Store Files In An Encrypted Image
Table of Contents
Imagine this scenario: you have files on your computer that you would much rather keep safe. Such files could contain sensitive data such as passwords and bank details. Keeping them on your computer is a convenient solution; however, if your computer was hacked or stolen, someone could easily access your files if your drive wasn’t encrypted. Passwords to unlock your PC are no object to someone who knows what they are doing, especially passwords that are ridiculously weak.
There is a way to store sensitive data safely on your computer with little worry. Simply have an encrypted image file of whatever size you choose that you can mount like you would any other drive.
Prerequisites
You will need to have cryptmount installed. Cryptmount is the tool that will be used to create the encrypted filesystem on your image, and mount and unmount the said image.
Create the Image
We will use the ‘dd’ command to create a file of a certain size, let’s say 128MB. This will act as a virtual drive to store your files in.
$ dd if=/dev/zero of=imageForFiles.img bs=1M count=128
What this does is simply write a bunch of zeros to a file with a block size of 1MB to generate a 128MB file (128 1MB blocks).
Setup the Image for ‘cryptmount’
After installing cryptmount, you will need to edit ‘/etc/cryptmount/cmtab’ to create an entry that will configure the filesystem that you wish to use to store files in. You will need root privileges to edit this file. The man page for cryptmount contains a template that can be used.
We will want to replace ‘/dev/hdb63’ with the location of our 128MB image, next replace ‘opaque’ with whatever target name you wish. I chose the same name as the image file, following the pattern found in the man page.
I also changed the name of the key file to use the same name as the image. The other fields you may change are the mount point (dir), mount options, filesystem type to expect (fstype), cipher, and the key format. For now, for the purposes of this tutorial, we can leave these defaults be. I changed the filesystem type to ext4 but this is optional.
Creating the Filesystem
Once the entry has been created in the cmtab, we can begin to prepare the encrypted filesystem. These commands will again need to be run as root. This is where we begin to use cryptmount. First, we need to generate the key for encryption. Let’s generate a 256-bit key (32 bytes). Whichever key you decide to choose, you will need to make sure it is supported by your chosen cipher, lest you encounter errors. In this case, we will follow the recommendation set by the man page:
$ sudo cryptmount –generate-key 32 imageForFiles
You will be asked to set a password to access the image. After that, prepare the image so that the filesystem can be created:
$ sudo cryptmount –prepare image
ForFilesThis creates the device file, ‘/dev/mapper/imageForFiles’, that allows us to create a filesystem.
The next step involves creating the filesystem using mke2fs. We reference the mapped device created by cryptmount to allow this to happen.
$ sudo mke2fs /dev/mapper/imageForFiles
Once the filesystem is created, we then tell cryptmount to release the mapper device:
$ sudo cryptmount –release imageForFiles
Mounting and Unmounting
Now that the filesystem is ready, we can then mount it and store files into the volume. Mounting and unmounting are done using cryptmount. If the mount point directory does not yet exist, create it before mounting:
$ sudo mkdir /home/crypt
Of course, if it’s in your home directory there no need for root access.
$ cryptmount -m imageForFilesSee
We can use this image without root access. You will be asked for the password when you do this. Then it runs e2fsck to check the filesystem.
Of course, if it’s in your home directory there no need for root access.
$ cryptmount -m imageForFilesSee
We can use this image without root access. You will be asked for the password when you do this. Then it runs e2fsck to check the filesystem.
Your image is mounted. You will need to transfer ownership of the “drive” to your own user from root in order to freely modify the contents of the image:
$ sudo chown your_username /home/crypt
You can access and modify files like you would any other drive. Once finished, simply unmount:
$ cryptmount -u imageForFiles
My Recommendations
I do have a few tips that may be very beneficial.
- Putting encrypted images into a folder outside of your home directory (so that only root has access to the file itself) is not a bad idea if you are worried about security.
- When naming targets in the cmtab file, use the name of the image files so as to avoid confusion.
- Try out different ciphers.
Conclusion
Hopefully, this tutorial highlighted the simplicity of safely storing sensitive data on your computer using encrypted images. Encrypted images on your computer are easy to setup and even easier to use cryptmount.
LinuxAndUbuntu Newsletter
Join the newsletter to receive the latest updates in your inbox.