Wednesday, June 15, 2016

LUKS Containers

This post demostrates how to create LUKS encrypted container. Basically I followed these steps to create and mount such a container.

To sum up for TLDR persons (: here are the few basic steps you have to follow:

1. Creating new container
# NOTE: use sudo, or switch to root for following operations
# create 10MB container
dd if=/dev/urandom of=LUKSContainer bs=1M count=10

# find free loop device and attach the container
losetup $(losetup -f) LUKSContainer
losetup -l

# initialize LUKS partition and create passphrase
cryptsetup luksFormat /dev/loop0

# open the container
cryptsetup open --type luks /dev/loop0 LUKSContainerDEV
ll /dev/mapper/

# create FS
mkfs.ext4 -L LUKSContainer /dev/mapper/LUKSContainerDEV

# close the container and detach loop device
cryptsetup close /dev/mapper/LUKSContainerDEV
losetup -d /dev/loop0

After completing the 1st step, you should have your LUKS container. Now the 2nd step...

2. Mounting and umounting the container 
# attach the container to loop device, open the device and mount it
# first, set the container name (or path)
CONTAINER=LUKSContainer

losetup $(losetup -f) $CONTAINER
cryptsetup open --type luks $(losetup -l | grep $CONTAINER | awk '{print $1}') ${CONTAINER}DEV
mount /dev/mapper/${CONTAINER}DEV /mnt/LUKS

# Umount, close and detach
umount /mnt/LUKS
cryptsetup close ${CONTAINER}DEV
losetup -d $(losetup -l | grep $CONTAINER | awk '{print $1}')

Such container provides password protected and encrypted FS with your files.
The 3rd step shows how to resize the container in case you are running out of space.

3. Resizing container 
# first, set the container name (or path)
CONTAINER=LUKSContainer

# change size of the container
truncate -s 20M $CONTAINER

# attach and open the device
losetup $(losetup -f) $CONTAINER
cryptsetup open --type luks $(losetup -l | grep $CONTAINER | awk '{print $1}') ${CONTAINER}DEV

# check the FS and resize
e2fsck -f /dev/mapper/${CONTAINER}DEV
resize2fs /dev/mapper/${CONTAINER}DEV

# mount and check the FS size
mount /dev/mapper/${CONTAINER}DEV /mnt/LUKS
df -h /mnt/LUKS

NOTE: resizing works well if you're adding FS size. If you want to create smaller container, well you could probably defragment the container and change the size, however, I would rather create new, smaller one and copy/move data.
Posted by krisko at 8:50 PM
Labels: , , , , ,

1 comment:

  1. JonApril 20, 2022 at 5:35 PM

    Thank you! Worked like a charm first try. Saved me some digging and trial&error.

    ReplyDelete

Subscribe to: Post Comments (Atom)