder for images and change into it.
mkdir -p "$HOME/DiskImages"
cd "$HOME/DiskImages"
Quick Starts
Have a passphrase ready in mind and then [mydisk.img could be named anything useful like mydocs.img etc...]:
1) Create & mount a new 4 GB encrypted image:
sudo luks-img.sh create --file mydisk.img --size 4G
2) Close (unmount, close mapper, detach loop):
sudo luks-img.sh close --file mydisk.img
3) Open & mount an existing image [note its easyer if you name the /mnt/mydisk path something like /mnt/mydocs etc... to match the image name]:
sudo luks-img.sh open --file mydisk.img --mount /mnt/mydisk
4) Change DIR perms and change into it.
sudo chown $USER:$USER /mnt/mydisk
cd /mnt/mydisk
NOW copy data to it, and use it...
5) Backup the LUKS header:
sudo luks-img.sh header-backup --file mydisk.img --out mydisk.header
*) Add a new key using an existing keyfile:
sudo luks-img.sh add-key --file mydisk.img --keyfile /path/newkey --existing-keyfile /path/oldkey
When Done - Repeat step #2 to CLOSE
If you want to add the image file to a VM:
Virtual Box:
sudo luks-img.sh launch-vbox --file mydisk.img --vm "Ubuntu VM" --start
sudo luks-img.sh detach-vbox --vm "Ubuntu VM"
libvirt/QEMU VM:
sudo luks-img.sh attach-virt --file mydisk.img --vm myvm --target vdb --persistent
sudo luks-img.sh detach-virt --vm myvm --target vdb --persistent
Please NOTE: This will not work on an LXC unprivileged container!
To make it work inside an LXC: You’d need to modify your container config (as root on the host):
lxc.apparmor.profile = unconfined
lxc.cap.drop =
lxc.cgroup.devices.allow = b 7:* rwm # /dev/loop*
lxc.cgroup.devices.allow = c 10:237 rwm # /dev/mapper/control
lxc.mount.auto = proc:rw sys:rw
lxc.include = /usr/share/lxc/config/common.conf
And run the container as privileged (security.privileged = true).
⚠️ Security warning: privileged LXC containers with these capabilities are essentially “mini-VMs” with host-level power. Not recommended on multi-tenant systems!!